Control: 13 Application, Network, and Gateway Load Balancers should span multiple Availability Zones
Description
This control checks whether an Elastic Load Balancer V2 (Application, Network, or Gateway Load Balancer) has registered instances from multiple Availability Zones. The control fails if an Elastic Load Balancer V2 has instances registered in fewer than two Availability Zones.
Elastic Load Balancing automatically distributes your incoming traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones. Elastic Load Balancing scales your load balancer as your incoming traffic changes over time. It is recommended to configure at least two availability zones to ensure availability of services, as the Elastic Load Balancer will be able to direct traffic to another availability zone if one becomes unavailable. Having multiple availability zones configured will help eliminate having a single point of failure for the application.
Remediation
To add an Availability Zone to an Application Load Balancer, see Availability Zones for your Application Load Balancer in the User Guide for Application Load Balancers. To add an Availability Zone to an Network Load Balancer, see Network Load Balancer s in the User Guide for Network Load Balancers. To add an Availability Zone to a Gateway Load Balancer, see Create a Gateway Load Balancer in the User Guide for Gateway Load Balancers.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_elb_13
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_elb_13 --share
SQL
This control uses a named query:
elb_application_gateway_network_lb_multiple_az_configured