Auto Scaling Group Health Check

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under AUTO SCALING section, choose Auto Scaling Groups.

04 Select the AWS ASG that you want to examine.

05 Select Details tab from the dashboard bottom panel and verify the ASG health check configuration details:

1. If the ASG is associated with a load balancer, i.e. the Load Balancers property value is not empty, for example: check the Health Check Type configuration status. If the status is set to EC2: the health check configuration for the selected Auto Scaling Group is not optimal.
2. If the ASG is not using a load balancer, i.e. the Load Balancers property value is empty, for example: check the Health Check Type configuration status. If the current status is set to ELB: the selected Auto Scaling Group health check feature is not properly configured and needs to be updated (see Remediation/ Resolution section of the rule).

06 Repeat step no. 4 and 5 to verify other Auto Scaling Groups configuration, available in the current region.

07 Change the AWS region from the navigation bar and repeat the audit process for other regions.

01 Run describe-auto-scaling-groups command (OSX/Linux/UNIX) using custom query filters to list the names of the Auto Scaling Groups available within the selected AWS region:

aws autoscaling describe-auto-scaling-groups
	--region us-east-1
	--output table
	--query 'AutoScalingGroups[*].AutoScalingGroupName'

02 The command output should return a table with the requested ASG names:

---------------------------
|DescribeAutoScalingGroups|
+-------------------------+
|  MyWebAppASG            |
|  ...                    |
|  MyBackendASG           |
|  ProdCacheASG           |
+-------------------------+

03 Run describe-auto-scaling-groups command (OSX/Linux/UNIX) to describe the selected AWS Auto Scaling Group health check configuration. The following command example provides information about an ASG named MyWebAppASG available in the US-East-1 region:

aws autoscaling describe-auto-scaling-groups
	--region us-east-1
	--auto-scaling-group-names MyWebAppASG

04 The command output should return the selected Auto Scaling Group configuration metadata:

1. If the ASG is associated with a load balancer, i.e. the LoadBalancerNames parameter value is not empty, e.g. "LoadBalancerNames": [ "MyASGLoadBalancer" ], check the HealthCheckType property value. If this value is set to EC2, as shown in the output example below, the health check configuration for the selected Auto Scaling Group is suboptimal.
   {
       "AutoScalingGroups": [
           {
               "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:
                123456789012:autoScalingGroup:42364fd5-5840-4e03-963
                a-1ec90d291302:autoScalingGroupName/MyWebAppASG",
               "HealthCheckGracePeriod": 300,
               "SuspendedProcesses": [],
               "DesiredCapacity": 1,
               "Tags": [],
               "EnabledMetrics": [],
               "LoadBalancerNames": [
                   "MyASGLoadBalancer"
               ],
               "AutoScalingGroupName": "MyWebAppASG",
               "DefaultCooldown": 300,
               "MinSize": 1,
               "Instances": [
                   {
                       "ProtectedFromScaleIn": true,
                       "AvailabilityZone": "us-east-1a",
                       "InstanceId": "i-02a9b72e63d135f4d",
                       "HealthStatus": "Healthy",
                       "LifecycleState": "InService",
                       "LaunchConfigurationName": "MyASGWebLaunchConfig"
                   }
               ],
               "MaxSize": 1,
               "VPCZoneIdentifier": "subnet-19e7cc6f,subnet-4c377014",
               "TerminationPolicies": [
                   "Default"
               ],
               "LaunchConfigurationName": "MyASGWebLaunchConfig",
               "CreatedTime": "2016-09-02T08:14:21.638Z",
               "AvailabilityZones": [
                   "us-east-1a",
                   "us-east-1b"
               ],
               "HealthCheckType": "EC2",
               "NewInstancesProtectedFromScaleIn": true
           }
       ]
   }
   

