AWS Elastic Load Balancing (ELB)
  1. Knowledge Base
  2. AWS Knowledge Base
  3. AWS Elastic Load Balancing (ELB)

Classic Load Balancers In Use

Risk Level: Low

Description: 

This plugin guarantees that HTTP/HTTPS applications use Application Load Balancer rather than Classic Load Balancer for load balancing. For cost and web traffic distribution optimization, HTTP/HTTPS applications should employ Application Load Balancer instead of Classic Load Balancer.

PingSafe strongly recommends detaching Classic Load balancer from HTTP/HTTPS applications and attach Application Load Balancer to those applications

About the Service :

The Amazon ECS service may be configured to employ Elastic Load Balancing to uniformly distribute traffic among your service's jobs. The transport layer (TCP/SSL) or the application layer (HTTP/HTTPS) are where a Classic Load Balancer makes routing choices. A fixed relationship between the load balancer port and the container instance port is presently required by traditional load balancers.

Impact : 

Classic AWS ELB does not provide enhanced web traffic distribution, better flexibility over routing, improved health checks, monitoring and access logging.

Steps to reproduce :

  1. Login to your AWS Management Console.
  2. Navigate to EC2 console.
    https://ap-south-1.console.aws.amazon.com/ec2/ 
  3. Click on Load Balancers under Load Balancing.
  4. In the Load Balancer Attributes column, select the Type checkbox inside the Show/Hide Columns dialogue box and then click Close to return to the ELB dashboard.
  5. Select the load balancer that you want to examine and then check the Type column. If the value displayed in this column is classic, the type of the selected load balancer is Classic Load Balancer (ELB).
  6. Repeat steps for other load balancers as well.

Steps for remediation :

  1. Login to your AWS Management Console.
  2. Navigate to the EC2 console.
  3. https://ap-south-1.console.aws.amazon.com/ec2/ 
  4. Click on Load Balancers under Load Balancing.
  5. In the Load Balancer Attributes column, select the Type checkbox inside the Show/Hide Columns dialogue box and then click Close to return to the ELB dashboard.
  6. Select the load balancer that you want to examine and then check the Type column. If the value displayed in this column is classic, the type of the selected load balancer is Classic Load Balancer (ELB).
  7. We will replace the classic load balancer with ALB. We will note the values of different columns of our ELB including the Description, Instances, Health check , Listeners , and Tags.
  8. Next, we will click on Create Load Balancer and then select Application Load Balancer and click Create.
  9. Fill in the necessary configuration in the Basic Configuration section.
  10. Fill out the Network mapping, Security groups, Listeners and Routing and Tags and then click Create load balancer.
  11. Once you have made this configuration and the ALB is activated select the previous Classic load balancer and click on Delete in the Actions section.
  12. Repeat steps for other load balancers as well.

References: