Ensure that your web-tier Classic Load Balancer is using the appropriate health check configuration in order to monitor the availability of the EC2 instances associated with the load balancer through application layer. An application layer health check is an HTTP-based test performed periodically to determine the availability of the EC2 instances registered to the load balancer. The status of the backend instances that are healthy at the time of the health check is "InService" and the status of the instances that are unhealthy at the time of the health check is "OutOfService". When a load balancer determines that a backend EC2 instance is unhealthy, it stops routing requests to that instance. The load balancer resumes routing requests to the backend instance when it has been restored to a healthy state. This conformity rule assumes that all the AWS cloud resources created within your web tier are tagged with <web_tier_tag>:<web_tier_tag_value>, where <web_tier_tag> represents the tag name and <web_tier_tag_value> represents the tag value. Before running this rule by the Trend Cloud One™ – Conformity engine, the web-tier tags must be configured in the rule settings, on your Conformity account console.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Improve the reliability of the applications behind your web-tier Classic Load Balancer by using the right health check configuration. Always use application layer health checks instead of TCP health checks (where a specified TCP port is probed to make sure it is accepting connections) for your web-tier Classic Load Balancer.
Note: Make sure that you replace all <web_tier_tag>:<web_tier_tag_value> tag placeholders outlined in the conformity rule content with your own tag set created for the web tier.
Audit
To determine if your web-tier Classic Load Balancers are using the right health check configuration, perform the following actions:
Remediation / Resolution
To reconfigure your web-tier Classic Load Balancer in order to use application layer health checks instead of TCP health checks, perform the following operations:
References
- AWS Documentation
- What Is Elastic Load Balancing?
- Configure Health Checks for Your Classic Load Balancer
- Troubleshoot a Classic Load Balancer: Health Checks
- CIS Amazon Web Services Foundations
- AWS Command Line Interface (CLI) Documentation
- elb
- describe-load-balancers
- describe-tags
- configure-health-check
- CloudFormation Documentation
- AWS::ElasticLoadBalancing::LoadBalancer
- Terraform Documentation
- AWS Provider