Description:  

The health status of an Auto Scaling instance is either healthy or unhealthy. All instances in your Auto Scaling group start in a healthy state. Instances are assumed to be healthy unless Amazon EC2 Auto Scaling receives notification that they are unhealthy. This notification can come from one or more of the following sources: Amazon EC2, Elastic Load Balancing (ELB), or a custom health check.  After Amazon EC2 Auto Scaling marks an instance as unhealthy, it is scheduled for replacement. If you do not want instances to be replaced, you can suspend the health check process for any individual Auto Scaling group.


Rationale:

Elastic Load Balancing automatically distributes your incoming application traffic across all the EC2 instances that you are running. Elastic Load Balancing helps to manage incoming requests by optimally routing traffic so that no one instance is overwhelmed.


Impact:

It ensures that your Auto Scaling group can determine instance health based on additional load balancer tests, configure the Auto Scaling group to use Elastic Load Balancing (ELB) health checks. The load balancer periodically sends pings, attempts connections, or sends requests to test the EC2 instances and determines if an instance is unhealthy.


Default Value:  

 These health checks are enabled. 


Prerequisites:

  • Sign as an Admin or IAM user with the required permissions.

  • If you attach multiple load balancer target groups or Classic Load Balancers to the group, all of them must report that an instance is healthy for it to consider the instance healthy.



Remediation


Test Plan:

  1. Sign in to the AWS Management Console.
  2.  Go to the EC2 dashboard at https://console.aws.amazon.com/ec2/.
  3.  In the left navigation panel, Under the AUTO SCALING section, choose Auto Scaling Groups.
  4.  Select the AWS ASG that you want to examine.
  5. Select the Details tab from the dashboard bottom panel and verify the ASG health check configuration details: 
  6. see whether the ELB Health Check is enabled or not 

  7. check the health check type configuration status, if the status is set to EC2.

  8. if the ASG is not using a load balancer, i.e. the load balancer property value is empty, for example: 

  9. check  the health check type configuration status, if the current status is set to ELB



Using AWS CLI:

To know the auto scaling group health check type is ELB or not 

aws autoscaling describe-auto-scaling-groups
  --region <region-name>
  --auto-scaling-group-names <asg-name>

Implementation Steps

  1. Sign in to the AWS Management Console.

  2. Open the Amazon EC2 Auto Scaling console at https://console.aws.amazon.com/ec2autoscaling/

  3. Select the Auto Scaling Group  

  4. A split pane opens up in the bottom part of the Auto Scaling groups page, showing information about the group that's selected. On the Details tab

  5. Choose Health checks, Click on Edit 

  6. Check the check box of an ELB and mention the Health check Grace period 

  7. Choose Update to update the configurations. 


Using AWS CLI:

  • To update the health check of ELB


    aws autoscaling update-auto-scaling-group
--region <region-name>
--auto-scaling-group-name <asg-name>
--health-check-type ELB

    To update the health check ELB with grace period

    aws autoscaling update-auto-scaling-group
--region <region-name>
--auto-scaling-group-name <asg-name>
--health-check-type ELB
--health-check-grace-period 300

    Back out plan:

    1. Sign in to the AWS Management Console.

    2. Go to the EC2 dashboard at https://console.aws.amazon.com/ec2/.

    3. In the left navigation panel, Under the AUTO SCALING section, choose Auto Scaling Groups.

    4. Select the AWS ASG that you want to examine.

    5. Select Details   tab from the dashboard bottom panel and verify the ASG health check configuration details:

    6. Click on Edit

    7. Uncheck the check box of ELB

    8. Click on Update 



    Using AWS CLI:


    To disable the ELB in the Auto scaling group
    aws autoscaling update-auto-scaling-group \
    --auto-scaling-group-name my-asg \
    --health-check-type ELB
    --no-enabled

    Note: 

    Because the interval between marking an instance unhealthy and its actual termination is so small, attempting to set an instance's health status back to healthy with the set-instance-health command or the SetInstanceHealth operation is probably useful only for a suspended group.


    References: