Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Compute Optimizer Auto Scaling Group Findings

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: ComputeOptimizer-002

Check for Compute Optimizer Auto Scaling group findings in order to take the necessary actions to optimize under-performing Amazon EC2 Auto Scaling groups identified within your AWS account. AWS Compute Optimizer evaluates CPU, network, memory and I/O usage to determine if your Auto Scaling group (ASGs) are optimized for your workloads.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Performance
efficiency
Cost
optimisation
Reliability

The Compute Optimizer findings for Amazon EC2 Auto Scaling groups are classified in the following ways:

Not optimized - An Auto Scaling group (ASG) is not optimized when AWS Compute Optimizer has identified a recommendation that can provide better performance or cost for your workload.

Optimized - An Auto Scaling group (ASG) is optimized when AWS Compute Optimizer determines that the ASG is correctly provisioned to run your workload, based on the chosen EC2 instance type.

With Auto Scaling group findings, AWS Compute Optimizer can help you optimize your ASGs by recommending optimal compute resources to reduce costs and improve performance, using machine learning (ML) on historical utilization metrics. You can take advantage of the actionable recommendations provided by Compute Optimizer to optimize your under-performing Auto Scaling groups and increase the overall performance of your workloads.

Note: AWS Compute Optimizer currently generates recommendations for Amazon EC2 Auto Scaling groups that are of a single instance type, and that have the same values for desired, minimum, and maximum capacity.


Audit

To check your AWS cloud account for Compute Optimizer Auto Scaling group findings, perform the following operations:

Using AWS Console

01 Sign in to AWS Management Console.

02 Navigate to AWS Compute Optimizer console at https://console.aws.amazon.com/compute-optimizer/.

03 In the navigation panel, under AWS Compute Optimizer, choose Dashboard. The Compute Optimizer dashboard provides an overview of the optimization opportunities for your Amazon EC2 Auto Scaling group resources based on the data that has been collected and analyzed for your current AWS account (or accounts if you are currently signed into the master account of your organization).

04 To clear any preselected filters, choose Clear filters next to the Regions filter.

05 Click inside the Regions filter, select Region, and choose the AWS region that you want to examine.

06 In the Auto Scaling groups section, check for any Auto Scaling group optimization findings listed under Findings as Not optimized. If one or more optimization findings have been identified, there are Amazon EC2 Auto Scaling groups that need to be optimized for performance and cost, available in the selected AWS region.

07 Change the AWS cloud region using the Regions filter controls and repeat the audit process for other regions.

Using AWS CLI

01 Run get-recommendation-summaries command (OSX/Linux/UNIX) with custom query filters to return the Auto Scaling group optimization findings identified in the selected AWS region (e.g. Asia Pacific – Sydney region):

aws compute-optimizer get-recommendation-summaries
	--region ap-southeast-2
	--query 'recommendationSummaries[?(recommendationResourceType==`AutoScalingGroup`)].summaries[]'

02 The command output should return the number of optimized and under-optimized Amazon EC2 Auto Scaling groups, identified in the selected region:

[
    {
        "name": "OPTIMIZED",
        "value": 0.0
    },
    {
        "name": "NOT_OPTIMIZED",
        "value": 2.0
    }
]

If the number of under-optimized Auto Scaling groups (highlighted) returned by the get-recommendation-summaries command output is positive, as shown in the example above, there are Amazon EC2 Auto Scaling groups that need to be optimized for performance and cost, available within the selected AWS region.

03 Change the AWS cloud region by updating the --region command parameter value and repeat the entire audit process for other regions.

Remediation / Resolution

To access, review, and implement the Compute Optimizer finding recommendations generated for your under-optimized Amazon EC2 Auto Scaling groups, perform the following operations:

Using AWS Console

01 Sign in to AWS Management Console.

02 Navigate to AWS Compute Optimizer console at https://console.aws.amazon.com/compute-optimizer/.

03 In the navigation panel, under Recommendations per AWS resource, choose Auto Scaling groups to access the optimization recommendations made by Compute Optimizer service for your Auto Scaling groups. Currently, AWS Compute Optimizer provides recommendations for Auto Scaling groups that have a fixed size and use a single instance type in the M, C, R, T, and X instance families.

04 To clear any preselected filters, choose Clear filters next to the Regions filter.

05 Click inside the Regions filter, select Region, and choose the AWS region that you want to access.

06 Click on the Not optimized (link) of the Auto Scaling group finding recommendation that you want to implement, to access the recommendation details.

07 On the selected recommendation page, review each option to identify the optimization recommendation that works best for you. When comparing Auto Scaling group instance configurations and determining which one best suits your workload needs, carefully weigh the possible validation efforts against the benefits. Decide whether to optimize for performance improvement, for cost reduction, or for a combination of these two. Take performance risk into account. Performance risk indicates the amount of effort you might need to spend in order to validate whether the selected recommendation meets the performance requirements of your workload.

08 Once you have chosen the best optimization recommendation option, choose Open in EC2 console to access the Amazon EC2 Auto Scaling group that you want to reconfigure. IMPORTANT: The following reconfiguration process assumes that the Auto Scaling group selected for optimization is NOT currently used in production or for critical operations.

09 Click on the Edit button from the console top menu to edit the selected Amazon EC2 Auto Scaling group configuration.

10 In the Launch template section, choose Create a launch template version to create a new launch template version from the existing version.

11 On the Modify template (Create new version) configuration page, in the Instance type section, select the appropriate instance type from the Instance Type dropdown list, based on the optimization recommendation provided by AWS Compute Optimizer. Choose Create template version to save the new launch template version.

12 Navigate back to the Auto Scaling group configuration page, click on the Refresh button next to the Version dropdown list, and choose the launch template version created at the previous steps. Choose Update to apply the configuration changes.

13 Click on the name of the reconfigured Amazon EC2 Auto Scaling group, select the Instance refresh tab, and choose Start instance refresh. An instance refresh allows you to trigger a rolling replacement of all previously launched instances within the Auto Scaling group with a new group of EC2 instances. In the confirmation box, select Start to initiate the instance refresh process. Once the process status is set to Successful, the operation is completed.

14 Repeat steps no. 6 – 13 for each Compute Optimizer finding identified in the selected AWS region.

15 Change the AWS cloud region using the Regions filter controls and repeat the remediation process for other regions.

Using AWS CLI

01 Run get-auto-scaling-group-recommendations command (OSX/Linux/UNIX) to retrieve the Amazon Resource Name (ARN) of each under-provisioned or over-provisioned EC2 instance identified in the selected AWS region (i.e. Asia Pacific - Sydney region):

aws compute-optimizer get-auto-scaling-group-recommendations
	--region ap-southeast-2
	--filters name=Finding,values=NotOptimized
	--query 'autoScalingGroupRecommendations[*].autoScalingGroupArn'

02 The command output should return the requested Amazon Resource Name(s):

[
	"arn:aws:autoscaling:us-east-1:123456789012:autoScalingGroup:abcd1234-abcd-1234-abcd-1234abcd1234:autoScalingGroupName/cc-project5-web-asg",
	"arn:aws:autoscaling:us-east-1:123456789012:autoScalingGroup:1234abcd-1234-abcd-1234-abcd1234abcd:autoScalingGroupName/cc-frontend-app-asg"
]

03 Run get-auto-scaling-group-recommendations command (OSX/Linux/UNIX) using the ARN of the under-optimized Auto Scaling group that you want to optimize as identifier parameter, to describe the optimization recommendations available for the selected Amazon EC2 Auto Scaling group:

aws compute-optimizer get-auto-scaling-group-recommendations
	--region ap-southeast-2
	--auto-scaling-group-arns arn:aws:autoscaling:us-east-1:123456789012:autoScalingGroup:abcd1234-abcd-1234-abcd-1234abcd1234:autoScalingGroupName/cc-project5-web-asg
	--query 'autoScalingGroupRecommendations[*]'

04 The command output should return the Compute Optimizer recommendations for the selected resource:

[
    {
         "accountId": "123456789012",
         "autoScalingGroupArn": "arn:aws:autoscaling:us-east-1:123456789012:autoScalingGroup:abcd1234-abcd-1234-abcd-1234abcd1234:autoScalingGroupName/cc-project5-web-asg",
         "autoScalingGroupName": "cc-project5-web-asg",
         "currentConfiguration": {
            "desiredCapacity": 1,
            "instanceType": "c5.2xlarge",
            "maxSize": 1,
            "minSize": 1
         },
         "finding": "NOT_OPTIMIZED",
         "lastRefreshTimestamp": 1605863334.320,
         "lookBackPeriodInDays": 14.0,
         "recommendationOptions": [
            {
               "configuration": {
                  "desiredCapacity": 1,
                  "instanceType": "c5.xlarge",
                  "maxSize": 1,
                  "minSize": 1
               },
               "performanceRisk": 1.0,
               "projectedUtilizationMetrics": [
                  {
                     "name": "CPU",
                     "statistic": "MAXIMUM",
                     "value": 44.83870967741935
                  }
               ],
               "rank": 1
            }
         ],
         "utilizationMetrics": [
            {
               "name": "cpi",
               "statistic": "MAXIMUM",
               "value": 50
            }
        ]
    }
]

