---
title: Auto Scaling Group with no associated ELB
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > Auto Scaling Group with no associated ELB
---

# Auto Scaling Group with no associated ELB

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `ansible-aws-auto-scaling-group-with-no-associated-elb` 

**Provider:** AWS

**Platform:** Ansible

**Severity:** Medium

**Category:** Availability

#### Learn More{% #learn-more %}

- [Provider Reference](https://docs.ansible.com/ansible/latest/collections/amazon/aws/autoscaling_group_module.html#parameter-load_balancers)

### Description{% #description %}

Auto Scaling Groups must be associated with a load balancer so new instances receive traffic and health checks can detect and replace unhealthy instances. Without a load balancer, instances may not serve requests, and application availability and scaling behavior can be impacted.

For Ansible `autoscaling_group` tasks (modules `amazon.aws.autoscaling_group` and `autoscaling_group`), the `load_balancers` property must be defined and set to a non-empty list of Classic ELB names. Tasks missing the `load_balancers` property or with `load_balancers: []` are flagged. If you use Application Load Balancers with target groups instead of Classic ELBs, configure `target_group_arns` accordingly—this rule only validates the `load_balancers` attribute.

Secure example:

```yaml
- name: Create Auto Scaling Group with ELB
  amazon.aws.autoscaling_group:
    name: my-asg
    launch_template: my-launch-template
    min_size: 2
    max_size: 5
    load_balancers:
      - my-classic-elb
```

## Compliant Code Examples{% #compliant-code-examples %}

```yaml
- name: elb12
  amazon.aws.autoscaling_group:
    name: special
    load_balancers: [ 'lb1', 'lb2' ]
    availability_zones: [ 'eu-west-1a', 'eu-west-1b' ]
    launch_config_name: 'lc-1'
    min_size: 1
    max_size: 10
    desired_capacity: 5
    vpc_zone_identifier: [ 'subnet-abcd1234', 'subnet-1a2b3c4d' ]
    tags:
      - environment: production
        propagate_at_launch: no
```

```yaml
- name: elb22
  amazon.aws.autoscaling_group:
    name: special
    load_balancers: [ 'lb1', 'lb2' ]
    availability_zones: [ 'eu-west-1a', 'eu-west-1b' ]
    launch_config_name: 'lc-1'
    min_size: 1
    max_size: 10
    desired_capacity: 5
    vpc_zone_identifier: [ 'subnet-abcd1234', 'subnet-1a2b3c4d' ]
    tags:
      - environment: production
        propagate_at_launch: no
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```yaml
- name: elb1
  amazon.aws.autoscaling_group:
    name: special
    load_balancers: []
    availability_zones: [ 'eu-west-1a', 'eu-west-1b' ]
    launch_config_name: 'lc-1'
    min_size: 1
    max_size: 10
    desired_capacity: 5
    vpc_zone_identifier: [ 'subnet-abcd1234', 'subnet-1a2b3c4d' ]
    tags:
      - environment: production
        propagate_at_launch: no
```

```yaml
- name: elb2
  amazon.aws.autoscaling_group:
    name: special
    availability_zones: [ 'eu-west-1a', 'eu-west-1b' ]
    launch_config_name: 'lc-1'
    min_size: 1
    max_size: 10
    desired_capacity: 5
    vpc_zone_identifier: [ 'subnet-abcd1234', 'subnet-1a2b3c4d' ]
    tags:
      - environment: production
        propagate_at_launch: no
```