2 AWS services that provide security log data to provide insight into how the service is operating are:
- AWS CloudTrail
- AWS Config
Besides this, AWS Security Hub and AWS GuardDuty can also be used for insights into your security.
--------------------------------------------------------------------------------------------------------
Connection Draining Or Deregistration Delay in AWS
-
Definition:
Connection Draining is a feature of Elastic Load Balancing (ELB – Classic Load Balancer) that ensures in-flight requests are completed before an EC2 instance is deregistered, unhealthy, or terminated. -
Why it matters:
Without connection draining, if you remove or replace an instance, any existing requests on that instance would be cut off immediately, leading to user errors or dropped sessions. -
How it works:
- When connection draining is enabled, the load balancer stops sending new requests to the instance.
- Existing connections are allowed to finish within a configured timeout period (default: 300 seconds, max: 3600 seconds).
- If connections are not closed by the timeout, they are forcibly terminated.
-
Scope:
- Available for Classic Load Balancer (CLB).
- In Application Load Balancer (ALB) and Network Load Balancer (NLB), the similar concept is called Deregistration Delay.
-------------------------------------------------------------------------------------------------------------------
No comments:
Post a Comment