AWS Auto Scaling
      Back to home
      1. CNS Policies
      2. AWS Knowledge Base
      3. AWS Auto Scaling

      Auto Scaling Groups Multiple Availability Zones Not Enabled

      This plugin ensures that ASGs are created to be cross-AZ for high availability.

      Risk Level: Medium

      Description

      This plugin ensures that ASGs are created to be cross-AZ for high availability. AWS can experience downtime in one or more zones at some point of time. To ensure the smooth functioning of your instances, AWS Auto Scaling Groups must be configured with multiple availability zones. It will automatically create an instance in another zone if one is facing downtime.

      About the Service

      AWS Auto Scaling: As the name suggests, AWS AutoScaling monitors the running resources and if required, increases the scaling capability at the lowest possible costs. AutoScaling is easy to set up and automatically maintains performance of your cloud infrastructure.

      Impact

      With just a single availability zone, your instance server can face downtime in case AWS is facing some issues in that region. To ensure smooth functioning of your instance, AutoScaling groups must be set up in multiple Availability Zones as it will create instances in another zone when one is facing downtime.  

      Steps to Reproduce

      Using AWS Console-

      1. Log In to your AWS Console.
      2. Open the Amazon EC2 Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
      3. Scroll down and select Auto Scaling Groups under the Auto Scaling section from the left pane.
      4. A list of Auto Scaling Groups will be displayed, select the one you want to investigate by clicking on its Name.
      5. Move to the Network section. Check the number of Availability Zones. It is recommended to have at least two zones for a group.
      6. Repeat steps 3 to 5 for all the Auto Scaling groups you want to investigate.

      Steps for Remediation

      Modify the autoscaling group to enable scaling across multiple availability zones.

      1. Log In to your AWS Console.
      2. Open the Amazon EC2 Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
      3. Scroll down and select Auto Scaling Groups under the Auto Scaling section from the left pane.
      4. A list of Auto Scaling Groups will be displayed, select the vulnerable auto scaling group by clicking on its Name.
      5. Move to the Network section and click on Edit from the top right corner.
      6. Add subnets from other regions as well from the Subnets drop down menu. Click on Update after doing the changes.
      7. Repeat steps 3 to 6 for all the vulnerable Auto Scaling groups.