Skip to main content

About Elastic Load Balancing (ELB)

The Elastic Load Balancing connector inventories listeners, rules, target groups, and health checks for Application, Network, and Classic load balancers. Iru uses sts:AssumeRole with your IAM role and an external ID (no traffic manipulation), metadata only.

How It Works

Iru runs in its own AWS account. To read Elastic Load Balancing configuration in your account, you create an IAM role with a trust policy (sts:AssumeRole + wizard External ID) and read-only elasticloadbalancing: (and supporting ec2:Describe* where needed). You paste the role’s ARN back into Iru. Attach ElasticLoadBalancingReadOnly, or use the inline policy below (elasticloadbalancing:Describe* plus supporting ec2:Describe* calls ELB consoles typically need).
DetailValue
CategoryNetworking
AuthenticationCross-account IAM role

Prerequisites

  • IAM admin rights in the account that owns load balancers.
  • Connector principal + external ID from Iru.

Connect Elastic Load Balancing to Iru

Start here: open the source wizard and copy the trust policy (and note the external ID). When you are ready to create the role in AWS, switch to the AWS tab and follow Create the IAM role in AWS. After you have the Role ARN, return to the Iru Compliance tab and complete Submit the role ARN in Iru below.

Get the trust policy from Iru

1

Open Sources

In Iru Compliance, on the left navigation bar, expand Compliance and select Sources.
Left navigation: Compliance expanded, Sources selected
2

Turn on Elastic Load Balancing

Find Elastic Load Balancing or AWS ELB (use Category or Search by name or description). On that card, turn on the toggle. Leave the Iru is requesting access to external services wizard tab open.
3

Copy the trust policy JSON

Copy the trust policy exactly as shown in the wizard. The JSON below is an example of the shape IAM expects for the role Trust policy editor (full document with Version and Statement). Always use the principal and external ID from your live wizard if they differ.
copy=false
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::753695775620:role/IruConnect"
      },
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "YOUR_EXTERNAL_ID"
        }
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
4

Switch to AWS to create the role

Keep the Iru wizard tab open for reference, then switch to the AWS tab and follow Create the IAM role in AWS.

Submit the role ARN in Iru

Finish the AWS tab first (through Create the IAM role in AWS) so you have the Role ARN from the new role.
1

Paste the IAM Role ARN

In the wizard tab from Iru, paste the Role ARN you copied from AWS into the field the wizard provides.
2

Finish the connection

Click Submit Role. When the connection succeeds, the wizard shows Connection Configured.
3

Confirm the source is Active

Close the Iru is requesting access to external services browser tab, then return to ComplianceSources and confirm the AWS ELB card is Active.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
Fix external ID typos.
Ensure Describe coverage spans the balancer generations you still run.

Considerations

Inventory work is Regional: every enabled Region may…

Inventory work is Regional, so every enabled Region may be queried.

Sources Management

Browse and manage every Compliance source.

Getting Started With Compliance

Frameworks, actions, and Artifacts.

Iru Overview

How Endpoint, Compliance, and Identity fit together.

Artifacts Management

Upload, review, and organize evidence from sources and actions.