AWS Elastic Load Balancing (ELB)
  1. Knowledge Base
  2. AWS Knowledge Base
  3. AWS Elastic Load Balancing (ELB)

ELB Deregistration Delay Not Configured

Risk Level: Low

Description: 

This plugin configures the deregistration delay for AWS ELBv2 target groups. Deregistration delay should be adjusted for AWS elastic target groups to aid in the completion of in-flight requests to the target.

PingSafe strongly recommends updating ELBv2 target group attributes and set the deregistration delay value.

About the Service :

The Amazon ECS service may be configured to employ Elastic Load Balancing to uniformly distribute traffic among your service's jobs. The transport layer (TCP/SSL) or the application layer (HTTP/HTTPS) are where a Classic Load Balancer makes routing choices. A fixed relationship between the load balancer port and the container instance port is presently required by traditional load balancers.

Impact : 

AWS elastic target groups should have deregistration delay configured to help in-flight requests to the target to complete.

Steps to reproduce :

  1. Login to your AWS Management Console.
  2. Navigate to the EC2 console.
    https://ap-south-1.console.aws.amazon.com/ec2/ 
  3. Click on Target Groups under Load Balancing.
  4. Select the target group that you want to examine.
  5. Look at the Attributes of the load balancer and check if the Deregistration Delay is set or not.
  6. Repeat steps for other load balancers as well.

Steps for remediation :

  1. Login to your AWS Management Console.
  2. Navigate to the EC2 console.
    https://ap-south-1.console.aws.amazon.com/ec2/ 
  3. Click on Target Groups under Load Balancing.
  4. Select the target group that you want to examine.
  5. Look at the Attributes of the load balancer and check if the Deregistration Delay is set or not.
  6. If it is not set click on Edit and then set the deregistration delay and press Save.
  7. Repeat steps for other load balancers as well.


References: