aws-cloudformation-auto-scaling

AWS CloudFormation Auto Scaling

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "aws-cloudformation-auto-scaling" with this command: npx skills add giuseppe-trisciuoglio/developer-kit/giuseppe-trisciuoglio-developer-kit-aws-cloudformation-auto-scaling

AWS CloudFormation Auto Scaling

Overview

Create production-ready Auto Scaling infrastructure using AWS CloudFormation templates. This skill covers Auto Scaling Groups for EC2, ECS, and Lambda, launch configurations, launch templates, scaling policies, lifecycle hooks, and best practices for high availability and cost optimization.

When to Use

Use this skill when:

  • Creating Auto Scaling Groups for EC2 instances

  • Configuring Launch Configurations or Launch Templates

  • Implementing scaling policies (step, target tracking, simple)

  • Adding lifecycle hooks for lifecycle management

  • Creating scaling for ECS services

  • Implementing Lambda provisioned concurrency scaling

  • Organizing templates with Parameters, Outputs, Mappings, Conditions

  • Implementing cross-stack references with export/import

  • Using mixed instances policies for diversity

CloudFormation Template Structure

Base Template with Standard Format

AWSTemplateFormatVersion: 2010-09-09 Description: Auto Scaling group with load balancer

Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Auto Scaling Configuration Parameters: - MinSize - MaxSize - DesiredCapacity - Label: default: Instance Configuration Parameters: - InstanceType - AmiId

Parameters: MinSize: Type: Number Default: 2 Description: Minimum number of instances

MaxSize: Type: Number Default: 10 Description: Maximum number of instances

DesiredCapacity: Type: Number Default: 2 Description: Desired number of instances

InstanceType: Type: String Default: t3.micro AllowedValues: - t3.micro - t3.small - t3.medium - t3.large

AmiId: Type: AWS::EC2::Image::Id Description: AMI ID for instances

Mappings: EnvironmentConfig: dev: InstanceType: t3.micro MinSize: 1 MaxSize: 3 staging: InstanceType: t3.medium MinSize: 2 MaxSize: 6 production: InstanceType: t3.large MinSize: 3 MaxSize: 12

Conditions: IsProduction: !Equals [!Ref Environment, production] UseSpotInstances: !Or [!Equals [!Ref Environment, dev], !Equals [!Ref Environment, staging]]

Resources:

Auto Scaling Group

MyAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: AutoScalingGroupName: !Sub "${AWS::StackName}-asg" MinSize: !Ref MinSize MaxSize: !Ref MaxSize DesiredCapacity: !Ref DesiredCapacity VPCZoneIdentifier: !Ref SubnetIds LaunchConfigurationName: !Ref MyLaunchConfiguration LoadBalancerNames: - !Ref MyLoadBalancer HealthCheckType: ELB HealthCheckGracePeriod: 300 TerminationPolicies: - OldestInstance - Default Tags: - Key: Environment Value: !Ref Environment PropagateAtLaunch: true - Key: ManagedBy Value: CloudFormation PropagateAtLaunch: true

Outputs: AutoScalingGroupName: Description: Name of the Auto Scaling Group Value: !Ref MyAutoScalingGroup

Parameters Best Practices

AWS-Specific Parameter Types

Parameters:

AWS-specific types for validation

InstanceType: Type: AWS::EC2::Instance::Type Description: EC2 instance type

AmiId: Type: AWS::EC2::Image::Id Description: AMI ID for instances

SubnetIds: Type: List<AWS::EC2::Subnet::Id> Description: Subnets for Auto Scaling group

SecurityGroupIds: Type: List<AWS::EC2::SecurityGroup::Id> Description: Security groups for instances

LoadBalancerArn: Type: AWS::ElasticLoadBalancingV2::LoadBalancer::Arn Description: Application Load Balancer ARN

TargetGroupArn: Type: AWS::ElasticLoadBalancingV2::TargetGroup::Arn Description: Target Group ARN for ALB

LaunchTemplateId: Type: AWS::EC2::LaunchTemplate::LaunchTemplateId Description: Launch template ID

ScalingPolicyArn: Type: AWS::AutoScaling::ScalingPolicy::Arn Description: Scaling policy ARN

