AWS ELBv2 Load Balancer: Deletion Protection Not Enabled
Description:
The AWS Elastic Load Balancer version 2 (ELBv2) provides capabilities to balance incoming application traffic across multiple targets. One of the features provided is "Deletion Protection," which ensures that the load balancer cannot be deleted accidentally, either through the AWS Management Console or programmatically via API calls. Without this protection enabled, there's a risk of unintentional deletion, which can lead to service interruptions and potential data loss.
Remediation:
1. Enable Deletion Protection for ELBv2 Load Balancer:
Ensure that deletion protection is turned on for all your critical load balancers to prevent unintentional deletions.
AWS Management Console:
- Navigate to the Elastic Load Balancing dashboard.
- Select your ELBv2 Load Balancer from the list.
- In the Description tab, click on Edit attributes.
- Enable Deletion protection.
- Save the changes.
AWS CLI:
aws elbv2 modify-load-balancer-attributes \
--load-balancer-arn <Your-ELBv2-ARN> \
--attributes Key=deletion_protection.enabled,Value=true
Terraform:
resource "aws_lb" "example" {
name = "example-lb"
enable_deletion_protection = true
// ... other configuration ...
}
2. Periodic Review:
- Regularly review your AWS environment to ensure that all critical resources, including ELBv2 Load Balancers, have deletion protection enabled.
- Consider using AWS Config to monitor and report on resources that do not have deletion protection enabled.
3. Training and Policy:
- Educate your team on the importance of deletion protection for critical AWS resources.
- Create and enforce organizational policies that require deletion protection to be enabled for all critical resources.
By ensuring deletion protection is enabled for all ELBv2 Load Balancers, organizations can safeguard themselves from unintentional deletions that can cause service disruptions. Make sure this best practice is widely adopted across your AWS environment.
Updated 5 months ago