AWS Elastic Load Balancing (ELB)
  1. CNS Policies
  2. AWS Knowledge Base
  3. AWS Elastic Load Balancing (ELB)

ELB Cross-Zone Load Balancing Disabled

Risk Level: Low

Description: 

This plugin guarantees that cross-zone load balancing is enabled on AWS ELBs. Cross-zone load balancing should be configured on AWS ELBs to distribute traffic evenly across registered instances in all enabled Availability Zones.

PingSafe strongly recommends updating AWS ELB to enable cross-zone load balancing.

About the Service :

The Amazon ECS service may be configured to employ Elastic Load Balancing to uniformly distribute traffic among your service's jobs. The transport layer (TCP/SSL) or the application layer (HTTP/HTTPS) are where a Classic Load Balancer makes routing choices. A fixed relationship between the load balancer port and the container instance port is presently required by traditional load balancers.

Impact : 

It's easier to install and maintain applications that operate across several subnets in various Availability Zones when Cross-Zone Load Balancing is enabled. This would also provide higher fault tolerance and traffic flow consistency.

Steps to reproduce :

  1. Login to your AWS Management Console.
  2. Navigate to the EC2 console.
    https://ap-south-1.console.aws.amazon.com/ec2/ 
  3. Click on Load Balancers under Load Balancing.
  4. Select your load balancer and then navigate to the Description tab, check if the Cross-Zone load Balancing status is enabled.
  5. Repeat steps for other load balancers as well.

Steps for remediation :

  1. Login to your AWS Management Console.
  2. Navigate to the EC2 console.
    https://ap-south-1.console.aws.amazon.com/ec2/ 
  3. Click on Load Balancers under Load Balancing.
  4. Select your load balancer and then navigate to the Description tab, check if the Cross-Zone load Balancing status is enabled.
  5. Click on the Edit button adjacent to the Cross-Zone load Balancing and click on enable.
  6. Repeat steps for other load balancers as well.

References: