Auto Scaling Groups with Load Balancer Rule
Ensure compliance by using health checks in Auto Scaling groups with load balancer.
| Rule | Auto Scaling groups with a load balancer should use health checks |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Critical |
Rule Description
Auto Scaling groups with a load balancer should use health checks to ensure the instances within the group are healthy and able to handle incoming traffic. This rule is aligned with the NIST 800-171 Revision 2 security framework, which focuses on protecting Controlled Unclassified Information (CUI) in non-federal systems and organizations.
Troubleshooting Steps
- 1.
Verify if Auto Scaling groups are configured with a load balancer: Check the Auto Scaling groups in your environment and ensure that they are associated with a load balancer. This can be done by reviewing the configuration of the Auto Scaling groups.
- 2.
Check if health checks are enabled: Verify if health checks are enabled for the load balancer. Health checks periodically assess the status of the instances behind the load balancer and determine their ability to handle incoming requests.
- 3.
Review health check configuration: Ensure that the health check settings are properly configured on the load balancer. Check the interval, timeout, and threshold values to ensure they align with your application requirements.
- 4.
Inspect instances marked as unhealthy: If any instances are marked as unhealthy, investigate the underlying cause. This may involve troubleshooting issues related to network connectivity, unresponsive applications, or insufficient resources on the instances.
Necessary Codes
There are no specific codes associated with enabling health checks for Auto Scaling groups with a load balancer. Configuration of health checks can be performed directly through the AWS Management Console or programmatically using AWS SDKs or Command Line Interface (CLI) commands.
Step-by-step Guide for Remediation
To enable health checks for Auto Scaling groups with a load balancer, follow these steps:
- 1.
Open the AWS Management Console or use the AWS CLI to access your AWS resources.
- 2.
Identify the Auto Scaling group associated with the load balancer.
- 3.
Go to the EC2 Auto Scaling page and find the desired Auto Scaling group.
- 4.
Select the Auto Scaling group and navigate to the "Details" tab.
- 5.
Under the "Health check type" section, ensure that the health check type is set to "ELB".
- 6.
Specify the desired health check settings such as the interval, timeout, and threshold values.
- 7.
Save the changes to apply the health check configuration.
- 8.
Verify that the instances within the Auto Scaling group are marked as healthy by checking the load balancer's health check status.
By following these steps, you will successfully enable health checks for Auto Scaling groups with a load balancer, ensuring the instances behind the load balancer are healthy and capable of handling incoming traffic. This implementation aligns with the NIST 800-171 Revision 2 security requirements.