v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 6 Application Load Balancer deletion protection should be enabled

Description

This control checks whether an Application Load Balancer has deletion protection enabled. The control fails if deletion protection is not configured.

Enable deletion protection to protect your Application Load Balancer from deletion.

Remediation

To prevent your load balancer from being deleted accidentally, you can enable deletion protection. By default, deletion protection is disabled for your load balancer.

If you enable deletion protection for your load balancer, you must disable delete protection before you can delete the load balancer.

To enable deletion protection from the console

  1. Open the Amazon EC2 console.
  2. On the navigation pane, under LOAD BALANCING, choose Load Balancers.
  3. Choose the load balancer.
  4. On the Description tab, choose Edit attributes.
  5. On the Edit load balancer attributes page, select Enable for Delete Protection, and then choose Save.
  6. Choose Save.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_elb_6

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_elb_6 --share

SQL

This control uses a named query:

elb_application_lb_deletion_protection_enabled

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = high_availability
foundational_security_item_id = elb_6
plugin = aws
service = AWS/ELB