Auto scaling groups associated with a load balancer do not use elastic load balancing health checks
Description
To maintain the availability of the compute resources in the event of a failure and provide an evenly distributed application load ,ensure that your Amazon Auto Scaling Groups (ASGs) have associated Elastic Load Balancers in order.
Code Example
go
{
"resource "aws_autoscaling_group" "autoscalling_ok" {
max_size = 5
min_size = 2
health_check_grace_period = 300
health_check_type = "ELB"
desired_capacity = 4
force_delete = true
lifecycle {
ignore_changes = [load_balancers, target_group_arns]
}
}
resource "aws_autoscaling_attachment" "test_ok_attachment" {
autoscaling_group_name = aws_autoscaling_group.autoscalling_ok.id
elb = aws_elb.test_ok.id
}
resource "aws_elb" "test_ok" {
name = "foobar-terraform-elb"
availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
access_logs {
bucket = "foo"
bucket_prefix = "bar"
interval = 60
}
listener {
instance_port = 8000
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
listener {
instance_port = 8000
instance_protocol = "http"
lb_port = 443
lb_protocol = "https"
ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
}
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
target = "HTTP:8000/"
interval = 30
}
instances = [aws_instance.foo.id]
cross_zone_load_balancing = true
idle_timeout = 400
connection_draining = true
connection_draining_timeout = 400
tags = {
Name = "foobar-terraform-elb"
}
}
",
}Remediation
Terraform
- Resource: aws_autoscaling_group, aws_autoscaling_attachment, aws_elb
- Arguments: autoscaling_group_name and elb of aws_autoscaling_attachment
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0453 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_AWS_15 |