ELBs Should Have Cross Zone Enabled

More Info:

For higher availability and reliability, ELBs should work with cross zone nodes.

Risk Level

Low

Address

Reliability, Security

Compliance Standards

NIST, SOC2, GDPR, HITRUST, NISTCSF

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “ELBs should have cross-zone enabled” in AWS using AWS CLI, follow these steps:

Open the AWS CLI on your local machine.
Run the following command to enable cross-zone load balancing for all existing ELBs in the current region:

aws elb modify-load-balancer-attributes --load-balancer-name <ELB_NAME> --load-balancer-attributes "{\"CrossZoneLoadBalancing\":{\"Enabled\":true}}"

Replace <ELB_NAME> with the name of the ELB that needs to be remediated.

Run the following command to enable cross-zone load balancing for all new ELBs created in the current region:

aws elb create-lb-cookie-stickiness-policy --load-balancer-name <ELB_NAME> --policy-name "cross-zone-policy" --cookie-expiration-period 60

Replace <ELB_NAME> with the name of the ELB that needs to be remediated.

Verify that cross-zone load balancing is enabled for the ELB by running the following command:

aws elb describe-load-balancer-attributes --load-balancer-name <ELB_NAME> --query 'LoadBalancerAttributes.CrossZoneLoadBalancing.Enabled'

Replace <ELB_NAME> with the name of the ELB that was remediated.

Repeat these steps for all ELBs in the current region that require remediation.

Using Python

To remediate the misconfiguration of ELBs not having cross-zone enabled in AWS using Python, you can follow the below steps:

Import the necessary libraries:

import boto3

Create an AWS client for Elastic Load Balancing:

elb_client = boto3.client('elbv2')

Get the list of all the ELBs:

elbs = elb_client.describe_load_balancers()

Loop through each ELB and check if cross-zone load balancing is enabled. If not, enable it:

for elb in elbs['LoadBalancers']:
    elb_arn = elb['LoadBalancerArn']
    elb_attributes = elb_client.describe_load_balancer_attributes(LoadBalancerArn=elb_arn)
    if not elb_attributes['Attributes'][0]['Value']:
        elb_client.modify_load_balancer_attributes(
            LoadBalancerArn=elb_arn,
            Attributes=[
                {
                    'Key': 'load_balancing.cross_zone.enabled',
                    'Value': 'true'
                }
            ]
        )

Verify that cross-zone load balancing is enabled for all the ELBs:

for elb in elbs['LoadBalancers']:
    elb_arn = elb['LoadBalancerArn']
    elb_attributes = elb_client.describe_load_balancer_attributes(LoadBalancerArn=elb_arn)
    if not elb_attributes['Attributes'][0]['Value']:
        print(f"{elb['LoadBalancerName']} - Cross-Zone Load Balancing is not Enabled")
    else:
        print(f"{elb['LoadBalancerName']} - Cross-Zone Load Balancing is Enabled")

By following these steps, you can remediate the misconfiguration of ELBs not having cross-zone enabled in AWS using Python.

Additional Reading:

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-subnets.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

ELBs Should Have Cross Zone Enabled

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: