Load Balancer Does Not Span Multiple Availability Zones

Overview

This control checks if an Elastic Load Balancer V2 (Application, Network, or Gateway Load Balancer) has instances registered from multiple Availability Zones. The check does not pass if an Elastic Load Balancer V2 has instances registered in fewer than two Availability Zones.

Elastic Load Balancing automatically distributes incoming traffic across various targets, including EC2 instances, containers, and IP addresses, in one or more Availability Zones. The load balancer scales dynamically in response to changes in incoming traffic. It is advisable to configure the load balancer with a minimum of two availability zones to ensure service availability. This configuration allows the Elastic Load Balancer to redirect traffic to another availability zone in case one becomes unavailable, thereby eliminating the risk of a single point of failure for the application.

Vendor

AWS

Cloud Service

ELBv2

NIST.800-53.r5 CP-10, NIST.800-53.r5 CP-6(2), NIST.800-53.r5 SC-36, NIST.800-53.r5 SC-5(2), NIST.800-53.r5 SI-13(5)

ELB.13

References

https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-13

Severity

Item Types

AWS::ElasticLoadBalancingV2::LoadBalancer

Overview​

Vendor​

Cloud Service​

Related Requirements​

Related Controls​

References​

Severity​

Item Types​