terraform.aws.best-practice.missing-aws-cross-zone-lb.missing-aws-cross-zone-lb
semgrep
Author
unknown
Download Count*
License
The AWS cross zone load balancing is not enabled.
Run Locally
Run in CI
Defintion
rules:
- id: missing-aws-cross-zone-lb
patterns:
- pattern-either:
- pattern: |
resource "aws_lb" $ANYTHING {
...
load_balancer_type = ...
...
}
- pattern: |
resource "aws_alb" $ANYTHING {
...
load_balancer_type = ...
...
}
- pattern-not-inside: |
resource $ANYLB $ANYTHING {
...
enable_cross_zone_load_balancing = true
...
}
- pattern-not-inside: |
resource $ANYLB $ANYTHING {
...
load_balancer_type = "application"
...
}
message: The AWS cross zone load balancing is not enabled.
languages:
- hcl
severity: WARNING
metadata:
category: best-practice
technology:
- terraform
- aws
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
Examples
missing-aws-cross-zone-lb.tf
# pass
resource "aws_lb" "enabled" {
internal = false
load_balancer_type = "network"
name = "nlb"
subnets = var.public_subnet_ids
enable_cross_zone_load_balancing = true
}
resource "aws_alb" "enabled" {
load_balancer_type = "gateway"
name = "glb"
enable_cross_zone_load_balancing = true
subnet_mapping {
subnet_id = var.subnet_id
}
}
# failure
# ruleid: missing-aws-cross-zone-lb
resource "aws_lb" "default" {
internal = false
load_balancer_type = "network"
name = "nlb"
subnets = var.public_subnet_ids
}
# ruleid: missing-aws-cross-zone-lb
resource "aws_alb" "default" {
load_balancer_type = "gateway"
name = "glb"
subnet_mapping {
subnet_id = var.subnet_id
}
}
# ruleid: missing-aws-cross-zone-lb
resource "aws_lb" "disabled" {
internal = false
load_balancer_type = "network"
name = "nlb"
subnets = var.public_subnet_ids
enable_cross_zone_load_balancing = false
}
# ruleid: missing-aws-cross-zone-lb
resource "aws_alb" "disabled" {
load_balancer_type = "gateway"
name = "glb"
enable_cross_zone_load_balancing = false
subnet_mapping {
subnet_id = var.subnet_id
}
}
# unknown
resource "aws_lb" "application" {
internal = false
load_balancer_type = "application"
name = "alb"
subnets = var.public_subnet_ids
}
resource "aws_lb" "default_type" {
internal = false
name = "alb"
subnets = var.public_subnet_ids
}
Short Link: https://sg.run/7neZ