3.13 Ensure Web Tier Auto-Scaling Group has an associated Elastic Load Balancer

Information

Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances within a VPC.

It enables greater levels of fault tolerance in your applications, seamlessly providing the required amount of load balancing capacity needed to distribute application traffic across 1 or more Availability Zones within a VPC.

Elastic Load Balancing must be integrated with Auto Scaling Groups to ensure that you have availability of compute resources in the event of a failure.
Integrating Auto Scaling Groups with an Elastic Load Balancer will help provide high availability and back-end EC2 instance scaling.

Through Auto-Scaling Group configuration you can define:

* minimum / maximum number of EC2 instances to be launched by the Auto-Scaling Group
* Availability Zones / subnets used

Solution

Using the Amazon unified command line interface:

* List existing load balancers:

aws elb describe-load-balancers --query 'LoadBalancerDescriptions[*].{ELBName:LoadBalancerName}'

or

* Create new load balancer:

aws elb create-load-balancer --load-balancer-name <web_tier_elb> --listeners _<listener_config>_ --subnets <web_tier_elb_subnet1> <web_tier_elb_subnet2> --security-groups <web_tier_elb_security_group>

* Attached load balancer from previous steps to autoscaling group:

aws autoscaling attach-load-balancers --load-balancer-names <web_tier_elb> --auto-scaling-group-name <web_tier_autoscaling_group_name>

See Also

https://workbench.cisecurity.org/files/260

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-8

Plugin: amazon_aws

Control ID: 34a094ca1c90a3201c6c42caf926b927a6e2e6fca6e6aa21f198793bf0f1b460