Ensure that the Connection Draining feature is enabled for your Amazon Classic Load Balancers. The feature allows existing requests to complete before the load balancer shifts traffic away from a deregistered or unhealthy backend EC2 instance.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Enabling the Connection Draining feature will provide better management of the compute resources behind the Classic Load Balancers, such as replacing backend EC2 instances without impacting the user experience. For example, taking an EC2 instance out of service and replacing it with a fresh instance that contains up-to-date software, while avoid breaking open network connections.
Audit
To determine if Connection Draining is enabled for your Classic Load Balancers, perform the following actions:
Remediation / Resolution
To enable the Connection Draining feature for your Amazon Classic Load Balancers, perform the following actions:
References
- AWS Documentation
- Elastic Load Balancing FAQs
- Configure your Classic Load Balancer
- Configure connection draining for your Classic Load Balancer
- AWS Command Line Interface (CLI) Documentation
- elb
- describe-load-balancers
- describe-load-balancer-attributes
- modify-load-balancer-attributes
- CloudFormation Documentation
- AWS::ElasticLoadBalancing::LoadBalancer
- Terraform Documentation
- AWS Provider