SecurityHub ELB.4 - DropHttpHeaders Default to false - support bool routing.http.drop_invalid_header_fields.enabled

[riverad03]

Problem to Solve

Security Hub Issue ELB.4 can not be supported without the support of the drop_invalid_header_fields.enabled bool configuration Allowing for this change to ALB configurations of Kube clusters. This control evaluates AWS Application Load Balancers (ALB) to ensure they are configured to drop http headers. By default, ALBs are not configured to drop invalid http header values.

What is the goal of the topic? (optional)

To allow a setting in aws-load-balancer-controller and then to ensure ALB configured by aws-load-balancer-controller will be properly configure an ALB to dropInvalidHttpHeaders when the boolean is configured to True

Impact

This will allow Security Hub Issue ELB.4 to be support in aws-load-balancer-controller

Solution

What needs to be changed Change code that manages ALB configuration and allow for the dropInvalidHttpHeaders.enabled value to be set, and then implement the configuration change on the ALB implementation code to support the configuration

Create test cases for this configuration

Acceptance Criteria

Test run showing the setting set, and the mock has the value set or not set