Risk Level: Medium
Description:
This plugin guarantees that elastic load balancers have deletion protection enabled. To avoid the unintentional deletion of live resources in production environments, elastic load balancers should be configured with deletion protection.
PingSafe strongly recommends updating ELBv2 load balancers to use deletion protection to prevent accidental deletion.
About the Service :
The Amazon ECS service may be configured to employ Elastic Load Balancing to uniformly distribute traffic among your service's jobs. The transport layer (TCP/SSL) or the application layer (HTTP/HTTPS) are where a Classic Load Balancer makes routing choices. A fixed relationship between the load balancer port and the container instance port is presently required by traditional load balancers.
Impact :
The absence of this plugin may result in the accidental deletion of live resources in production environments.
Steps to reproduce :
- Login to your AWS Management Console.
- Navigate to the EC2 console.
https://ap-south-1.console.aws.amazon.com/ec2/
- Click on Load Balancers under Load Balancing.
- Select the load balancer that you want to examine.
- In the Description tab, scroll down and navigate to the Attributes tab and check if the Deletion Protection is set to enabled. If it is set to disable, that suggests that the deletion protection is not configured.
- Repeat steps for other EC2 load balancers as well.
Steps for remediation :
- Login to your AWS Management Console.
- Navigate to the EC2 console.
https://ap-south-1.console.aws.amazon.com/ec2/ - Click on Load Balancers under Load Balancing.
- Select the load balancer that you want to examine.
- In the Description tab, scroll down and navigate to the Attributes tab and check if the Deletion Protection is set to enabled. If it is set to disable, that suggests that the deletion protection is not configured.
- Click on Edit Attributes and then select enable and click Save.
- Repeat steps for other EC2 load balancers as well.
References: