π‘οΈ AWS ELB Load Balancer is not registered to multiple Availability Zonesπ’
- Contextual name: π‘οΈ Load Balancer is not registered to multiple Availability Zonesπ’
- ID:
/ce/ca/aws/elb/load-balancer-multiple-az - Tags:
- π’ Policy with categories
- π’ Policy with type
- π’ Production policy
- Policy Type:
COMPLIANCE_POLICY - Policy Categories:
RELIABILITY
Logicβ
- π§ prod.logic.yamlπ’
Similar Policiesβ
- AWS Security Hub: [ELB.13] Application, Network and Gateway Load Balancers should span multiple Availability Zones
- AWS Security Hub: [ELB.10] Classic Load Balancer should span multiple Availability Zones
Descriptionβ
Descriptionβ
This policy identifies AWS ELB Load Balancers (Classic, Application, Network, Gateway) that are not configured to distribute traffic across multiple Availability Zones.
Rationaleβ
Configuring a load balancer to span multiple Availability Zones enhances availability and fault tolerance. When a load balancer node is deployed in only one Availability Zone, it becomes a single point of failure. If that AZ experiences an outage, both the load balancer node and the associated application may become unavailable.
Impactβ
A load balancer restricted to a single Availability Zone poses a significant risk of service interruption. Any outage in that zone can result in complete application downtime, potentially affecting user experience and business continuity.
Auditβ
This policy flags an AWS ELB Load Balancer as
INCOMPLIANTif itsAvailability Zonesfield includes only one AZ.
Remediationβ
Remediationβ
The Load Balancer should be configured to use subnets in at least two different Availability Zones.
Configure Subnetsβ
From Command Lineβ
For Application, Network and Gateway Load Balancersβ
aws elbv2 set-subnets \
--load-balancer-arn {{load-balancer-arn}} \
--subnets {{subnet-id1}} {{subnet-id2}}For a Classic Load Balancerβ
aws elb attach-load-balancer-to-subnets \
--load-balancer-name {{load-balancer-name}} \
--subnets {{subnet-id1}} {{subnet-id2}}