Classic Load Balancer has cross-zone load balancing enabled
elb_cross_zone_load_balancing_enabled
Classic Load Balancer with cross-zone load balancing distributes requests across registered targets in all enabled Availability Zones.
This evaluates whether that setting is enabled, instead of restricting distribution to targets within only the same zone.
Risk
Without cross-zone load balancing, traffic can concentrate in one AZ due to DNS skew or uneven capacity, creating hot spots, timeouts, and latency. This degrades service availability and increases the chance of cascading failures during AZ impairment or instance loss.
prowler aws --checks elb_cross_zone_load_balancing_enabled
Recommendation
Set cross-zone load balancing to enabled on Classic Load Balancers and use at least two AZs.
Balance capacity per AZ, enforce robust health checks with autoscaling, and design for high availability so load remains evenly distributed during demand spikes or partial AZ outages.
Remediation
aws elb modify-load-balancer-attributes --load-balancer-name <load-balancer-name> --load-balancer-attributes "{"CrossZoneLoadBalancing":{"Enabled":true}}"
- Open the AWS EC2 console
- Go to Load Balancing > Load Balancers and select your Classic Load Balancer
- Open the Attributes tab and click Edit
- Enable Cross-zone load balancing
- Click Save changes
Source Code
Resource Type
AwsElbLoadBalancer
References
- https://docs.aws.amazon.com/securityhub/latest/userguide/elb-controls.html#elb-9
- https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-crosszone-lb.html
- https://www.trendmicro.com/trendaivisiononecloudriskmanagement/knowledge-base/aws/ELB/elb-cross-zone-load-balancing-enabled.html