AWS Elastic Load Balancing (ELB)
  1. Knowledge Base
  2. AWS Knowledge Base
  3. AWS Elastic Load Balancing (ELB)

ELB Connection Draining Disabled

Risk Level: Low

Description: 

This plugin guarantees that connection draining is enabled on AWS ELBs. Connection draining ensures that a Classic Load Balancer avoids delivering requests to instances that are de-registering or unhealthy while keeping the current connections open.

PingSafe strongly recommends updating ELBs to enable connection draining.

About the Service :

The Amazon ECS service may be configured to employ Elastic Load Balancing to uniformly distribute traffic among your service's jobs. The transport layer (TCP/SSL) or the application layer (HTTP/HTTPS) are where a Classic Load Balancer makes routing choices. A fixed relationship between the load balancer port and the container instance port is presently required by traditional load balancers.

Impact : 

This feature enables improved resource management behind the Elastic Load Balancer, such as the replacement of backend instances without affecting the user experience. Taking an instance out of operation and replacing it with a new EC2 instance with updated software, for example, while maintaining open network connections. 

Steps to reproduce :

  1. Login to your AWS Management Console.
  2. Navigate to the EC2 console.
    https://ap-south-1.console.aws.amazon.com/ec2/ 
  3. Click on Load Balancers under Load Balancing.
  4. Select your load balancer and then navigate to the Instances tab, check if the connection draining status is enabled.
  5. Repeat steps for other load balancers as well.

Steps for remediation :

  1. Login to your AWS Management Console.
  2. Navigate to the EC2 console.
  3. https://ap-south-1.console.aws.amazon.com/ec2/ 
  4. Click on Load Balancers under Load Balancing.
  5. Select your load balancer and then navigate to the Instances tab, check if the connection draining status is enabled.
  6. Click on the Edit button adjacent to the Connection draining and click on enable.
  7. Repeat steps for other load balancers as well.

References: