Classic Load Balancer Connection Draining Enabled
elb_connection_draining_enabled
Checks if connection draining is enabled for Classic Load Balancers. Connection draining ensures that the load balancer stops sending requests to instances that are de-registering or unhealthy, while keeping existing connections open. This is particularly useful for instances in Auto Scaling groups, to ensure that connections aren't severed abruptly.
Risk
Disabling connection draining can lead to abrupt connection termination for users, impacting the user experience and potentially causing application errors.
prowler aws --checks elb_connection_draining_enabled
arn:partition:service:region:account-id:resource-id
Recommendation
Enable connection draining for all Classic Load Balancers. This ensures that existing connections are not abruptly terminated when instances are removed from the load balancer.
Remediation
aws elb modify-load-balancer-attributes --load-balancer-name <my_load_balancer_name> --load-balancer-attributes '{'ConnectionDraining':{'Enabled':true,'Timeout':300}}'
Source Code
Resource Type
AwsElbLoadBalancer