Profile Applicability

  • Level 2

Description

Capacity Rebalancing is a feature in Amazon EC2 Auto Scaling that proactively replaces Spot Instances at risk of interruption. When the Spot service detects that an instance is at elevated risk, it sends a rebalance recommendation. Enabling Capacity Rebalancing ensures that the Auto Scaling group launches replacement instances before the at-risk instances are interrupted, improving workload availability and resilience.

Rationale

  • Improved Availability: Proactively replaces Spot Instances at risk of interruption, reducing downtime.

  • Enhanced Fault Tolerance: Ensures workloads remain operational during Spot capacity fluctuations.

  • Cost Optimization: Maintains desired capacity by leveraging Spot Instances effectively.

Impact

Pros:

  • Reduces the risk of service disruptions caused by Spot Instance interruptions.

  • Improves workload resilience and availability.

  • Automates the replacement of at-risk instances.

Cons:

  • May increase costs if replacement instances are launched before interruptions occur.

  • Requires proper configuration of Spot Instances and allocation strategies.

Default Value

By default, Capacity Rebalancing is not enabled for Auto Scaling groups. It must be explicitly configured.

Pre-Requisite

IAM Permissions Required:

  • autoscaling:UpdateAutoScalingGroup

  • autoscaling:DescribeAutoScalingGroups

  • AWS CLI installed and configured.

Remediation

Test Plan:

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to EC2 > Auto Scaling Groups.

  3. Select the Auto Scaling Group to check its configuration.

  4. Under the Details tab, verify if Capacity Rebalancing is enabled.

Using AWS CLI:

  1. Describe the Auto Scaling Group:

    aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names <asg-name>

  2. Check the CapacityRebalance field in the output. Ensure it is set to true.

Implementation Steps:

Using AWS Console:

  1. Navigate to EC2 > Auto Scaling Groups.

  2. Select the Auto Scaling Group to update.

  3. Click Edit and enable Capacity Rebalancing under the Instance Management section.

  4. Save the updated configuration.

Using AWS CLI:

  1. Enable Capacity Rebalancing for the Auto Scaling Group:

    aws autoscaling update-auto-scaling-group \
--auto-scaling-group-name <asg-name> \
--capacity-rebalance

  1. Verify the updated configuration:

    aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names <asg-name>

Backout Plan

Using AWS Console:

  1. If enabling Capacity Rebalancing causes issues, sign in to the AWS Management Console.

  2. Navigate to EC2, then to Auto Scaling Groups.

  3. Select the Auto Scaling Group and go to the Capacity Rebalancing section.

  4. Disable Capacity Rebalancing by unchecking the box.

  5. Save the changes and verify that Capacity Rebalancing is no longer enabled.

Using AWS CLI:

  1. To disable Capacity Rebalancing, run:

    aws autoscaling update-auto-scaling-group --auto-scaling-group-name <ASG_NAME> --no-capacity-rebalancing

  2. Verify that Capacity Rebalancing has been disabled:

    aws autoscaling describe-auto-scaling-groups --auto-scaling-group-name <ASG_NAME>

References

CIS Controls

Version

Control ID

Control Description

IG1

IG2

IG3

v8

5.3

Securely Manage Network Infrastructure – Ensure network devices are resilient and fault-tolerant.

v8

13.2

Ensure Secure Network Communication – Implement measures that prevent disruption during network changes.