Tracking Down Amazon Load Balancers With No Target

AWS load balancers with no targets might quietly be costing your organization money. In this guide, we'll show you how to find and delete unused load balancers.

Patrick Londa
Author
May 11, 2022
 • 
5
 min read
Share this post

Load balancers help optimize server speed and improve network performance by sending requests to available servers, but when they're not in use, they become an unnecessary expense. 

AWS load balancers must be able to connect with healthy, available targets to facilitate a reliable cloud-based network. If you want to save on your cloud platform bill, you should regularly find any load balancers that have no target attached to them and remove them so that you're not paying for more than you need. 

In this article, we'll briefly explain the differences between each load balancer type, then show you two ways to find and remove any that are unneeded.

Blink Automation: Detect AWS Load Balancers with No Target
AWS + Slack
Try This Automation

AWS Elastic Load Balancer Types

Elastic Load Balancers (ELBs) distribute traffic across multiple targets, sending requests only to servers that are healthy enough to perform the required function. There are three types of ELBs, namely:

  • Application Load Balancers (ALBs), which route requests at the application layer (HTTP/HTTPS), and support path-based routing
  • Network Load Balancers (NLBs), which route requests at the transport layer (TCP/SSL) using a flow hash algorithm, enabling them to handle millions of requests per second
  • Classic Load Balancers (CLBs), which require a fixed relationship between the load balancer port and container port, meaning that your cluster needs a container instance for each port.

Regardless of what type of load balancers you are using, they all need valid targets to function. Here are some of the reasons that a load balancer could end up without a target: 

  • The targets are in an availability zone (AZ) that’s not enabled
  • A security group is blocking the traffic
  • A network access control list (ACL) is blocking the traffic
  • A target is present but has not passed a health check, so no requests are sent

Removing AWS ELBs With No Target

You can remove any type of elastic load balancer using the AWS console. Location, auditing, and deletion can all also be done through the AWS command line interface (CLI), so we'll examine both methods here.

Locating Load Balancers with No Target

Using the AWS Console:

To identify load balancers with no target through the AWS console, perform the following steps:

  1. Sign in to the AWS management console.
  2. Go to the EC2 dashboard.
  3. Select Load Balancing from the navigation panel.
  4. Under Load Balancing, select Load Balancers.
  5. Click on the load balancer you wish to examine.
  6. Click on the Description tab in the bottom panel.
  7. Under Status, if the reading says "0 out of 0 instances in service,” then there are no backend instances currently in use. This means that the load balancer can safely be removed.

Using the AWS CLI:

Alternatively, you may use the AWS CLI for Linux, OSX, or Unix, and perform the following steps:

  1. Run the “describe-load-balancers” command to determine if any backend instances connected to your load balancer are currently in progress.
  2. The instance IDs attached to the load balancer will be the output, so if the list is empty, the load balancer is currently vacant. That means it can safely be removed.

Here is an example of the command:

  aws elb describe-load-balancers
[--load-balancer-arns <value>]
[--names <value>]
[--page-size <value>]
[--cli-input-json | --cli-input-yaml]
[--starting-token <value>]
[--max-items <value>]
[--generate-cli-skeleton <value>]

Once you run the command, look over the output attributes. If you don’t see an “InstanceID” listed in the “Instances” array, then the load balancer doesn't have a target.

Deleting Unused Load Balancers

Once you have identified a load balancer without a target, you can now delete it using either of these two methods:

Using the AWS Console:

You can do this through the AWS console by taking the following steps:

  1. If you have a CNAME record for your domain that points to your load balancer, point it elsewhere first. Allow the DNS change to complete before deletion.
  2. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
  3. In the navigation pane, under LOAD BALANCING, choose Load Balancers.
  4. Select the load balancer you wish to delete.
  5. Select Actions, then select Delete.
  6. When prompted for confirmation, choose Yes, Delete.

Using the AWS CLI:

If using the AWS CLI to delete load balancers, simply use the “delete-load-balancer” command and use the Amazon Resource Name (ARN) to specify which load balancer you want to delete.

aws elb delete-load-balancer    
    --load-balancer-arn <value>

Automating this AWS ELBs Check with Blink

If you are using ELBs and want to run this type of check often, there’s a better way than manually running through these steps.

With Blink, you can schedule automated checks like this one to run regularly so you get the benefit without the context-switching.

Blink Automation: Detect AWS Elastic Load Balancers with No Targets and Send a Report to Slack
Blink Automation: Detect AWS Elastic Load Balancers with No Targets and Send a Report to Slack

When this automation runs, it does the following steps:

  1. Gets a list of all AWS target groups.
  2. Checks the health of each group.
  3. Sends target groups without health information (no target) in a report to a Slack channel. 

You can use and customize any of the 5K automations in the Blink library, or build automations from scratch to fit your unique needs.

Get started with Blink today to see how easy automation can be.

Automate your security operations everywhere.

Blink is secure, decentralized, and cloud-native. 
Get modern cloud and security operations today.

Get a Demo