High Availability for EC2 using Auto Scaling Groups, and some STRESS!
The 4-1-1 on Auto Scaling Groups in AWS
An Auto Scaling group contains a collection of EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also lets you use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. The overall benefit of Auto Scaling is that it eliminates the need to respond manually in real-time to traffic spikes that merit new resources and instances by automatically changing the active number of servers.
Why we’re here; a challenge accepted
→Create a VPC with cidr 10.10.0.0/16
→Create three public subnets with 10.10.1.0/24 & 10.10.2.0/24 & 10.10.3.0/24
→Create an autoscaling group using t2.micro instances. All instances should have apache installed on each instance with the ability to check any random IP address and be able to produce a test page.
→The autoscaling min and max should be 2 and 5.
→Create an Application Load Balancer for autoscaling group distribution.
→Create web server security group that allows inbound traffic from HTTP from your Application Load Balancer.
→Create a load balancer security group that allows inbound traffic from HTTP from 0.0.0.0/0.
But wait, there’s more! An advanced bonus challenge…STRESS!
→Add a target policy for the ASG to scale after cpu utilization is above 50%. After the autoscaling group has been created, find a stress tool to be able to stress an instance above 50% to see if your scaling policy works!
A few items in advance
✔︎An AWS account. The free tier account is good and valid for 12 months.
✔︎Some fair knowledge of AWS service offerings, AWS console & CLI usage.
✔︎General understanding of networking principles & configurations.
Let’s start by creating the VPC & public subnets.
Login to your AWS account and search for VPC in the upper search bar, then click the orange Create VPC button.
We next land on the Create VPC page. Here we select VPC and more for resources to create. This eliminates the need to additionally create the internet gateway or route table. Next, enter a name for the Name tag auto-generation, enter the CIDR block of 10.10.0.0/16. Select 3 Availability Zones (AZs). A Public subnet is defined within each of the 3 AZs. There are zero private subnets for this exercise. Both DNS options are checked by default to enable DNS hostnames and DNS resolution. Click orange Create VPC button at the bottom of the page to continue.
A green success message is the desired result. A summary of the VPC resources created will be presented.
Use EC2 Instances to create the Auto Scaling Group
Navigate to EC2 > Launch Templates and click the orange Create launch template button to begin creating the EC2 instance.
On the Create launch template page, enter a Launch template name and Template version description. Checking the box for Provide guidance to help me set up a template that I can use with EC2 Auto-Scaling will guide you during Auto Scaling creation.
Next the Amazon Machine Image (AMI) is created. This is the OS version that will be running on the instance we create. Select the Quick Start tab, choose Amazon Linux or any Free tier eligible OS, to avoid AWS charges.
Continuing down the page, choose t2.micro as the the Instance type to ensure Free tier eligibility. For Key pair, an existing Key pair will be used. We’ll need the Key pair to SSH into the EC2 instances. You can either choose an existing one or create as new. If you create a new Key pair, make sure to save as .pem in a location that you can locate with ease.
Continue to Network setting to create a new security group under Firewall (security groups). Enter a security group name and description. From the VPC dropdown, select the new VPC created in the above steps.
Now we create the Inbound security groups rules. For Type, choose HTTP and SSH. For Source type, choose Anywhere. This allows Inbound traffic on Port#’s 80 and 22.
Expand the Advanced network configuration arrow and select Enable from the Auto-assign public IP dropdown. There are no other changes in the Advanced network configuration section.
Proceed down the page and expand Advanced details, then scroll down to the User data section. This is where the BASH script originates to auto install and enable Apache on each instance. Enter your script details.
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<html><body><h1>Hello World and Greetings Red Team</h1></body></html>" > /var/www/html/index.htmlOnce the script details are in place, expand the Summary to review the details, then click the orange Create launch template button.
The next screen will confirm successfully creation and shows the Action log details. Click on the orange View launch templates button and the bottom of the screen.
The Launch template created will be shown. Go down the page to the bottom right and click Auto Scaling Groups.
Continue by clicking the orange Create Auto Scaling group button.
On the Auto Scaling group page, enter an Auto Scaling group name, then choose the Launch template that was added in the previous step. Click Next to continue.
Choosing instance launch options is next. Select the VPC that created earlier and click on each of the 3 new public subnets under Availability Zones and subnets. Click Next to continue.
On the Configure advanced options page click the box for Attach to a new load balancer under Load balancing options. For Load balancer type, select Application Load Balancer. For Load balancer scheme, choose Internet-facing. The public subnets will be shown under VPC. Scroll further down to Listeners and routing and make sure the Protocol is HTTP and the Port is 80. For Default routing, choose Create target group from the dropdown, and create the New target group name. Continue down to Additional Settings and check Enable group metrics collection within CloudWatch under Monitoring. Click Next to continue.
On the Configure group size and scaling policies page, enter options for Group size with Desired capacity=2, Minimum capacity=2, and Maximum capacity=5. Under Scaling policies section, select Target tracking scaling policy. Confirm that the target value is 50. Click Next to continue.
Steps 5 and 6 are skipped on the Create Auto Scaling group page. Continue scrolling to the bottom of the page and click Create Auto Scaling group.
A success confirmation for the Auto Scaling group creation is received.
Go to the EC2 Instances to see the instances running that were just created.
Obtain the the Public IP Address for each instance and copy it in your local browser. You should see your successful test message.
This is a successful confirmation of the new EC2 instances. The foundational work is complete.
Now for the advanced bonus challenge →STRESS!
SSH into your new EC2 instances to install the stress tool by executing these commands with sudo priveleges.
sudo amazon-linux-extras install epel -y
sudo yum install stress -yInstallation confirmed. An optional uptime can be run to see a minimal load on the instance currently.
Next, execute this command to induce CPU load on the instance.
sudo stress --cpu 1 --timeout 300Another optional uptime check shows the load beginning to rise.
Return to the AWS Console. Go to CloudWatch, choosing All alarms on the left side of the page.
An Auto Scaling Group (ASG) alarm in the state of In alarm is shown.
Select the alarm to view further utilization details.
Return to EC2 Instances. Another instance has been automatically created.
Further stress induced, scales more new instances to help balance the load.
An important final step
Remember to stop all running EC2 instances and delete all of the resources created during this exercise. This avoids unwanted bills from AWS.
Summary
You have both successfully configured Auto Scaling for your EC2 instances and tested this scalability when placed under load. Your EC2 environment can now be deemed highly available. You are production ready!
This is why Amazon smiles!
