Amazon EC2 Auto Scaling groups
An Amazon EC2 Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management. An Auto Scaling group also lets you use Amazon EC2 Auto Scaling features such as health check replacements and scaling policies. Both maintaining the number of instances in an Auto Scaling group and automatic scaling are the core functionality of the Amazon EC2 Auto Scaling service.
Using zonal shift for Auto Scaling groups
To enable zonal shift, use one of the following methods.
To trigger a zonal shift, see Starting, updating, or canceling a zonal shift.
How zonal shift works for Auto Scaling groups
Suppose you have an Auto Scaling group with the following Availability Zones:
us-east-1aus-east-1bus-east-1c
You notice failures in us-east-1a and trigger a zonal shift.
The following behaviors occur when a zonal shift is triggered in us-east-1a.
Scaling out – Auto Scaling will launch all new capacity requests in the healthy Availability Zones (
us-east-1bandus-east-1c).Dynamic scaling – Auto Scaling will block scaling policies from decreasing desired capacity. Auto Scaling will not block scaling policies from increasing desired capacity.
Instance refresh – Auto Scaling will extend the time out for any instance refresh process that is delayed during an active zonal shift.
Impaired Availability Zone health check behavior selection Health check behavior Replace unhealthy Instances that appear unhealthy will be replaced in all Availability Zones ( us-east-1a,us-east-1b, andus-east-1c).Ignore unhealthy Instances that appear unhealthy will be replaced in us-east-1bandus-east-1c. Instances will not be replaced in the Availability Zone with the active zonal shift (us-east-1a).
Best practices for using zonal shift
To maintain high availability for your applications when using zonal shift, we recommend the following best practices.
-
Monitor EventBridge notifications to determine when there is an ongoing availability zone impairment event. For more information, see Automating Amazon EC2 Auto Scaling with Event Bridge.
-
Use scaling policies with appropriate thresholds to make sure that you have enough capacity to tolerate the loss of an availability zone.
-
Set an instance maintenance policy with a minimum healthy percentage of 100. With this setting, Auto Scaling waits for a new instance to be ready to use before terminating an unhealthy instance.
For prescaled customers, we also recommend the following:
-
Select Ignore unhealthy as the health check behavior for the impaired availability zone because you don't need to replace the unhealthy instance during the impairment event.
-
Use zonal autoshift in ARC for your Auto Scaling groups. The zonal autoshift capability in Amazon Application Recovery Controller (ARC) allows AWS to shift traffic for a resource away from an availability zone when AWS detects an impairment in an availability zone. For more information, see Zonal autoshift in ARC in the Amazon Application Recovery Controller (ARC) Developer Guide.
For customers with cross-zone disabled load balancers, we also recommend:
-
Use balanced only for your availability zone distribution.
-
If you are using zonal shift on both your Auto Scaling group and your load balancers, make sure to cancel the zonal shift on your Auto Scaling group first. Then, wait until the capacity is balanced across all availability zones. before you cancel the zonal shift on the load balancer.
-
Because of the possibility of imbalanced capacity when you enable zonal shift and you use a cross-zone disabled load balancer, Auto Scaling has an extra validation. If you are following the best practices, you can acknowledge this possibility by selecting the checkbox in the AWS Management Console or using the
skip-zonal-shift-validationflag inCreateAutoScalingGroup,UpdateAutoScalingGroup, orAttachTrafficSources.
