ELB Healthcheck not Enabled for Auto Scaling Group

Overview

Elastic Load Balancing automatically distributes your incoming application traffic across your EC2 instances. ELBs (and classic load balancers) can be attached to your Auto Scaling group.

By default, Auto Scaling groups are subject to EC2 instance health checks, but these do not measure the ability of Auto Scaling groups to effectively load balance. To ensure that your Auto Scaling group passes load balancer health tests, configure the Auto Scaling group to use Elastic Load Balancing (ELB) health checks as well as the EC2 health checks.

Remediation Notes:

If any of an Auto Scaling group's attached load balancers / target groups appear to be unhealthy based on the health checks, the Auto Scaling group will replace the instance. The load balancer and its target group must be in the same Region as your Auto Scaling group. The target group must specify a target type of instance. (You can't specify a target type of IP). Alternatively to enabling ELB health checks, you could create a CloudWatch alarm that notifies you if the healthy host count of the target group is lower than allowed.

Vendor

AWS

Cloud Service

Auto Scaling

PCI DSS 2.2

AutoScaling.1

References

https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-add-elb-healthcheck.html, https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-load-balancer.html, https://docs.aws.amazon.com/autoscaling/ec2/userguide/examples-elastic-load-balancing-aws-cli.html#example-add-elb-healthcheck - https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_DescribeAutoScalingGroups.html

Severity

Item Types

AWS::AutoScaling::AutoScalingGroup

Overview​

Vendor​

Cloud Service​

Related Requirements​

Related Controls​

References​

Severity​

Item Types​