Open menu
-->

Multi-AZ Auto Scaling Groups

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Reliability

Risk level: Medium (should be achieved)

Ensure that your Amazon Auto Scaling Groups (ASGs) span across multiple Availability Zones (AZs) within an AWS region to expand the availability of your auto-scaled applications.

When hosting your AWS ASGs within a multi-AZ environment, if one AZ becomes unhealthy or unavailable, the Auto Scaling Group launches new EC2 instances in an unaffected Availability Zone, enhancing the availability and reliability of the ASG.

Audit

To determine if your existing AWS Auto Scaling Groups can deploy instances within multiple Availability Zones, perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under AUTO SCALING section, choose Auto Scaling Groups.

04 Select the AWS ASG that you want to examine.

05 Select Details tab from the dashboard bottom panel.

06 Check the Availability Zone(s) configuration attribute value. If the Availability Zone(s) value is set to just one AZ (e.g. us-east-1a), the selected AWS Auto Scaling Group can launch EC2 instances only within an Availability Zone, therefore the ASG cannot take advantage of the reliability of geo-redundancy by deploying instances across multiple AZs.

07 Repeat steps no. 4 – 6 to verify if other Auto Scaling Groups available in the current region are hosted within a multi-AZ environment.

08 Change the AWS region from the navigation bar and repeat the audit process for other regions.

Using AWS CLI

01 Run describe-auto-scaling-groups command (OSX/Linux/UNIX) to list the names of all Auto Scaling Groups available within the selected AWS region:

aws autoscaling describe-auto-scaling-groups
	--region us-east-1
	--output table
	--query 'AutoScalingGroups[*].AutoScalingGroupName'

02 The command output should return a table with the requested ASG names:

---------------------------
|DescribeAutoScalingGroups|
+-------------------------+
|    CCProductionASG      |
|    CCBackendASG         |
|    CCWebClusterASG      |
+-------------------------+

03 Run again describe-auto-scaling-groups command (OSX/Linux/UNIX) using the name of the ASG that you want to examine as identifier parameter and custom query filters to expose the Availability Zone configuration for the selected AWS Auto Scaling Group:

aws autoscaling describe-auto-scaling-groups
	--region us-east-1
	--auto-scaling-group-names CCProductionASG
	--query 'AutoScalingGroups[*].AvailabilityZones[]'

04 The command output should return an array that contains the names of the AZs used by the selected ASG to launch instances:

[
    "us-east-1a"
]

If the array returned by the describe-auto-scaling-groups command output contains just one value (i.e. one AZ name), as shown in the example above, the selected AWS Auto Scaling Group can launch EC2 instances only within a single Availability Zone (in this case us-east-1a), therefore its auto-scaling configuration is not multi-AZ.

05 Repeat step no. 3 and 4 to verify if other Auto Scaling Groups available in the current region are hosted within a multi-AZ environment.

06 Repeat steps no. 1 – 5 to repeat the entire audit process for other AWS regions.

Remediation / Resolution

To expand the availability of your auto-scaled web application by adding new Availability Zones to your existing Auto Scaling Groups configuration, perform the following:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under AUTO SCALING section, choose Auto Scaling Groups.

04 Select the Auto Scaling Group that you want to reconfigure.

05 Select the Details tab from the dashboard bottom panel and click the Edit button to edit the selected ASG configuration.

06 Select the subnet corresponding to the Availability Zone that you want to add to the ASG configuration from the Subnet(s) dropdown list. Repeat this step to add as many subnets as required.

07 Click the Save button from the top-right corner to save the changes. The new EC2 instances will be launched across the AZs selected at the previous step.

08 Repeat steps no. 4 – 7 to reconfigure other ASGs, available in the current region, to support multi-AZ.

09 Change the AWS region from the navigation bar and repeat the entire process for other regions.

Using AWS CLI

01 Run update-auto-scaling-group command (OSX/Linux/UNIX) using the name of the Amazon ASG that you want to reconfigure as identifier (see Audit section Step 01 to identify the right resource) to implement the multi-AZ configuration by adding new Availability Zones, identified in this case by the subnets named subnet-cb643d1a and subnet-2b394390, to the selected Auto Scaling Group (the command does not produce an output):

aws autoscaling update-auto-scaling-group
	--region us-east-1
	--auto-scaling-group-name CCProductionASG
	--vpc-zone-identifier subnet-cb643d1a,subnet-2b394390

02 Repeat step no. 1 to reconfigure other AWS ASGs, available in the current region, to support multi-AZ.

03 Change the AWS region and repeat the entire remediation process for other regions.

References

Publication date Sep 18, 2017