Parameter Constraints

Parameters: MinSize: Type: Number Default: 1 Description: Minimum number of instances MinValue: 0 MaxValue: 1000 ConstraintDescription: Must be between 0 and 1000

MaxSize: Type: Number Default: 10 Description: Maximum number of instances MinValue: 1 MaxValue: 1000 ConstraintDescription: Must be between 1 and 1000

DesiredCapacity: Type: Number Default: 2 Description: Desired number of instances MinValue: 0 MaxValue: 1000

InstanceType: Type: String Default: t3.micro Description: EC2 instance type ConstraintDescription: Must be a valid EC2 instance type

AmiId: Type: AWS::EC2::Image::Id Description: AMI ID

EnvironmentName: Type: String Default: dev Description: Deployment environment AllowedValues: - dev - staging - production ConstraintDescription: Must be dev, staging, or production

SSM Parameter References

Parameters: LatestAmiId: Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id> Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2 Description: Latest Amazon Linux 2 AMI from SSM

InstanceConfiguration: Type: AWS::SSM::Parameter::Value<String> Default: /myapp/instance-configuration Description: Instance configuration from SSM

Outputs and Cross-Stack References

Export/Import Patterns

Stack A - Network and Auto Scaling Stack

AWSTemplateFormatVersion: 2010-09-09 Description: Auto Scaling infrastructure stack

Resources: MyAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: AutoScalingGroupName: !Sub "${AWS::StackName}-asg" MinSize: 2 MaxSize: 10 DesiredCapacity: 2 VPCZoneIdentifier: !Ref SubnetIds LaunchConfigurationName: !Ref MyLaunchConfiguration

Outputs: AutoScalingGroupName: Description: Name of the Auto Scaling Group Value: !Ref MyAutoScalingGroup Export: Name: !Sub "${AWS::StackName}-AutoScalingGroupName"

AutoScalingGroupArn: Description: ARN of the Auto Scaling Group Value: !Sub "arn:aws:autoscaling:${AWS::Region}:${AWS::AccountId}:autoScalingGroup:*:autoScalingGroupName/${MyAutoScalingGroup}" Export: Name: !Sub "${AWS::StackName}-AutoScalingGroupArn"

LaunchConfigurationName: Description: Name of the Launch Configuration Value: !Ref MyLaunchConfiguration Export: Name: !Sub "${AWS::StackName}-LaunchConfigurationName"

Stack B - Application Stack (imports from Stack A)

AWSTemplateFormatVersion: 2010-09-09 Description: Application stack using Auto Scaling from infrastructure stack

Parameters: InfraStackName: Type: String Default: infra-stack Description: Name of the infrastructure stack

Resources: ScalingPolicy: Type: AWS::AutoScaling::ScalingPolicy Properties: PolicyName: !Sub "${AWS::StackName}-scale-up" PolicyType: StepScaling AdjustmentType: PercentChangeInCapacity Cooldown: 300 StepAdjustments: - MetricIntervalLowerBound: 0 MetricIntervalUpperBound: 10000 ScalingAdjustment: 200 - MetricIntervalLowerBound: 10000 ScalingAdjustment: 400 AutoScalingGroupName: !ImportValue !Sub "${InfraStackName}-AutoScalingGroupName"

Nested Stacks for Modularity

AWSTemplateFormatVersion: 2010-09-09 Description: Main stack with nested Auto Scaling stacks

Resources:

Nested stack for EC2 Auto Scaling

EC2AutoScalingStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: https://s3.amazonaws.com/bucket/ec2-asg.yaml TimeoutInMinutes: 15 Parameters: Environment: !Ref Environment InstanceType: !Ref InstanceType MinSize: !Ref MinSize MaxSize: !Ref MaxSize

Nested stack for scaling policies

ScalingPoliciesStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: https://s3.amazonaws.com/bucket/scaling-policies.yaml TimeoutInMinutes: 15 Parameters: AutoScalingGroupName: !GetAtt EC2AutoScalingStack.Outputs.AutoScalingGroupName Environment: !Ref Environment

Launch Configurations

Base Launch Configuration

AWSTemplateFormatVersion: 2010-09-09 Description: Auto Scaling with Launch Configuration

