Exposure Scanner Scan My Account
Exposure Scanner / Elastic Load Balancer

Load Balancer Public Exposure

Are your load balancers exposing internal services to the internet?

What this looks like in the scanner
securecompass.io/public-exposure-scanner
High
internal-api-alb
Application Load Balancer is internet-facing but serves internal-only API services
High
staging-web-alb
Internet-facing ALB exposing staging environment without IP restriction
Medium
admin-portal-nlb
Network Load Balancer exposes admin interface on port 8443 to the public internet

What does Elastic Load Balancer public exposure mean?

Internet-facing load balancers are often intentional - they serve your public-facing applications. The risk comes from load balancers that are unintentionally public, exposing internal APIs, admin interfaces, or development environments to the internet.

Why it matters

An internal service exposed through a public load balancer bypasses your network security model. Internal APIs often have weaker authentication because they were designed to be called within the VPC, not from the internet.

How to check manually

  1. 1Open EC2 console → Load Balancers and check the "Scheme" column (internet-facing vs internal)
  2. 2Review listener rules for services that should be internal-only
  3. 3Check security groups attached to the load balancer
  4. 4Verify target groups are routing to the correct instances

Quick check with AWS CLI

Find all internet-facing load balancers
aws elbv2 describe-load-balancers --query "LoadBalancers[?Scheme=='internet-facing'].{Name:LoadBalancerName,DNS:DNSName,Type:Type}"
Check listeners on a specific load balancer
aws elbv2 describe-listeners --load-balancer-arn YOUR_LB_ARN --query "Listeners[].{Port:Port,Protocol:Protocol,DefaultActions:DefaultActions[0].Type}"
Find classic load balancers that are internet-facing
aws elb describe-load-balancers --query "LoadBalancerDescriptions[?Scheme=='internet-facing'].{Name:LoadBalancerName,DNS:DNSName}"

Common misconfigurations

Load balancer created as internet-facing instead of internal
Development or staging services behind a public ALB
Admin endpoints accessible through the same public load balancer as the application
Health check endpoints exposing internal status information

Check all 22 resource types at once

Instead of checking each service manually, scan your entire AWS account and see every public exposure ranked by risk.

Scan My Account

Related exposure types

Amazon EC2
Are your EC2 instances accessible from the internet through open security groups?
Amazon VPC
Does your VPC configuration allow unintended internet access?
API Gateway
Are your API endpoints accessible without proper authentication?