AWS Elastic Load Balancing (ELB)
  1. CNS Policies
  2. AWS Knowledge Base
  3. AWS Elastic Load Balancing (ELB)

ELB Without Backbone Servers

Risk Level: Low

Description: 

This plugin identifies ELBs that are missing their backend servers. Backend server resources should be available to all ELBs. Those who don't have any are wasting money by not delivering any functionality. Additionally, if new instances are unintentionally tied to old ELBs with no instances, it poses a security risk.

PingSafe strongly recommends deleting old ELBs that no longer have backend resources.

About the Service :

The Amazon ECS service may be configured to employ Elastic Load Balancing to uniformly distribute traffic among your service's jobs. The transport layer (TCP/SSL) or the application layer (HTTP/HTTPS) are where a Classic Load Balancer makes routing choices. A fixed relationship between the load balancer port and the container instance port is presently required by traditional load balancers.

Impact : 

The availability and stability of your load-balanced applications will increase if you have a balanced distribution of EC2 instances across all AZs. The more the number of Availability Zones designated and the wider the spread, the greater the redundancy and availability of your load balancing setup.

Steps to reproduce :

  1. Login to your AWS Management Console.
  2. Navigate to the EC2 console.
    https://ap-south-1.console.aws.amazon.com/ec2/ 
  3. Click on Load Balancers under Load Balancing.
  4. Select your load balancer and then navigate to the Description tab, check if the Cross-Zone load Balancing status is enabled. If it is not enabled, enable it.
  5. Examine the Instance count values in the Edit Availability zones section, under the Instances tab. If they are not even that means the instances are not evenly distributed.
  6. Repeat the steps for other ELBs.

Steps for remediation :

  1. Login to your AWS Management Console.
  2. Navigate to the EC2 console.
    https://ap-south-1.console.aws.amazon.com/ec2/ 
  3. Click on Load Balancers under Load Balancing.
  4. Select the web-tier ELB that you want to reconfigure and click on the edit button in the Instances tab.
  5. Add or remove subnets in the Add and Remove subnet dialogue box and click Save. 
  6. Relaunch one of the backend instances in the newly added AZ to complete the migration. Create an Amazon Machine Image from the instance to begin the migration process. To re-create the instance in a new Availability Zone inside the same AWS region, you'll need the image.
  7. Use the AMI to re-create the EC2 instance in the new Availability Zone once it's ready. 
  8. To migrate the public IP reference, copy the Elastic IP (EIP) from the source EC2 instance to the new instance.
  9. Once you've confirmed that your new EC2 instance is operating flawlessly in the new AZ, add it to the load balancer and delete the source backend instance from the ELB settings.
  10. Repeat these procedures to configure any other Amazon ELBs in the current region.

References: