Ensure that your AWS Auto Scaling Groups (ASGs) launch configuration is referencing one or more active Security Groups (SGs) in order to maintain the auto-scaling process healthy
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
excellence
When your ASGs fail to launch new EC2 instances due to inactive (deleted) Security Groups, the scaling mechanism is unable to add compute resources to handle the traffic load and this will cause a significant negative impact on your application performance and can lead to downtime.
Audit
To identify any unhealthy Auto Scaling Groups (i.e. ASGs that reference inactive Security Groups), perform the following actions:
Remediation / Resolution
To fix the unhealthy AWS Auto Scaling Groups by replacing their invalid launch configuration, perform the following:
References
- AWS Documentation
- Auto Scaling Groups
- Launch Configurations
- Troubleshooting Auto Scaling
- Troubleshooting Auto Scaling: EC2 Instance Launch Failures
- Creating a Launch Configuration
- AWS Command Line Interface (CLI) Documentation
- autoscaling
- describe-launch-configurations
- create-launch-configuration
- update-auto-scaling-group
- ec2
- describe-security-groups
- create-security-group
- authorize-security-group-ingress
- authorize-security-group-egress
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Launch Configuration Referencing Missing Security Groups
Risk level: High