Description:

Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, Lambda functions, and virtual appliances. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers four types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault-tolerant.


Rationale:

You can select the appropriate load balancer based on your application needs. If you need flexible application management, we recommend that you use an Application Load Balancer. If extreme performance and static IP is needed for your application, we recommend that you use a Network Load Balancer. If you have an existing application that was built within the EC2-Classic network, then you should use a Classic Load Balancer.

Impact:

By enabling deletion protection you can prevent your load balancer from being deleted accidentally.


Default Value: 

By default, deletion protection is disabled for your load balancer.


Pre-Requisite:

  • Sign in as Admin or IAM user with required permissions


Remediation:

Test Plan:

  1. Sign in to AWS Management console 

  2. Go to EC2 service at https://console.aws.amazon.com/ec2/

  3. Click on the load balancers in the left navigation pane

  4. Select the Load Balancer you want to examine and go to the Description tab

  5. Under Attributes check whether the Deletion Protection is enabled or not


Using AWS CLI:

aws elbv2 describe-load-balancer-attributes
--region us-east-1
--load-balancer-arn <arn>


Implementation Steps:

  1. Sign in to AWS Management console 

  2. Go to EC2 service at https://console.aws.amazon.com/ec2/

  3. Click on the Load balancers in the left navigation pane

  4. Select the Load Balancer you want to modify and go to the Description tab, click on Edit Attributes in the bottom
  5. In Edit load balancer attributed page, check the Enable checkBox and click on save


Using AWS CLI:

aws elbv2 modify-load-balancer-attributes
--region us-east-1
--load-balancer-arn <arn>
--attributes Key=deletion_protection.enabled,Value=true


Backout plan:

  1. Sign in to AWS Management console 

  2. Go to EC2 service at https://console.aws.amazon.com/ec2/

  3. Click on the Load balancers in the left navigation pane

  4. Select the Load Balancer you want to modify and go to the Description tab, click on Edit Attributes in the bottom

  5. In Edit load balancer attributed page, uncheck the Enable checkBox and click on save


Reference:

What is an Application Load Balancer? - Elastic Load Balancing