Ensure Auto Scaling group being used with multiple Availability zones
You should define your ASG to user multiple Availability zones, In order to balance your instances across these zones.
Risk Level: Low
Cloud Entity: EC2 Auto Scaling Group
CloudGuard Rule ID: D9.TF.AWS.NET.61
Covered by Spectral: No
Category: Compute
GSL LOGIC
aws_autoscaling_group should have vpc_zone_identifier length()>1
REMEDIATION
In order to update the subnets of your ASG, use to following CLI command:
aws autoscaling update-auto-scaling-group --auto-scaling-group-name <ASG Name> --vpc-zone-identifier <Subnets IDs (comma-separated)>
Make sure that your ASG and ELB are sharing the same AZ. This will increase performance and will decrease the latency.
From TF
resource "aws_autoscaling_group" "example" {
- availability_zones = ["us-east-1a"]
+ vpc_zone_identifier = [aws_subnet.example1.id, aws_subnet.example2.id]
}
For more information: https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-benefits.html#arch-AutoScalingMultiAZ
CLI: https://docs.aws.amazon.com/cli/latest/reference/autoscaling/update-auto-scaling-group.html
EC2 Auto Scaling Group
An Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also enables you to use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service.
Compliance Frameworks
- Terraform AWS CIS Foundations
Updated 7 months ago