Rule: ELB Application Load Balancer Deletion Protection Enabled
This rule ensures protection is enabled to prevent accidental deletion of ELB application load balancers.
| Rule | ELB application load balancer deletion protection should be enabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ High |
Description
The ELB (Elastic Load Balancer) application load balancer deletion protection is a feature that helps prevent accidental or unauthorized deletion of load balancers in AWS. By enabling deletion protection for the load balancer, you ensure that it cannot be deleted during routine maintenance or other administrative tasks.
To comply with NIST 800-171 Revision 2, it is essential to enable deletion protection for ELB application load balancers. This security measure helps in protecting your load balancers, ensuring continuous availability of your applications, and avoiding any disruption to your services.
Troubleshooting Steps
In case you encounter any issues or have trouble enabling deletion protection for the ELB application load balancer, you can follow these troubleshooting steps:
- 1.
Verify Permissions: Ensure that you have sufficient IAM (Identity and Access Management) permissions to enable deletion protection on the load balancer. You should have the necessary privileges to modify load balancer settings.
- 2.
Check Load Balancer Status: Confirm if the load balancer is in an active and healthy state. If the load balancer is in an error state or experiencing any issues, resolve them before attempting to enable deletion protection.
- 3.
Review AWS Documentation: Refer to the AWS documentation specific to your load balancer type and version. It provides detailed instructions on enabling deletion protection and troubleshooting common issues.
- 4.
Contact AWS Support: If the troubleshooting steps above do not resolve the issue, reach out to AWS Support for further assistance. Provide them with specific details about the problem you are facing and any error messages encountered.
Necessary Codes
To enable deletion protection for the ELB application load balancer, you can use the AWS Command Line Interface (CLI) with the following code:
aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_arn> --attributes Key=deletion_protection.enabled,Value=true
Replace
<load_balancer_arn>Step-by-Step Guide for Remediation
Follow these steps to enable deletion protection for an ELB application load balancer:
- 1.
Open your preferred terminal application or AWS CLI console.
- 2.
Run the following command, replacing
with the ARN of the load balancer you want to enable deletion protection for:<load_balancer_arn>
aws elbv2 modify-load-balancer-attributes --load-balancer-arn <load_balancer_arn> --attributes Key=deletion_protection.enabled,Value=true
- 1.
Wait for the command to execute successfully. Once completed, the deletion protection feature will be enabled for the specified load balancer.
- 2.
To verify that deletion protection is enabled, run the following command:
aws elbv2 describe-load-balancer-attributes --load-balancer-arn <load_balancer_arn>
Ensure that the output includes the
"deletion_protection.enabled": trueBy following these steps, you can successfully enable deletion protection for your ELB application load balancer, meeting the requirements of NIST 800-171 Revision 2. Ensure that you validate the successful change by inspecting the load balancer attributes.