2. If the ASG is not using a load balancer, i.e. the LoadBalancerNames parameter returns an empty array for its value, e.g. "LoadBalancerNames": [ ], check the HealthCheckType property value. If this value is set to ELB, as shown in the example below, the selected Auto Scaling Group is not properly configured and needs to be updated (see Remediation/ Resolution section of the rule).
   {
       "AutoScalingGroups": [
           {
               "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:
                123456789012:autoScalingGroup:42364fd5-5840-4e03-963
                a-1ec90d291302:autoScalingGroupName/MyWebAppASG",
               "HealthCheckGracePeriod": 300,
               "SuspendedProcesses": [],
               "DesiredCapacity": 1,
               "Tags": [],
               "EnabledMetrics": [],
               "LoadBalancerNames": [],
               "AutoScalingGroupName": "MyWebAppASG",
               "DefaultCooldown": 300,
               "MinSize": 1,
               "Instances": [
                   {
                       "ProtectedFromScaleIn": true,
                       "AvailabilityZone": "us-east-1a",
                       "InstanceId": "i-02a9b72e63d135f4d",
                       "HealthStatus": "Healthy",
                       "LifecycleState": "InService",
                       "LaunchConfigurationName": "MyASGWebLaunchConfig"
                   }
               ],
               "MaxSize": 1,
               "VPCZoneIdentifier": "subnet-19e7cc6f,subnet-4c377014",
               "TerminationPolicies": [
                   "Default"
               ],
               "LaunchConfigurationName": "MyASGWebLaunchConfig",
               "CreatedTime": "2016-09-02T08:14:21.638Z",
               "AvailabilityZones": [
                   "us-east-1a",
                   "us-east-1b"
               ],
               "HealthCheckType": "ELB",
               "NewInstancesProtectedFromScaleIn": true
           }
       ]
   }
   

05 Repeat step no. 3 and 4 to verify the health check configuration for other ASGs available in the current region.

06 Repeat steps no. 1 – 5 to repeat the entire audit process for other AWS regions.

01 Sign in to the AWS Management Console.

02 Navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.

03 In the left navigation panel, under AUTO SCALING section, choose Auto Scaling Groups.

04 Select the Auto Scaling Group that you want to update.

05 If the selected ASG is associated with an AWS Elastic Load Balancer, perform the following actions:

1. Select the Details tab from the dashboard bottom panel and click the Edit button: to edit the scaling group configuration.
2. Select ELB from the Health Check Type dropdown list and click the Save button to apply the changes. Your Auto Scaling Group will now delegate the health checks to the Elastic Load Balancer attached.

06 If the selected ASG is not using an AWS Elastic Load Balancer, perform the following actions:

1. Select the Details tab from the dashboard bottom panel and click the Edit button: to edit the scaling group configuration.
2. Select EC2 from the Health Check Type dropdown list and click the Save button to save the changes. Your ASG health check feature will now use the results returned from the registered EC2 instances status checks.

07 Repeat steps no. 4 – 6 to update the health check configuration for other ASGs available in the current region.

08 Change the AWS region from the navigation bar and repeat the entire process for other regions.

01 If the ASG that you want to update is associated with an AWS Elastic Load Balancer, run update-auto-scaling-group command (OSX/Linux/UNIX) with the --health-check-type parameter set to ELB. The following command example updates the health check configuration of an AWS Auto Scaling Group named MyWebAppASG available in the US-East-1 region (if successful, the command does not return an output):

aws autoscaling update-auto-scaling-group
--region us-east-1
--auto-scaling-group-name MyWebAppASG
--health-check-type ELB

02 If the ASG that you want to update is not using a load balancer, run update-auto-scaling-group command (OSX/Linux/UNIX) with the --health-check-type parameter set to EC2 and provide the amount of time (in seconds) required by the ASG to wait before checking the health status of the new EC2 instances provisioned in the group. The following command example updates the health check configuration of an AWS Auto Scaling Group named MyWebAppASG available in the US-East-1 region (if successful, the command does not return an output):

aws autoscaling update-auto-scaling-group
--region us-east-1
--auto-scaling-group-name MyWebAppASG
--health-check-type EC2
--health-check-grace-period 300

03 Repeat step no. 1 and 2 to update the health check configuration for other ASGs available in the current region.

04 Change the AWS region and repeat the entire process for other regions.