Skip to main content

Use Case for AWS NLB Without Targets

  1. Configure AWS NLB Without Targets
  2. Use Case for AWS NLB Without Targets
  3. Triage Guides by Violation Type
    1. Triage AWS NLB Without Targets NLB_NO_TARGETS

AWS Network Load Balancer Without Targets

Why Use This Policy?

This policy helps in identifying and managing AWS Network Load Balancers (NLBs) that do not have any attached targets. NLBs without targets are unused and incur unnecessary costs, making it crucial to identify and delete these resources to optimize your cloud expenses.

Pros

  • Cost Efficiency: Eliminates expenses associated with unused NLBs.
  • Resource Management: Keeps your AWS environment clean by removing unused resources.
  • Automated Monitoring: Continually observes the state of NLBs to ensure they are in use.

Cons

  • False Positives: There may be valid scenarios where an NLB exists without targets temporarily.
  • Manual Deletion: This policy detects unused NLBs but does not automatically delete them.

How the Policy Works

The policy consists of two main components:

  1. Policy Function: Observes the state of a given NLB to determine if it has any targets.
  2. Policy Expression: Evaluates the observations to detect policy violations.

Policy Function Details

Observance Data

This policy extracts the following data:

  • loadBalancerDetails: Metadata about the NLB (name, type, state, scheme, creation date).
  • targetGroups: Metadata about target groups (ARN, name, protocol, port, target type).
  • targetHealthDescriptions: Health status of targets within target groups (target ID, port, health status, reason, description).

Policy Expression Details

Evaluation Logic

The Policy Expression evaluates the Observance data to check if the NLB has no targets. If the combined length of all targetHealthDescriptions arrays is zero, it indicates a violation.

Variables

This policy does not require any additional variables for its execution.

Violation Types

  • NLB_NO_TARGETS: This type of violation is reported when the NLB has no targets attached.

Example ARNs

Here are some example ARNs that can be provided to this policy:

  • arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/net/my-nlb/abcd1234efgh5678
  • arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/net/another-nlb/ijkl9012mnop3456