Ensure that your app-tier Elastic Load Balancers (ELBs) are using the right health check configuration in order to monitor the availability of the EC2 instances registered to the ELBs through application layer. An application layer health check is an HTTP-based test performed periodically by an AWS ELB to determine the availability of the EC2 instances associated with the load balancer. The status of the backend instances that are healthy at the time of the health check is set to "InService" and the status of any instances that are unhealthy at the time of the health check is set to "OutOfService". When an AWS ELB determines that an EC2 backend instance is unhealthy, it stops routing requests to that instance. The ELB resource resumes routing requests to the backend instance when it has been restored to a healthy state. This conformity rule assumes that all AWS resources created in your app tier are tagged with <app_tier_tag>:<app_tier_tag_value>, where <app_tier_tag> is the tag name and <app_tier_tag_value> is the tag value. Prior to running this rule by the Cloud Conformity engine, the app-tier tags must be configured in the rule settings, on your Cloud Conformity account dashboard.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Improve the reliability of the applications behind your app-tier ELBs by using the appropriate health check configuration. Cloud Conformity recommends that you always use application layer health checks instead of TCP health checks for your app-tier load balancers.
Note: Make sure that you replace all <app_tier_tag>:<app_tier_tag_value> tag placeholders found in the conformity rule content with your own tag name and value created for the app tier.
Audit
To determine if your app-tier ELBs are using the suitable health check configuration, perform the following actions:
Remediation / Resolution
To update your app-tier ELBs configuration in order to use application layer health checks instead of TCP health checks (where a specified TCP port is checked to make sure is accepting connections), perform the following actions:
References
- AWS Documentation
- What Is Elastic Load Balancing?
- Configure Health Checks for Your Classic Load Balancer
- Troubleshoot a Classic Load Balancer: Health Checks
- CIS Amazon Web Services Foundations
- AWS Command Line Interface (CLI) Documentation
- elb
- describe-load-balancers
- describe-tags
- configure-health-check
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
App-Tier ELBs Health Check
Risk level: High