Check provider logo

Auto Scaling group associated with a load balancer has ELB health checks enabled

autoscaling_group_elb_health_check_enabled

Severitylow
Serviceautoscaling
by Prowler
resilience

EC2 Auto Scaling groups attached to a load balancer are evaluated for ELB-based health checks that use the load balancer's target health instead of instance-only checks.

Risk

Without ELB health checks, the group may keep instances that fail load balancer probes, causing:

  • Reduced availability from routing to bad targets
  • Higher error rates impacting transaction integrity
  • Inefficient scaling and increased costs
Run this check with Prowler CLI

prowler aws --checks autoscaling_group_elb_health_check_enabled

Run in Prowler Cloud

Recommendation

Enable ELB health checks for Auto Scaling groups behind load balancers to reflect real client reachability. Apply high availability and defense in depth by:

  • Using application-appropriate LB probes
  • Tuning grace and threshold settings to avoid flapping
  • Monitoring health metrics and alerts

Remediation

CLI

aws autoscaling update-auto-scaling-group --auto-scaling-group-name <auto-scaling-group-name> --health-check-type ELB

Native IAC
# CloudFormation: Enable ELB health checks for the Auto Scaling group
Resources:
  <example_resource_name>:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      HealthCheckType: ELB  # Remediation: use ELB health checks so the ASG evaluates instance health via the load balancer
Terraform
# Enable ELB health checks on the Auto Scaling group
resource "aws_autoscaling_group" "<example_resource_name>" {
  health_check_type = "ELB"  # Remediation: ensures ASG uses load balancer health status
}
Other
  1. In AWS Console, go to EC2 > Auto Scaling Groups
  2. Select the Auto Scaling group
  3. On the Details tab, click Edit under Health checks
  4. Under Additional health check types, select Elastic Load Balancing (ELB)
  5. Click Update/Save

Source Code

Resource Type

AwsAutoScalingAutoScalingGroup

References