Skip to main content

More Info:

Amazon ELBs should not be idle. Idle ELBs should be terminated to help lower the cost of your monthly AWS bill.

Risk Level

Low

Address

Cost Optimisation

Compliance Standards

CBP

Triage and Remediation

  • Remediation

Remediation

Using Console

To remediate the “No Idle ELBs Should Be Present” misconfiguration in AWS using the AWS console, please follow the below steps:
  1. Login to your AWS console and navigate to the EC2 dashboard.
  2. Click on the “Load Balancers” link under the “Network & Security” section.
  3. Identify the idle ELBs by checking the “Status” column. If an ELB is idle, it will have a status of “Active (Idle)”.
  4. Click on the idle ELB that you want to remediate.
  5. Click on the “Instances” tab and check if there are any instances attached to the ELB.
  6. If there are no instances attached, then click on the “Delete” button to delete the idle ELB.
  7. If there are instances attached, then click on the “Deregister” button to remove the instances from the ELB.
  8. Once all instances have been removed, click on the “Delete” button to delete the idle ELB.
  9. Repeat steps 4-8 for all idle ELBs.
By following the above steps, you can remediate the “No Idle ELBs Should Be Present” misconfiguration in AWS using the AWS console.

To remediate the misconfiguration of having no idle ELBs present in AWS using AWS CLI, follow these steps:
  1. Identify the idle ELBs present in your AWS account by running the following AWS CLI command:
aws elb describe-load-balancers --query "LoadBalancerDescriptions[?Instances == null].LoadBalancerName"
  1. Once you have identified the idle ELBs, delete them using the following AWS CLI command:
aws elb delete-load-balancer --load-balancer-name <load_balancer_name>
Replace <load_balancer_name> with the name of the idle ELB that you want to delete.
  1. Confirm the deletion by running the following AWS CLI command:
aws elb describe-load-balancers --query "LoadBalancerDescriptions[?LoadBalancerName == '<load_balancer_name>']"
Replace <load_balancer_name> with the name of the idle ELB that you deleted. If the command returns an empty array, it means that the idle ELB has been successfully deleted.
  1. Repeat steps 2 and 3 for all the idle ELBs identified in step 1.
By following these steps, you can remediate the misconfiguration of having no idle ELBs present in AWS using AWS CLI.
To remediate the “No Idle ELBs Should Be Present” misconfiguration in AWS using python, follow these steps:Step 1: Import the necessary libraries and configure your AWS credentials.
import boto3

session = boto3.Session(
    aws_access_key_id='your_access_key',
    aws_secret_access_key='your_secret_key',
    region_name='your_region'
)

elb = session.client('elbv2')
Step 2: Get a list of all the load balancers in your account.
response = elb.describe_load_balancers()
load_balancers = response['LoadBalancers']
Step 3: Loop through the list of load balancers and check if any of them are idle. If an idle load balancer is found, delete it.
for lb in load_balancers:
    lb_arn = lb['LoadBalancerArn']
    response = elb.describe_target_health(TargetGroupArn=lb_arn)
    target_health_states = response['TargetHealthDescriptions']
    
    if not target_health_states:
        elb.delete_load_balancer(LoadBalancerArn=lb_arn)
Step 4: Run the script to remediate the misconfiguration.Note: This script will delete any idle load balancers in your account. Make sure you understand the consequences before running it.That’s it! This script will remediate the “No Idle ELBs Should Be Present” misconfiguration in AWS.

Additional Reading:

I