No Idle ELBs Should Be Present

More Info:

Amazon ELBs should not be idle. Idle ELBs should be terminated to help lower the cost of your monthly AWS bill.

Risk Level

Low

Address

Cost Optimisation

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of having no idle ELBs present in AWS using AWS CLI, follow these steps:

Identify the idle ELBs present in your AWS account by running the following AWS CLI command:

aws elb describe-load-balancers --query "LoadBalancerDescriptions[?Instances == null].LoadBalancerName"

Once you have identified the idle ELBs, delete them using the following AWS CLI command:

aws elb delete-load-balancer --load-balancer-name <load_balancer_name>

Replace <load_balancer_name> with the name of the idle ELB that you want to delete.

Confirm the deletion by running the following AWS CLI command:

aws elb describe-load-balancers --query "LoadBalancerDescriptions[?LoadBalancerName == '<load_balancer_name>']"

Replace <load_balancer_name> with the name of the idle ELB that you deleted. If the command returns an empty array, it means that the idle ELB has been successfully deleted.

Repeat steps 2 and 3 for all the idle ELBs identified in step 1.

By following these steps, you can remediate the misconfiguration of having no idle ELBs present in AWS using AWS CLI.

Using Python

To remediate the “No Idle ELBs Should Be Present” misconfiguration in AWS using python, follow these steps:Step 1: Import the necessary libraries and configure your AWS credentials.

import boto3

session = boto3.Session(
    aws_access_key_id='your_access_key',
    aws_secret_access_key='your_secret_key',
    region_name='your_region'
)

elb = session.client('elbv2')

Step 2: Get a list of all the load balancers in your account.

response = elb.describe_load_balancers()
load_balancers = response['LoadBalancers']

Step 3: Loop through the list of load balancers and check if any of them are idle. If an idle load balancer is found, delete it.

for lb in load_balancers:
    lb_arn = lb['LoadBalancerArn']
    response = elb.describe_target_health(TargetGroupArn=lb_arn)
    target_health_states = response['TargetHealthDescriptions']
    
    if not target_health_states:
        elb.delete_load_balancer(LoadBalancerArn=lb_arn)

Step 4: Run the script to remediate the misconfiguration.Note: This script will delete any idle load balancers in your account. Make sure you understand the consequences before running it.That’s it! This script will remediate the “No Idle ELBs Should Be Present” misconfiguration in AWS.

Additional Reading:

https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-cloudwatch-metrics.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

No Idle ELBs Should Be Present

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: