Ensure ELB has cross-zone-load-balancing enabled

Error: AWS ELB has cross-zone load balancing disabled

Bridgecrew Policy ID: BC_AWS_NETWORKING_43
Checkov Check ID: CKV_AWS_138
Severity: LOW

AWS ELB has cross-zone load balancing disabled

Description

TBA. Elastic Load Balancer (Classic).

Fix - Buildtime

Terraform

  • Resource: xyz
  • Argument: xyz [this will be for composite checks and will indicate a specific resource]
resource "aws_elb" "test_success" {
              name               = "foobar-terraform-elb"
              availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
              access_logs {
                bucket        = "foo"
                bucket_prefix = "bar"
                interval      = 60
              }
              listener {
                instance_port     = 8000
                instance_protocol = "http"
                lb_port           = 80
                lb_protocol       = "http"
              }
              listener {
                instance_port      = 8000
                instance_protocol  = "http"
                lb_port            = 443
                lb_protocol        = "https"
                ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
              }
              health_check {
                healthy_threshold   = 2
                unhealthy_threshold = 2
                timeout             = 3
                target              = "HTTP:8000/"
                interval            = 30
              }
              instances                   = [aws_instance.foo.id]
              idle_timeout                = 400
              connection_draining         = true
              connection_draining_timeout = 400
            }
            """)
        resource_conf = hcl_res['resource'][0]['aws_elb']['test_success']
        scan_result = check.scan_resource_conf(conf=resource_conf)
        self.assertEqual(CheckResult.PASSED, scan_result)

    def test_success(self):
        hcl_res = hcl2.loads("""
            resource "aws_elb" "test_success" {
              name               = "foobar-terraform-elb"
              availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"]
              access_logs {
                bucket        = "foo"
                bucket_prefix = "bar"
                interval      = 60
              }
              listener {
                instance_port     = 8000
                instance_protocol = "http"
                lb_port           = 80
                lb_protocol       = "http"
              }
              listener {
                instance_port      = 8000
                instance_protocol  = "http"
                lb_port            = 443
                lb_protocol        = "https"
                ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
              }
              health_check {
                healthy_threshold   = 2
                unhealthy_threshold = 2
                timeout             = 3
                target              = "HTTP:8000/"
                interval            = 30
              }
              instances                   = [aws_instance.foo.id]
+             cross_zone_load_balancing   = true
              idle_timeout                = 400
              connection_draining         = true
              connection_draining_timeout = 400
            }

Did this page help you?