Demo of EC2 Auto Scaling

This is Part II of Introduction to EC2 Auto Scaling
This blog has been written for AWS UG Madurai - AWS Cloud Practitioner BOOT CAMP

We are going to use us-east-1 region for this workshop

Table of Contents

Step 1. Create a Key Pair

1. Navigate to EC2 > Key Pairs > Create Key Pair

Step 2. Create a Security Group

1. We are going to create two Security Groups and use Security Group chaining concept

2. Navigate to EC2 > Security Groups > Create a new security group for your ALB, and set the following values:

   • Name: ALBSG
   • Add two Inbound rules to allow HTTP traffic from 0.0.0.0/0 and ::/0 (IPV6)
   • Create another Security Group with a rule to allow SSH from your IP and another rule to allow HTTP from ALBSG

Step 3. Create an Application Load Balancer

1. Navigate to EC2 > Load Balancers.
2. Click Create Load Balancer.

3. Click the Create button under the Application Load Balancer and set the following values:

   • Name: ASALB
   • Scheme: internet-facing
   • IP address type: ipv4
   • Load Balancer Protocol: HTTP
   • Port: 80
   • Leave the default VPC.
   • Select us-east-1a and us-east-1b AZs.

4. Click Next: Configure Security Settings

   • Note: Ignore the warning as we are not using HTTPS.
5. Select AppLBSG and Click Next

6. Configure Routing and enter the following values:

   • Name: ASALBTG
   • Target type: Instance
   • Protocol: HTTP
   • Port: 80

7. Expand Advanced health check settings, and reduce the healthy and unhealthy threshold checks to 2.

   • Note: This means the load balancer can respond faster and instances come into service and vice versa.
8. Click Next: Register Targets.
9. Click Next: Review.
10. Click Create

11. Copy DNS Name of the load balancer, open a new tab and enter the URL http://DNS Name.

    • The URL will error with 503 Service Temporarily Unavailable as we have no operational EC2 instances associated with the load balancer at this stage.

Step 4. Create a Launch Template

We can use Launch template or Launch Configurations. Launch Template are prefered over Launch Configurations as we can have different versions of the template. Also we can't modify a launch configuration after we have created it.

Create a launch template that will be used by the Auto Scaling group. The launch template defines what the instances are and how they are created.

1. Navigate to EC2 > Instances > Launch Templates.
2. Create a new template, and call it ASLT for the name.
3. Select Provide guidance to help me set up a template that I can use with EC2 Auto Scaling
4. Search for AMI, and pick the Amazon Linux.
5. Set the instance type as t2.micro.
6. Select key pair you created earlier.
7. Select the EC2SG security group you created earlier.

8. Expand Advanced Details, and paste the following user data.

   • Note: These are commands to install a web server and download website content.
9. Click Create Launch Template.
10. Click Close.

#!/bin/bash
yum update -y
yum install -y httpd
yum install -y wget
cd /var/www/html
curl http://169.254.169.254/latest/meta-data/local-hostname > index.html
service httpd start

sudo amazon-linux-extras install epel -y 
sudo yum install -y stress

Step 5. Create an Auto Scaling Group

Note: Make sure the load balancer is ready at this point.

1. EC2 > Auto Scaling > Auto Scaling Groups
2. Click Create Auto Scaling group.
3. Call the group ASG.
4. Select Launch Template, and choose the template named ASLT.
5. We are using default VPC, which will be selected, so select us-east-1a and us-east-1b as subnets.
6. Click Next.
7. Select Attach to an existing load balancer.
8. Select target group ASALBTG.
9. Leave the default for Health checks, which is EC2.
10. Select Enable group metrics collection with CloudWatch.

11. For Group Size, enter the following values:

    • Desired Capacity: 2
    • Minimum Capacity: 2
    • Maximum Capacity: 6

12. For Scaling Policies, select Target Tracking Policy and enter the following values:

    • Scaling Policy Name: Target Tracking Policy
    • Metric type: Average CPU utilization
    • Target value: 30
    • Instances need: 300
13. Click Next at Add Notifications.
14. Click Next at Add tags.
15. Click Create Auto Scaling Group.

Step 6. Verification and Monitoring

1. Connect to one of the EC2 instances via SSH by running chmod 400 AS-KP.pem and ssh -i "AS-KP.pem" [email protected]
2. Put some CPU load on the server by executing stress --cpu 4 --timeout 300
3. After a few minutes, watch the number of instances increase under EC2 or ASG > Instance Management. It enacts the scale-out policy.
4. After a few minutes, the stress test will stop and the ASG enacts the scale-in policy.
5. Navigate to EC2 > Auto Scaling > Auto Scaling Groups > Activity and check under Activity History, there should be two or more EC2 instances launched
6. Copy DNS Name of the load balancer, open a new tab and enter the URL http://DNS Name. Keep refreshing a few times, you would start seeing something similar to ip-XXX-XX-XX-XXX.ec2.internal and another ip-YYY-YY-YY-YYY.ec2.internal

Here is a sample of the stress test:

[ec2-user@ip ~]$ stress --cpu 4 --timeout 300
stress: info: [3598] dispatching hogs: 4 cpu, 0 io, 0 vm, 0 hdd
stress: info: [3598] successful run completed in 300s

Scale Out

CloudWatch Metric

Auto Scaling Groups Activity

Scale In

Clean Up

1. Delete ASG under Auto Scaling groups.
2. Delete ASLT under Launch Templates
3. Delete ASALB under Load Balancers
4. Wait until the Load balancer ASALB is deleted adn then delete ASALBTG under Target Groups
5. Delete AS-KP under Key Pairs
6. Delete Security Groups EC2SG first and then AppLBSG due to Security Group chaining.

Summary

• Use Security Group chanining to improve security of your application
• Best practice is to scale out fast and scale in slowly to prevent oscillation
• There should be a gap between scale-in and scale-out thresholds with step scaling, for example, lets say you have 3 instances, and the CPU goes to 60%, triggering the +1 step scaling policy. If the load stays constant, it will now be distributed to all 4 instances and the average CPU will drop to around 45% and the scale-in alarm will go off. This will then keep happening in a loop until the load goes up or down enough for one of the alarms to stay in the alarm state and the ASG reaches the minimum or maximum.

Referrals