Ensure Auto Scaling group have scaling cooldown configured
Scaling cooldown prevents your ASG from executing scaling activity before other scaling activity ends. You should not set the cooldown to be less than one minute.
Risk Level: Low
Cloud Entity: EC2 Auto Scaling Group
CloudGuard Rule ID: D9.AWS.OPE.21
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
AutoScalingGroup should have defaultCooldown>=60
REMEDIATION
From Portal
You can't set the default cooldown when you initially create an Auto Scaling group in the Amazon EC2 Auto Scaling console. By default, this cooldown period is set to 300 seconds (5 minutes). If needed, you can update this after the group is created.
Use following steps to change the default cooldown period from AWS console
- After creating the Auto Scaling group, on the Details tab, choose Advanced configurations.
- Click Edit.
- For Default cooldown, choose the amount of time that you want based on your instance startup time or other application needs.
From TF
resource "aws_placement_group" "test" {
- default_cooldown = 300
+ default_cooldown = 60
}
From Command Line
In order to set scaling cooldown, use to following CLI command.
aws autoscaling update-auto-scaling-group --auto-scaling-group-name ASG_Name --default-cooldown Number_Of_Seconds
Note: NumberOfSeconds should be >= 60
References
- https://docs.aws.amazon.com/autoscaling/ec2/userguide/get-started-with-ec2-auto-scaling.html
- https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-scaling-cooldowns.html
- https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-launch-template.html
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group
- https://docs.aws.amazon.com/cli/latest/reference/autoscaling/update-auto-scaling-group.html
EC2 Auto Scaling Group
An Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service.
Compliance Frameworks
- AWS CloudGuard Best Practices
- AWS CloudGuard SOC2 based on AICPA TSC 2017
- AWS HITRUST
- AWS HITRUST v11.0.0
- AWS ISO27001:2022
- AWS NIST 800-53 Rev 5
- CloudGuard AWS All Rules Ruleset
Updated about 1 year ago