Parameters: InstanceType: Type: String Default: t3.micro

AmiId: Type: AWS::EC2::Image::Id

KeyName: Type: AWS::EC2::KeyPair::KeyName

Resources: MyLaunchConfiguration: Type: AWS::AutoScaling::LaunchConfiguration Properties: LaunchConfigurationName: !Sub "${AWS::StackName}-lc" ImageId: !Ref AmiId InstanceType: !Ref InstanceType KeyName: !Ref KeyName SecurityGroups: - !Ref InstanceSecurityGroup InstanceMonitoring: Enabled SpotPrice: !If [UseSpot, "0.05", !Ref AWS::NoValue] UserData: Fn::Base64: | #!/bin/bash yum update -y yum install -y httpd systemctl start httpd echo "Hello from Auto Scaling" > /var/www/html/index.html

InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: !Sub "${AWS::StackName}-instance-sg" GroupDescription: Security group for instances VpcId: !Ref VPCId SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0

Conditions: UseSpot: !Equals [!Ref UseSpotInstances, true]

Parameters: UseSpotInstances: Type: String Default: false AllowedValues: - true - false

Launch Templates

Launch Template with Customization

AWSTemplateFormatVersion: 2010-09-09 Description: Auto Scaling with Launch Template

Parameters: InstanceType: Type: String Default: t3.micro

AmiId: Type: AWS::EC2::Image::Id

Resources: MyLaunchTemplate: Type: AWS::EC2::LaunchTemplate Properties: LaunchTemplateName: !Sub "${AWS::StackName}-lt" LaunchTemplateData: ImageId: !Ref AmiId InstanceType: !Ref InstanceType Monitoring: Enabled: true NetworkInterfaces: - DeviceIndex: 0 AssociatePublicIpAddress: false Groups: - !Ref InstanceSecurityGroup TagSpecifications: - ResourceType: instance Tags: - Key: Name Value: !Sub "${AWS::StackName}-instance" - Key: Environment Value: !Ref Environment UserData: Fn::Base64: | #!/bin/bash yum update -y systemctl enable httpd systemctl start httpd

InstanceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: !Sub "${AWS::StackName}-sg" GroupDescription: Security group for instances VpcId: !Ref VPCId

MyAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: AutoScalingGroupName: !Sub "${AWS::StackName}-asg" MinSize: 2 MaxSize: 10 DesiredCapacity: 2 VPCZoneIdentifier: !Ref SubnetIds LaunchTemplate: LaunchTemplateId: !Ref MyLaunchTemplate Version: !GetAtt MyLaunchTemplate.LatestVersionNumber

Auto Scaling Groups

ASG with Load Balancer

AWSTemplateFormatVersion: 2010-09-09 Description: Auto Scaling group with Application Load Balancer

Resources: MyAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: AutoScalingGroupName: !Sub "${AWS::StackName}-asg" MinSize: 2 MaxSize: 10 DesiredCapacity: 2 VPCZoneIdentifier: !Ref PrivateSubnetIds LaunchConfigurationName: !Ref MyLaunchConfiguration TargetGroupARNs: - !Ref MyTargetGroup HealthCheckType: ELB HealthCheckGracePeriod: 300 TerminationPolicies: - OldestInstance - Default InstanceMaintenancePolicy: MinHealthyPercentage: 50 MaxHealthyPercentage: 200 Tags: - Key: Environment Value: !Ref Environment PropagateAtLaunch: true - Key: Name Value: !Sub "${AWS::StackName}-instance" PropagateAtLaunch: true

MyTargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: Name: !Sub "${AWS::StackName}-tg" Port: 80 Protocol: HTTP VpcId: !Ref VPCId HealthCheckPath: / HealthCheckIntervalSeconds: 30 HealthCheckTimeoutSeconds: 5 HealthyThresholdCount: 5 UnhealthyThresholdCount: 2 TargetType: instance

ASG with Launch Template and Mixed Instances

AWSTemplateFormatVersion: 2010-09-09 Description: Auto Scaling with Mixed Instances Policy

Resources: MyLaunchTemplate: Type: AWS::EC2::LaunchTemplate Properties: LaunchTemplateName: !Sub "${AWS::StackName}-lt" LaunchTemplateData: ImageId: !Ref AmiId InstanceType: t3.micro KeyName: !Ref KeyName

MyAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: AutoScalingGroupName: !Sub "${AWS::StackName}-asg" MinSize: 2 MaxSize: 10 DesiredCapacity: 2 VPCZoneIdentifier: !Ref SubnetIds LaunchTemplate: LaunchTemplateId: !Ref MyLaunchTemplate Version: !GetAtt MyLaunchTemplate.LatestVersionNumber MixedInstancesPolicy: InstancesDistribution: OnDemandAllocationStrategy: prioritized OnDemandBaseCapacity: 2 OnDemandPercentageAboveBaseCapacity: 50 SpotAllocationStrategy: capacity-optimized SpotInstancePools: 3 SpotMaxPrice: !Ref MaxSpotPrice LaunchTemplate: LaunchTemplateId: !Ref MyLaunchTemplate Overrides: - InstanceType: t3.micro - InstanceType: t3.small - InstanceType: t3.medium

ASG with Lifecycle Hooks

AWSTemplateFormatVersion: 2010-09-09 Description: Auto Scaling with lifecycle hooks

Resources: MyLaunchConfiguration: Type: AWS::AutoScaling::LaunchConfiguration Properties: LaunchConfigurationName: !Sub "${AWS::StackName}-lc" ImageId: !Ref AmiId InstanceType: t3.micro

MyAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: AutoScalingGroupName: !Sub "${AWS::StackName}-asg" MinSize: 2 MaxSize: 10 DesiredCapacity: 2 VPCZoneIdentifier: !Ref SubnetIds LaunchConfigurationName: !Ref MyLaunchConfiguration

Lifecycle Hook - Instance Launch

LifecycleHookLaunch: Type: AWS::AutoScaling::LifecycleHook Properties: LifecycleHookName: !Sub "${AWS::StackName}-launch-hook" AutoScalingGroupName: !Ref MyAutoScalingGroup LifecycleTransition: autoscaling:EC2_INSTANCE_LAUNCHING HeartbeatTimeout: 900 NotificationTargetARN: !Ref SnsTopicArn RoleARN: !GetAtt LifecycleHookRole.Arn

Lifecycle Hook - Instance Termination

LifecycleHookTermination: Type: AWS::AutoScaling::LifecycleHook Properties: LifecycleHookName: !Sub "${AWS::StackName}-termination-hook" AutoScalingGroupName: !Ref MyAutoScalingGroup LifecycleTransition: autoscaling:EC2_INSTANCE_TERMINATING HeartbeatTimeout: 3600 NotificationTargetARN: !Ref SnsTopicArn RoleARN: !GetAtt LifecycleHookRole.Arn

IAM Role for Lifecycle Hooks

LifecycleHookRole: Type: AWS::IAM::Role Properties: RoleName: !Sub "${AWS::StackName}-lifecycle-role" AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: autoscaling.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: !Sub "${AWS::StackName}-lifecycle-policy" PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - sns:Publish Resource: !Ref SnsTopicArn

SnsTopic: Type: AWS::SNS::Topic Properties: TopicName: !Sub "${AWS::StackName}-lifecycle"

Scaling Policies

Target Tracking Policy

AWSTemplateFormatVersion: 2010-09-09 Description: Auto Scaling with Target Tracking scaling policy

Resources: MyAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: AutoScalingGroupName: !Sub "${AWS::StackName}-asg" MinSize: 2 MaxSize: 10 DesiredCapacity: 2 VPCZoneIdentifier: !Ref SubnetIds LaunchConfigurationName: !Ref MyLaunchConfiguration

TargetTrackingPolicy: Type: AWS::AutoScaling::ScalingPolicy Properties: PolicyName: !Sub "${AWS::StackName}-target-tracking" PolicyType: TargetTrackingScaling AutoScalingGroupName: !Ref MyAutoScalingGroup TargetTrackingConfiguration: PredefinedMetricSpecification: PredefinedMetricType: ASGAverageCPUUtilization TargetValue: 70 DisableScaleIn: false