05 Based on the information returned at the previous step by the get-auto-scaling-group-recommendations command output, review the optimization recommendations by analyzing the finding properties listed below. Review each option to identify the optimization recommendation that works best for you. When comparing Auto Scaling group instance configurations and determining which one best suits your workload needs, weigh the possible validation efforts against the benefits. Decide whether to optimize for performance improvement, for cost reduction, or for a combination of these two:

  1. "finding" - the finding classification returned for the selected Auto Scaling group (ASG).
  2. "autoScalingGroupName" - the name of the selected ASG.
  3. "currentConfiguration.instanceType" – the instance type used by the current group configuration.
  4. "lookBackPeriodInDays" - the number of days for which utilization metrics were analyzed for the selected ASG.
  5. "recommendationOptions[].instanceType" - the instance type recommended for the Auto Scaling group optimization.
  6. "recommendationOptions[].rank" - the rank of the instance recommendation option. The top recommendation option is ranked as 1.
  7. "recommendationOptions[].projectedUtilizationMetrics" - information that describes the projected utilization metrics of the instance recommendation option.
  8. "recommendationOptions[].performanceRisk" - the performance risk of the ASG recommendation option. The performance risk represents the likelihood of the recommended configuration not meeting the performance requirement of your workload. The lowest performance risk is categorized as 0, and the highest as 5.

06 Run describe-auto-scaling-groups command (OSX/Linux/UNIX) to describe the launch template associated with the Auto Scaling group (ASG) that you want to optimize:

aws autoscaling describe-auto-scaling-groups
	--region us-east-1
	--auto-scaling-group-name cc-project5-web-asg
	--query 'AutoScalingGroups[*].LaunchTemplate'

07 The command output should return the requested ASG information:

[
    {
        "LaunchTemplateName": "cc-web-asg-launch-template",
        "Version": "2",
        "LaunchTemplateId": "lt-0abcd1234abcd1234"
    }
]

08 Run create-launch-template-version command (OSX/Linux/UNIX) using the ID of the ASG launch template described at the previous step as identifier parameter, to create a new version for the selected launch template. The --source-version parameter value represents the version number of the launch template on which to base the new version. The new version inherits the same launch parameters as the source version, except for parameters that you specify for --launch-template-data. Configure the appropriate instance type for the "InstanceType" command parameter, based on the optimization recommendation provided by AWS Compute Optimizer:

aws ec2 create-launch-template-version
	--region us-east-1
	--launch-template-id lt-0abcd1234abcd1234
	--source-version 2
	--launch-template-data '{"InstanceType":"c5.xlarge"}'

09 The command output should return the metadata available for the new launch template version:

{
    "LaunchTemplateVersion": {
        "LaunchTemplateId": "lt-0abcd1234abcd1234",
        "LaunchTemplateName": "cc-web-asg-launch-template",
        "VersionNumber": 3,
        "LaunchTemplateData": {
            "SecurityGroupIds": [
                "sg-0abcd1234abcd1234"
            ],
            "ImageId": "ami-01234abcd1234abcd",
            "InstanceType": "c5.xlarge"
        },
        "CreateTime": "2020-11-22T10:00:00.000Z"
    }
}

10 Run update-auto-scaling-group command (OSX/Linux/UNIX) to apply the new ASG launch template configuration to the Amazon EC2 Auto Scaling group that you want to optimize (the command does not produce an output): IMPORTANT: The following reconfiguration process assumes that the Auto Scaling group selected for optimization is NOT currently used in production or for critical operations.

aws autoscaling update-auto-scaling-group
	--region us-east-1
	--auto-scaling-group-name cc-project5-web-asg
	--launch-template LaunchTemplateId=lt-0abcd1234abcd1234,Version=3

11 Run start-instance-refresh command (OSX/Linux/UNIX) to start the instance refresh process for the optimized Auto Scaling group (ASG). An instance refresh allows you to trigger a rolling replacement of all previously launched instances within the Auto Scaling group with a new group of EC2 instances:

aws autoscaling start-instance-refresh
	--region us-east-1
	--auto-scaling-group-name cc-project5-web-asg

12 The command output should return the ID of the instance refresh process:

{
    "InstanceRefreshId": "abcd1234-abcd-1234-abcd-1234abcd1234"
}

13 Repeat steps no. 3 – 12 for each under-optimized Amazon EC2 Auto Scaling group (finding) identified in the selected AWS region.

14 Change the AWS region by updating the --region command parameter value and repeat the entire remediation process for other regions.

References

Publication date Dec 14, 2020

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Compute Optimizer Auto Scaling Group Findings

Risk Level: Medium