Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Auto Scaling Groups Using Multiple Instance Types

This rule ensures auto scaling groups utilize multiple instance types across various Availability Zones.

RuleAuto Scaling groups should use multiple instance types in multiple Availability Zones
FrameworkAWS Foundational Security Best Practices
Severity
Medium

Rule Description:

Auto Scaling groups should use multiple instance types in multiple Availability Zones for AWS Foundational Security Best Practices.

Auto Scaling groups are a key component of managing and scaling applications in AWS. To ensure availability and maintain resilient infrastructure, it is recommended to use multiple instance types and distribute them across multiple Availability Zones. This best practice helps to reduce the risk of service disruption due to hardware failure, network issues, or other unforeseen events.

Using multiple instance types ensures that even if one instance type becomes unavailable, the application can continue to function using the other available instance types. Distributing instances across multiple Availability Zones enhances the availability and fault tolerance of the application by providing redundancy across different physical locations.

Troubleshooting Steps (If Applicable):

If an Auto Scaling group does not utilize multiple instance types in multiple Availability Zones, it can lead to dependence on a single type or zone, making the application vulnerable to availability issues. Troubleshooting steps to rectify this situation may include:

  2. 1.
    Identify the current instance types: Use the AWS Management Console or AWS CLI to gather information on the instance types currently associated with the Auto Scaling group. The CLI command for listing Auto Scaling groups is as follows:
aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names <auto-scaling-group-name>
  2. 1.
    Review the Availability Zones: Check the Availability Zones associated with the Auto Scaling group. The CLI command to view the availability zones is:
aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names <auto-scaling-group-name> --query "AutoScalingGroups[].AvailabilityZones"
  2. 1.
    Determine the number of instance types: Validate if there are multiple instance types used within the Auto Scaling group. This can be achieved by reviewing the instance configurations available in the Auto Scaling group details. The CLI command to get the instance types is:
aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names <auto-scaling-group-name> --query "AutoScalingGroups[].Instances[].InstanceType"
  2. 1.

    Identify unused Availability Zones: Analyze if all the available Availability Zones are being used within the Auto Scaling group. This can be checked by comparing the associated Availability Zones with the available zones in the region.

  4. 2.

    Modify the Auto Scaling group: If the Auto Scaling group does not adhere to the best practice, modify its configuration to include multiple instance types and distribute instances across multiple Availability Zones.

Necessary Codes (If Applicable):

There are no specific codes required for this best practice rule. However, the following AWS CLI commands can be used to collect the required information and modify the Auto Scaling group if necessary:

  2. 1.
    To list Auto Scaling groups:
aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names <auto-scaling-group-name>
  2. 1.
    To view the availability zones associated with an Auto Scaling group:
aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names <auto-scaling-group-name> --query "AutoScalingGroups[].AvailabilityZones"
  2. 1.
    To get the instance types used in an Auto Scaling group:
aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names <auto-scaling-group-name> --query "AutoScalingGroups[].Instances[].InstanceType"
  2. 1.
    To modify an Auto Scaling group:
aws autoscaling update-auto-scaling-group --auto-scaling-group-name <auto-scaling-group-name> --<parameters>

Please note that the above commands are examples and should be modified based on your specific Auto Scaling group's name and requirements.

Step-by-Step Guide for Remediation:

To adhere to the best practice of using multiple instance types in multiple Availability Zones for Auto Scaling groups, follow these steps:

  2. 1.

    Identify the Auto Scaling group: Determine the Auto Scaling group that needs to be modified. Note down its name.

  4. 2.

    Review current configuration: Use the AWS Management Console or AWS CLI to gather information about the current instance type(s) and Availability Zones associated with the Auto Scaling group.

  6. 3.

    Choose additional instance type(s): Identify one or more additional instance types that are compatible with your application requirements and available in the desired AWS region.

  8. 4.

    Check Availability Zones: Ensure that the Auto Scaling group already spans multiple Availability Zones. If not, modify the configuration to include additional Availability Zones.

  10. 5.

    Modify the Auto Scaling group: Use the AWS CLI or Console to modify the Auto Scaling group's configuration to include the selected additional instance type(s) and distribute instances across multiple Availability Zones.

    • If using AWS CLI, you can run the following command to modify the Auto Scaling group:
    aws autoscaling update-auto-scaling-group --auto-scaling-group-name <auto-scaling-group-name> --<parameters>

    Replace 

    <auto-scaling-group-name>
    with the actual name of your Auto Scaling group, and 
    <parameters>
    with the appropriate options for modifying instance types and Availability Zones.

    • If using the AWS Management Console, navigate to the Auto Scaling group configuration page, locate the instance configuration section, and add the desired instance type(s). Also, ensure that the Availability Zones are properly selected for distribution.
  12. 6.

    Verify the changes: After modifying the Auto Scaling group's configuration, validate the changes by using the AWS CLI or Console to confirm that the new instance type(s) and Availability Zones are in effect.

  14. 7.

    Monitor and evaluate: Continuously monitor the Auto Scaling group's performance and ensure that the application is functioning as expected across the different instance types and Availability Zones. Regularly review the AWS CloudWatch metrics and logs for any unusual patterns or issues with scaling or availability.

By following these steps, you will successfully implement the best practice of using multiple instance types in multiple Availability Zones for your Auto Scaling group, ensuring better resiliency and availability for your application in AWS.

Is your System Free of Underlying Vulnerabilities?
Find Out Now