Step Scaling Policy

Resources: StepScalingPolicy: Type: AWS::AutoScaling::ScalingPolicy Properties: PolicyName: !Sub "${AWS::StackName}-step-scaling" PolicyType: StepScaling AdjustmentType: PercentChangeInCapacity Cooldown: 300 StepAdjustments: - MetricIntervalLowerBound: 0 MetricIntervalUpperBound: 10000 ScalingAdjustment: 200 - MetricIntervalLowerBound: 10000 MetricIntervalUpperBound: 20000 ScalingAdjustment: 400 - MetricIntervalLowerBound: 20000 ScalingAdjustment: 600 AutoScalingGroupName: !Ref MyAutoScalingGroup

Alarm for Step Scaling

HighCpuAlarm: Type: AWS::CloudWatch::Alarm Properties: AlarmName: !Sub "${AWS::StackName}-high-cpu" AlarmDescription: Alarm when CPU utilization is high MetricName: CPUUtilization Namespace: AWS/EC2 Dimensions: - Name: AutoScalingGroupName Value: !Ref MyAutoScalingGroup Statistic: Average Period: 60 EvaluationPeriods: 3 Threshold: 70 ComparisonOperator: GreaterThanThreshold AlarmActions: - !Ref StepScalingPolicy

Simple Scaling Policy

Resources: SimpleScalingPolicy: Type: AWS::AutoScaling::ScalingPolicy Properties: PolicyName: !Sub "${AWS::StackName}-simple-scale-up" PolicyType: SimpleScaling AdjustmentType: ChangeInCapacity ScalingAdjustment: 1 Cooldown: 300 AutoScalingGroupName: !Ref MyAutoScalingGroup

ScaleDownPolicy: Type: AWS::AutoScaling::ScalingPolicy Properties: PolicyName: !Sub "${AWS::StackName}-simple-scale-down" PolicyType: SimpleScaling AdjustmentType: ChangeInCapacity ScalingAdjustment: -1 Cooldown: 600 AutoScalingGroupName: !Ref MyAutoScalingGroup

HighCpuAlarm: Type: AWS::CloudWatch::Alarm Properties: AlarmName: !Sub "${AWS::StackName}-high-cpu" MetricName: CPUUtilization Namespace: AWS/EC2 Dimensions: - Name: AutoScalingGroupName Value: !Ref MyAutoScalingGroup Statistic: Average Period: 120 EvaluationPeriods: 2 Threshold: 80 ComparisonOperator: GreaterThanThreshold AlarmActions: - !Ref SimpleScalingPolicy

LowCpuAlarm: Type: AWS::CloudWatch::Alarm Properties: AlarmName: !Sub "${AWS::StackName}-low-cpu" MetricName: CPUUtilization Namespace: AWS/EC2 Dimensions: - Name: AutoScalingGroupName Value: !Ref MyAutoScalingGroup Statistic: Average Period: 300 EvaluationPeriods: 2 Threshold: 30 ComparisonOperator: LessThanThreshold AlarmActions: - !Ref ScaleDownPolicy

Scheduled Scaling

Resources: ScheduledScaleUp: Type: AWS::AutoScaling::ScheduledAction Properties: ScheduledActionName: !Sub "${AWS::StackName}-scheduled-scale-up" AutoScalingGroupName: !Ref MyAutoScalingGroup MinSize: 5 MaxSize: 15 DesiredCapacity: 5 StartTime: "2024-01-01T08:00:00Z"

ScheduledScaleDown: Type: AWS::AutoScaling::ScheduledAction Properties: ScheduledActionName: !Sub "${AWS::StackName}-scheduled-scale-down" AutoScalingGroupName: !Ref MyAutoScalingGroup MinSize: 2 MaxSize: 10 DesiredCapacity: 2 StartTime: "2024-01-01T20:00:00Z"

Recurring schedule using cron

RecurringScaleUp: Type: AWS::AutoScaling::ScheduledAction Properties: ScheduledActionName: !Sub "${AWS::StackName}-morning-scale-up" AutoScalingGroupName: !Ref MyAutoScalingGroup MinSize: 5 MaxSize: 15 DesiredCapacity: 5 Recurrence: "0 8 * * *"

ECS Auto Scaling

ECS Service Scaling

AWSTemplateFormatVersion: 2010-09-09 Description: ECS service with Auto Scaling

Resources:

