ELBv2 Network or Gateway Load Balancer has cross-zone load balancing enabled
elbv2_cross_zone_load_balancing_enabled
Network and Gateway Load Balancers have cross-zone load balancing enabled (load_balancing.cross_zone.enabled), so each node distributes requests to targets in all enabled Availability Zones rather than only its own.
Risk
Without cross-zone distribution, traffic can concentrate in one zone, degrading availability through target saturation, uneven failover, and connection drops. Zonal impairment can cause partial outages and increase latency under load.
prowler aws --checks elbv2_cross_zone_load_balancing_enabled
Recommendation
Enable cross-zone load balancing to spread load across zones and design for AZ redundancy.
- Balance capacity per AZ and use health-based routing
- Avoid single-AZ dependencies and sticky designs
- Monitor zonal health to sustain fault tolerance
Remediation
aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load-balancer-arn> --attributes Key=load_balancing.cross_zone.enabled,Value=true
- Open the AWS EC2 console and go to Load Balancers
- Select your Network or Gateway Load Balancer
- Choose the Attributes tab > Edit attributes
- Turn on Cross-zone load balancing
- Save changes
Source Code
Resource Type
AwsElbv2LoadBalancer