Ensure Auto Scaling group being used with multiple Availability zones

You should define your ASG to user multiple Availability zones, In order to balance your instances across these zones.

Risk Level: Low
Cloud Entity: EC2 Auto Scaling Group
CloudGuard Rule ID: D9.AWS.NET.61
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

AutoScalingGroup should have vpcZoneIdentifier regexMatch /,/

REMEDIATION

From Portal:

Open the Amazon EC2 console.
From the sidebar, navigate to Auto Scaling and go to Auto Scaling Groups.
Select the check box next to an existing group.
On the Details tab, choose Network, Edit.
In Subnets, choose the subnet corresponding to the Availability Zone.
Choose Update.

From TF:

resource "aws_autoscaling_group" "example" {
	- availability_zones = ["us-east-1a"]
	+ vpc_zone_identifier = [aws_subnet.example1.id, aws_subnet.example2.id]
}

From Command Line:
In order to update the subnets of your ASG, use to following CLI command

aws autoscaling update-auto-scaling-group --auto-scaling-group-name autoscaling_group_name --vpc-zone-identifier Subnets_IDs (comma-separated)

Note: Make sure that your ASG and ELB are sharing the same AZ. This will increase performance and will decrease the latency.

References:

EC2 Auto Scaling Group

An Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service.

Compliance Frameworks

AWS CIS Controls V 8
AWS CSA CCM v.4.0.1
AWS CloudGuard Best Practices
AWS CloudGuard SOC2 based on AICPA TSC 2017
AWS HITRUST
AWS HITRUST v11.0.0
AWS ISO27001:2022
AWS MITRE ATT&CK Framework v11.3
AWS NIST 800-53 Rev 5
CloudGuard AWS All Rules Ruleset

Updated 7 months ago