Best practice rules for AWS Auto Scaling
- App-Tier Auto Scaling Group associated ELB
Ensure that each app-tier Auto Scaling Group (ASG) has an associated Elastic Load Balancer (ELB) in order to maintain the availability of the EC2 compute resources in the event of a failure and provide an evenly distributed application load.
- Auto Scaling Group Cooldown Period
Ensure Amazon Auto Scaling Groups are utilizing cooldown periods.
- Auto Scaling Group Health Check
Ensure ELB health check is enabled if Elastic Load Balancing is being used for an Auto Scaling group. Ensure EC2 health check is enabled if Elastic Load Balancing isn't being used for an Auto Scaling group
- Auto Scaling Group Notifications
Ensure notifications are enabled for ASGs to receive additional information about scaling operations.
- Auto Scaling Group Referencing Missing ELB
Ensure Amazon Auto Scaling Groups are utilizing active Elastic Load Balancers.
- Auto Scaling Group associated ELB
Ensure that each Auto Scaling Group (ASG) has an associated Elastic Load Balancer (ELB) in order to maintain the availability of the EC2 compute resources in the event of a failure and provide an evenly distributed application load.
- CloudWatch Logs Agent for App-Tier Auto Scaling Group In Use
Ensure an agent for AWS CloudWatch Logs is installed within Auto Scaling Group for app tier.
- CloudWatch Logs Agent for Web-Tier Auto Scaling Group In Use
Ensure an agent for AWS CloudWatch Logs is installed within Auto Scaling Group for web tier.
- Configure Metadata Response Hop Limit
Configure the metadata response hop limit for EC2 instances running within the Auto Scaling Group.
- Configure Multiple Instance Types Across Multiple AZs
Ensure that your Auto Scaling Groups are using multiple instance types across multiple Availability Zones.
- Disable Public IP Association in ASG Launch Templates
Ensure that your Auto Scaling Group (ASG) instances are not using public IP addresses.
- Empty Auto Scaling Group
Identify and remove empty AWS Auto Scaling Groups (ASGs).
- IAM Roles for App-Tier ASG Launch Configurations
Ensure Auto Scaling Group launch configuration for app tier is configured to use a customer created app-tier IAM role.
- IAM Roles for Web-Tier ASG Launch Configurations
Ensure Auto Scaling Group launch configuration for web tier is configured to use a customer created web-tier IAM role.
- Launch Configuration Referencing Missing AMI
Ensure AWS Launch Configurations are utilizing active Amazon Machine Images.
- Launch Configuration Referencing Missing Security Groups
Ensure AWS Launch Configurations are utilizing active Security Groups.
- Multi-AZ Auto Scaling Groups
Ensure AWS Auto Scaling Groups utilize multiple Availability Zones to improve environment reliability.
- Same Availability Zones In ASG And ELB
Ensure AWS Availability Zones used for Auto Scaling Groups and for their Elastic Load Balancers are the same.
- Suspended Auto Scaling Groups
Ensure there are no Amazon Auto Scaling Groups with suspended processes.
- Unused Launch Configuration
Identify and remove unused AWS Auto Scaling Launch Configuration templates.
- Use Approved AMIs for App-Tier ASG Launch Configurations
Ensure Auto Scaling Group launch configuration for app tier is configured to use an approved Amazon Machine Image.
- Use Approved AMIs for Web-Tier ASG Launch Configurations
Ensure Auto Scaling Group launch configuration for web tier is configured to use an approved Amazon Machine Image.
- Use Launch Templates for Auto Scaling Groups
Ensure that your Auto Scaling Groups (ASGs) are utilizing launch templates.
- Web-Tier Auto Scaling Group associated ELB
Ensure that each web-tier Auto Scaling Group (ASG) has an associated Elastic Load Balancer (ELB) in order to maintain the availability of the EC2 compute resources in the event of a failure and provide an evenly distributed application load.