Profile Applicability:
Level 2
Description:
Connection Draining for Classic Load Balancers (CLB) ensures that in-flight requests are allowed to complete before instances are deregistered or terminated. When enabled, the load balancer stops routing new requests to instances that are being deregistered but continues to route existing in-flight requests until they complete or the timeout period is reached.
This feature is critical during instance replacement, scaling events, or maintenance to ensure a seamless user experience and avoid dropped connections.
Rationale:
Graceful Deregistration: Prevents disruption to users by allowing active connections to complete before terminating or deregistering instances.
Seamless Scaling: Ensures smooth scaling events (both scaling out and scaling in) without impacting active user sessions.
High Availability: Reduces the risk of failed transactions and maintains application availability during changes.
Improved User Experience: Enhances user experience by preventing abrupt termination of requests.
Impact:
Pros:
Ensures graceful termination of instances.
Enhances user experience by preventing abrupt disconnections.
Helps maintain application availability during maintenance or scaling events.
Cons:
Prolongs the time taken to completely deregister or terminate instances.
May result in a slight delay in scaling down instances if long-lived connections are present.
Default Value:
Connection Draining is disabled by default for Classic Load Balancers.
It must be explicitly enabled and configured with a timeout value (maximum 3600 seconds or 1 hour).
Pre-Requisite:
IAM Permissions:
elasticloadbalancing:DescribeLoadBalancers
elasticloadbalancing:ModifyLoadBalancerAttributes
AWS CLI installed and configured.
Remediation:
Test Plan:
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to EC2 Dashboard → Load Balancers.
Select Classic Load Balancers from the left-hand panel.
For each Classic Load Balancer:
Select the CLB.
Go to the Description tab.
Under Attributes, check if Connection Draining is enabled.
Verify the timeout period (recommended: 300 seconds or higher)
Using AWS CLI:
Check Connection Draining Status:
aws elb describe-load-balancer-attributes --load-balancer-name <clb-name> --query 'LoadBalancerAttributes.ConnectionDraining'
Expected Output (Pass):
{
"Enabled": true,
"Timeout": 300
}
Fail Output (Disabled):
{
"Enabled": false,
"Timeout": 0
}Implementation Steps:
Using AWS Console:
Sign in to the AWS Console.
Navigate to EC2 Dashboard → Load Balancers.
Select the Classic Load Balancer to modify.
Under the Description tab, click Edit Attributes.
Enable the checkbox for Connection Draining.
Set the Timeout (recommended: 300 seconds).
Click Save.
Using AWS CLI:
Enable Connection Draining with Timeout:
aws elb modify-load-balancer-attributes --load-balancer-name <clb-name> --load-balancer-attributes 'ConnectionDraining={"Enabled":true,"Timeout":300}'Replace <clb-name> with your Classic Load Balancer name. Adjust the Timeout value as needed (maximum is 3600 seconds).
Verify the Changes:
aws elb describe-load-balancer-attributes --load-balancer-name <clb-name> --query 'LoadBalancerAttributes.ConnectionDraining'
Backout Plan:
If enabling Connection Draining causes issues:
Using AWS Console:
Navigate to EC2 Dashboard → Load Balancers.
Select the Classic Load Balancer.
Click Edit Attributes.
Uncheck the Connection Draining option.
Click Save.
Using AWS CLI:
aws elb modify-load-balancer-attributes --load-balancer-name <clb-name> --load-balancer-attributes 'ConnectionDraining={"Enabled":false,"Timeout":0}'