Ensure Auto Scaling group does not have suspended processes

You should not have any suspended processes in your Auto Scaling group. You would want to Suspend process if there is a problem in your ASG that you need to investigate. You should enable any suspended process as soon as the investigation ends.

Risk Level: Low
Cloud Entity: EC2 Auto Scaling Group
CloudGuard Rule ID: D9.AWS.OPE.20
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

AutoScalingGroup should not have suspendedProcesses

REMEDIATION

From Portal
Use following steps to resume a process.

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/, and choose Auto Scaling Groups from the navigation pane.
  2. Select the check box next to the Auto Scaling group. A split pane opens up in the bottom of the Auto Scaling groups page.
  3. On the Details tab, choose Advanced configurations, Edit.
  4. For Suspended processes, remove the suspended process.
  5. Choose Update.

From Command Line

  1. In order to resume all processes, use following command.
aws autoscaling resume-processes --auto-scaling-group-name ASG_Name
  1. It is also possible to resume a specific process using the tag: --scaling-processes process_name, use following command.
aws autoscaling resume-processes --auto-scaling-group-name my-asg --scaling-processes process_name

References

  1. https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-suspend-resume-processes.html
  2. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/autoscaling/resume-processes.html

EC2 Auto Scaling Group

An Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service.

Compliance Frameworks

  • AWS CloudGuard Best Practices
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS HITRUST
  • AWS HITRUST v11.0.0
  • AWS ISO27001:2022
  • AWS ITSG-33
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-53 Rev 5
  • CloudGuard AWS All Rules Ruleset