Profile Applicability:
Level 2

Description:
EC2 Auto Scaling Groups (ASGs) can be configured to span multiple Availability Zones (AZs) within a region. This setup ensures higher availability and fault tolerance by distributing instances across multiple AZs, protecting applications from AZ-level failures. This control verifies that ASGs are configured to use multiple AZs.

Rationale:
Using multiple AZs increases application resilience and availability by eliminating single points of failure. It aligns with AWS best practices for designing highly available and fault-tolerant systems.

Impact:
Pros:

  • Enhances fault tolerance and availability

  • Improves load distribution across AZs

  • Supports disaster recovery planning

Cons:

  • Slightly higher data transfer and management overhead

  • Requires appropriate subnet configurations across AZs

Default Value:
ASGs may default to a single AZ if only one subnet is specified during creation.

Pre-requisites:

  • IAM permissions to describe and modify ASGs (autoscaling:DescribeAutoScalingGroups, autoscaling:UpdateAutoScalingGroup)

  • Access to AWS CLI or Console

Test Plan:

Using AWS CLI:

  1. List all Auto Scaling Groups with their AZs:

    aws autoscaling describe-auto-scaling-groups --query "AutoScalingGroups[*].[AutoScalingGroupName,AvailabilityZones]" --output table

  2. Verify that each ASG has more than one Availability Zone listed.

Using AWS Console:

  1. Navigate to EC2 > Auto Scaling Groups.

  2. Select each ASG and review the Details tab.

  3. Check the Availability Zones section for multiple AZs.

Implementation Plan:

Using AWS Console:

  1. Navigate to EC2 > Auto Scaling Groups.

  2. Select the ASG to modify.

  3. Click Edit.

  4. Under Network, select additional Availability Zones by choosing the corresponding subnets.

  5. Save the changes.

Using AWS CLI:

  1. Update the ASG to include multiple AZs:

    aws autoscaling update-auto-scaling-group --auto-scaling-group-name <ASG_NAME> --availability-zones <AZ1> <AZ2> [<AZ3> ...]

  2. Verify the update:

    aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names <ASG_NAME> --query "AutoScalingGroups[0].AvailabilityZones"

Backout Plan:

Using AWS Console:

  1. Edit the ASG and reduce the number of AZs to the previous configuration.

  2. Save and verify ASG health and instance distribution.

Using AWS CLI:

  1. Revert AZ configuration by running:

    aws autoscaling update-auto-scaling-group --auto-scaling-group-name <ASG_NAME> --availability-zones <PREVIOUS_AZ_LIST>

  2. Check ASG status and instance placement.

References: