I have connection draining enabled for a ELB. According to the documentation at http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/TerminologyandKeyConcepts.html#conn-drain, a deregistering or unhealthy instance will keep existing connections open:
Connection draining causes the ELB load balancer to stop sending
new requests to a deregistering instance or an unhealthy
instance, while keeping the existing connections open.
I'd like to perform some maintenance on EC2 nodes in the ELB. It would be nice to gracefully take them out of rotation manually. I have tried failing the health checks and manually removing the EC2 instance from the ELB. Both of these actions kill existing connections to the instance.
How can I manually set a EC2 instance to deregistering or unhealthy state so that it will continue to serve existing connections but not accept new ones?
Best Answer
You could perhaps set up a new security group which rejects inbound connections from the ELB but allows outbound connections back.
When you need to perform maintenance, you can switch the affected EC2 instance to this new security group and wait for the remaining connections to drop off.
The only thing I'm not sure on is if changing the security group will kill existing connections. I don't believe it will but I haven't tested to be sure.