Ensure that your AWS Auto Scaling Groups (ASGs) launch configuration is referencing one or more active Security Groups (SGs) in order to maintain the auto-scaling process healthy
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When your ASGs fail to launch new EC2 instances due to inactive (deleted) Security Groups, the scaling mechanism is unable to add compute resources to handle the traffic load and this will cause a significant negative impact on your application performance and can lead to downtime.
To identify any unhealthy Auto Scaling Groups (i.e. ASGs that reference inactive Security Groups), perform the following actions:
To fix the unhealthy AWS Auto Scaling Groups by replacing their invalid launch configuration, perform the following: