AWS AutoScaling Best Practices

Best practice rules for AWS Auto Scaling

Trend Micro Cloud One™ – Conformity monitors AWS Auto Scaling with the following rules:

• App-Tier Auto Scaling Group with associated Elastic Load Balancer

  Ensure app-tier Auto Scaling Group has an associated Elastic Load Balancer.

• Auto Scaling Group Cooldown Period

  Ensure Amazon Auto Scaling Groups are utilizing cooldown periods.

• Auto Scaling Group Health Check

  Ensure AWS Auto Scaling Group is using the appropriate health check configuration to determine the health status of its instances.

• Auto Scaling Group Notifications

  Ensure AWS ASG Notifications feature is enabled within your Auto Scaling Groups settings.

• Auto Scaling Group Referencing Missing ELB

  Ensure Amazon Auto Scaling Groups are utilizing active Elastic Load Balancers.

• Check for Auto Scaling Groups with integrated Elastic Load Balancers.

  Ensure that each AWS Auto Scaling Group has an associated Elastic Load Balancer.

• CloudWatch Logs Agent for App-Tier Auto Scaling Group In Use

  Ensure an agent for AWS CloudWatch Logs is installed within Auto Scaling Group for app tier.

• CloudWatch Logs Agent for Web-Tier Auto Scaling Group In Use

  Ensure an agent for AWS CloudWatch Logs is installed within Auto Scaling Group for web tier.

• Empty Auto Scaling Group

  Identify and remove empty AWS Auto Scaling Groups (ASGs).

• IAM Roles for App-Tier ASG Launch Configurations

  Ensure Auto Scaling Group launch configuration for app tier is configured to use a customer created app-tier IAM role.

• IAM Roles for Web-Tier ASG Launch Configurations

  Ensure Auto Scaling Group launch configuration for web tier is configured to use a customer created web-tier IAM role.

• Launch Configuration Referencing Missing AMI

  Ensure AWS Launch Configurations are utilizing active Amazon Machine Images.

• Launch Configuration Referencing Missing Security Groups

  Ensure AWS Launch Configurations are utilizing active Security Groups.

• Multi-AZ Auto Scaling Groups

  Ensure AWS Auto Scaling Groups utilize multiple Availability Zones to improve environment reliability.

• Same Availability Zones In ASG And ELB

  Ensure AWS Availability Zones used for Auto Scaling Groups and for their Elastic Load Balancers are the same.

• Suspended Auto Scaling Groups

  Ensure there are no Amazon Auto Scaling Groups with suspended processes.

• Unused Launch Configuration

  Identify and remove unused AWS Auto Scaling Launch Configuration templates.

• Use Approved AMIs for App-Tier ASG Launch Configurations

  Ensure Auto Scaling Group launch configuration for app tier is configured to use an approved Amazon Machine Image.

• Use Approved AMIs for Web-Tier ASG Launch Configurations

  Ensure Auto Scaling Group launch configuration for web tier is configured to use an approved Amazon Machine Image.

• Web-Tier Auto Scaling Group associated ELB

  Ensure web-tier Auto Scaling Group has an associated Elastic Load Balancer.