Rule: Auto Scaling groups with a load balancer should use health checks
This rule ensures that Auto Scaling groups with a load balancer utilize health checks for system and communications protection.
| Rule | Auto Scaling groups with a load balancer should use health checks |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Critical |
Rule Description:
Auto Scaling groups with a load balancer should utilize health checks to meet the requirements stipulated in NIST 800-53 Revision 5. This requirement ensures the proper functioning of the application by continuously monitoring the health and availability of the instances within the Auto Scaling group.
Troubleshooting Steps:
- 1.Check if the Auto Scaling group associated with a load balancer has enabled health checks.
- 2.Verify if the health check configuration is accurate and follows the recommended settings.
- 3.Identify if any instances within the Auto Scaling group are failing health checks.
- 4.Examine the load balancer logs and monitoring data to identify any potential issues impacting health checks.
- 5.Ensure that the health check settings are appropriate for your application's requirements.
Necessary Codes:
There are no specific codes required for this rule, as it involves configuration settings for the Auto Scaling group and the associated load balancer. However, the following AWS CLI commands can be used for troubleshooting and managing the Auto Scaling group and load balancer.
- 1.To describe the Auto Scaling group:
aws autoscaling describe-auto-scaling-groups --auto-scaling-group-name <auto-scaling-group-name>
- 1.To describe a load balancer:
aws elbv2 describe-load-balancers --names <load-balancer-name>
- 1.To configure health checks for a load balancer:
aws elbv2 modify-target-group --target-group-arn <target-group-arn> --health-check-protocol <protocol> --health-check-path <path> --health-check-interval-seconds <interval-seconds> --healthy-threshold-count <threshold-count> --unhealthy-threshold-count <threshold-count>
Step-by-Step Guide for Remediation:
Follow these steps to remediate the rule violation by configuring health checks for Auto Scaling groups with a load balancer:
- 1.
Identify the Auto Scaling group associated with the load balancer that needs health checks configured.
- 2.
Use the AWS CLI command mentioned above to describe the Auto Scaling group and ensure that it exists.
- 3.
Verify if the load balancer associated with the Auto Scaling group has been created and is functional. Use the AWS CLI command for describing a load balancer.
- 4.
Determine the target group ARN for the Auto Scaling group's load balancer.
- 5.
Use the AWS CLI command to configure health checks for the load balancer's target group. Replace the required parameters such as
,<target-group-arn>
,<protocol>
,<path>
,<interval-seconds>
with the appropriate values for your application.<threshold-count>Example Command:
aws elbv2 modify-target-group --target-group-arn arn:aws:elasticloadbalancing:<region>:<account-id>:targetgroup/<target-group-name>/<target-group-id> --health-check-protocol HTTP --health-check-path /health --health-check-interval-seconds 30 --healthy-threshold-count 2 --unhealthy-threshold-count 2Note: Adjust the values according to your application's requirements.
- 6.
Validate the health check settings by accessing the load balancer's target group and reviewing the health status of the instances.
- 7.
Ensure that all instances within the Auto Scaling group pass the health checks.
- 8.
Monitor the application's performance and health check results regularly to ensure continuous compliance with NIST 800-53 Revision 5.