Ensure that ELB target group has a health check enabled
When the health check is setup, the load balancer performs health checks on all registered instances, whether the instance is in a healthy state or an unhealthy state. The load balancer routes requests only to the healthy instances. When the load balancer determines that an instance is unhealthy, it stops routing requests to that instance.
Risk Level: Low
Cloud Entity: AWS ElasticLoadBalancingV2 TargetGroup
CloudGuard Rule ID: D9.CFT.NET.12
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
AWS_ElasticLoadBalancingV2_TargetGroup should have HealthCheckEnabled='true'
REMEDIATION
From CFT
Set AWS::ElasticLoadBalancingV2::TargetGroup HealthCheckEnabled
to true and configure other health check parameters as needed.
References
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-healthcheckenabled
- https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html
AWS ElasticLoadBalancingV2 TargetGroup
Specifies a target group for an Application Load Balancer, a Network Load Balancer, or a Gateway Load Balancer.If the protocol of the target group is TCP, TLS, UDP, or TCP_UDP, you can't modify the health check protocol, interval, timeout, or success codes.Before you register a Lambda function as a target, you must create a AWS::Lambda::Permission resource that grants the Elastic Load Balancing service principal permission to invoke the Lambda function.
Compliance Frameworks
- AWS CloudFormation ruleset
Updated over 1 year ago