Open menu
-->

Enable AWS ELB Cross-Zone Load Balancing

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Reliability

Risk level: Medium (should be achieved)

By using at least two subnets in different Availability Zones with the Cross-Zone Load Balancing feature enabled, your ELBs can distribute the traffic evenly across all backend instances. To use Cross-Zone Load Balancing at optimal level, Amazon recommends maintaining an equal EC2 capacity distribution in each of the AZs registered with the load balancer.

This rule resolution is part of the Cloud Conformity Base Auditing Package

Enabling Cross-Zone Load Balancing makes it easier to deploy and manage applications that run across multiple subnets in different Availability Zones. This would also guarantee better fault tolerance and more consistent traffic flow. If one of the availability zones registered with the ELB fails (as result of network outage or power loss), the load balancer with the Cross-Zone Load Balancing activated would act as a traffic guard, stopping any request being sent to the unhealthy zone and routing it to the other zone(s). Note: no extra charges — with cross-zone load balancing implemented, Amazon will not charge for data transfer between the load balancer nodes and backend instances.

Audit

To determine if Cross-Zone Load Balancing is enabled, you need to perform the following:

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to EC2 dashboard

03 In the navigation panel, under Load balancing, click Load Balancers.

04 Select your Elastic Load Balancer.

05 Select the Description tab from the bottom panel.

06 Check if the Cross-Zone Load Balancing status is enabled:

Checking if Cross-Zone Load Balancing status on the AWS Console

Using AWS CLI

01 Run describe-load-balancer-attributes command (OSX/Linux/UNIX) to check if the Cross-Zone Load Balancing feature is enabled for your ELB:

aws elb describe-load-balancer-attributes
	--load-balancer-name MyWebELB

02 The command output should expose the Cross-Zone Load Balancing status (disabled in this case):

{
	"LoadBalancerAttributes": {
		"ConnectionDraining": {
			"Enabled": false,
			"Timeout": 300
		},
		"CrossZoneLoadBalancing": {
			"Enabled": false
		},
		"ConnectionSettings": {
			"IdleTimeout": 60
		},
		"AccessLog": {
			"Enabled": false
		}
	}
}

Remediation / Resolution

To enable Cross-Zone Load Balancing with at least two subnets in different AZs, you need to perform the following:

Using AWS Console

01 Login to the AWS Management Console.

02 Navigate to EC2 dashboard

03 In the navigation panel, under Load balancing, click Load Balancers.

04 Select your Elastic Load Balancer.

05 Select the Description tab from the bottom panel.

06 Find the Cross-Zone Load Balancing status and click (Edit):

Find the Cross-Zone Load Balancing status on the AWS Console

07 In the Configure Cross-Zone Load Balancing dialog box, select Enable:

Enable Cross-Zone Load Balancing on the AWS Console

and click Save.

08 Select the Instances tab from the bottom panel and click Edit Availability Zones button.

09 In the Add and Remove Subnets dialog box, under Available Subnets, click the + button to add more subnets to the current ELB configuration and click Save.

Using AWS CLI

01 Run the following command (OSX/Linux/UNIX) to enable Configure Cross-Zone Load Balancing feature via AWS CLI:

aws elb modify-load-balancer-attributes \
	--load-balancer-name MyWebELB \
	--load-balancer-attributes "{\"CrossZoneLoadBalancing\":{\"Enabled\":true}}"

02 The command response output should look like the following:

{
	"LoadBalancerAttributes": {
		"CrossZoneLoadBalancing": {
			"Enabled": true
		}
	},
	"LoadBalancerName": "MyWebELB"
}

03 Run attach-load-balancer-to-subnets command (OSX/Linux/UNIX) to add one or more available subnets to the existing AZ configuration for the selected load balancer:

aws elb attach-load-balancer-to-subnets \
	--load-balancer-name MyWebELB \
	--subnets subnet-df0e1cab subnet-91625dd7 subnet-aaafce90

04 The command output should look like the following:

{
   "Subnets": [
   	"subnet-d2427bfc",
   	"subnet-df0e1cab",
   	"subnet-91625dd7",
   	"subnet-aaafce90"
   ]
 }

References

Publication date Apr 1, 2016