ECS Cluster

EcsCluster: Type: AWS::ECS::Cluster Properties: ClusterName: !Sub "${AWS::StackName}-cluster"

Task Definition

TaskDefinition: Type: AWS::ECS::TaskDefinition Properties: Family: !Sub "${AWS::StackName}-task" Cpu: "512" Memory: "1024" NetworkMode: awsvpc RequiresCompatibilities: - FARGATE ContainerDefinitions: - Name: web Image: nginx:latest PortMappings: - ContainerPort: 80 LogConfiguration: LogDriver: awslogs Options: awslogs-group: !Ref LogGroup awslogs-region: !Ref AWS::Region

ECS Service

EcsService: Type: AWS::ECS::Service Properties: ServiceName: !Sub "${AWS::StackName}-service" Cluster: !Ref EcsCluster TaskDefinition: !Ref TaskDefinition DesiredCount: 2 LaunchType: FARGATE NetworkConfiguration: AwsvpcConfiguration: AssignPublicIp: DISABLED SecurityGroups: - !Ref ServiceSecurityGroup Subnets: !Ref PrivateSubnets LoadBalancers: - ContainerName: web ContainerPort: 80 TargetGroupArn: !Ref TargetGroup

Application Auto Scaling Target

ScalableTarget: Type: AWS::ApplicationAutoScaling::ScalableTarget Properties: MaxCapacity: 10 MinCapacity: 2 ResourceId: !Sub "service/${EcsCluster}/${EcsService.Name}" RoleARN: !GetAtt EcsServiceScalingRole.Arn ScalableDimension: ecs:service:DesiredCount ServiceNamespace: ecs

Target Tracking Scaling Policy

EcsTargetTrackingPolicy: Type: AWS::ApplicationAutoScaling::ScalingPolicy Properties: PolicyName: !Sub "${AWS::StackName}-ecs-target-tracking" PolicyType: TargetTrackingScaling ScalingTargetId: !Ref ScalableTarget TargetTrackingScalingPolicyConfiguration: PredefinedMetricSpecification: PredefinedMetricType: ECSServiceAverageCPUUtilization TargetValue: 70 ScaleInCooldown: 300 ScaleOutCooldown: 60

Log Group

LogGroup: Type: AWS::Logs::LogGroup Properties: LogGroupName: !Sub "/ecs/${AWS::StackName}" RetentionInDays: 30

Security Group

ServiceSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: !Sub "${AWS::StackName}-service-sg" GroupDescription: Security group for ECS service VpcId: !Ref VPCId

Application Load Balancer Target Group

TargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: Name: !Sub "${AWS::StackName}-ecs-tg" Port: 80 Protocol: HTTP VpcId: !Ref VPCId TargetType: ip

IAM Role for ECS Service Scaling with Least Privilege

EcsServiceScalingRole: Type: AWS::IAM::Role Properties: RoleName: !Sub "${AWS::StackName}-ecs-scaling-role" AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: application-autoscaling.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: !Sub "${AWS::StackName}-ecs-scaling-policy" PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - ecs:DescribeServices - ecs:UpdateService Resource: !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:service/${EcsCluster}/*"

Lambda Provisioned Concurrency Scaling

Lambda with Provisioned Concurrency Auto Scaling

AWSTemplateFormatVersion: 2010-09-09 Description: Lambda with Application Auto Scaling for provisioned concurrency

Resources:

Lambda Function

MyLambdaFunction: Type: AWS::Lambda::Function Properties: FunctionName: !Sub "${AWS::StackName}-function" Runtime: python3.11 Handler: app.handler Code: S3Bucket: !Ref CodeBucket S3Key: lambda/function.zip MemorySize: 512 Timeout: 30 Role: !GetAtt LambdaExecutionRole.Arn

Lambda Version

LambdaVersion: Type: AWS::Lambda::Version Properties: FunctionName: !Ref MyLambdaFunction Description: Version for provisioned concurrency

Application Auto Scaling Scalable Target

LambdaScalableTarget: Type: AWS::ApplicationAutoScaling::ScalableTarget Properties: MaxCapacity: 20 MinCapacity: 5 ResourceId: !Sub "function:${MyLambdaFunction}:${LambdaVersion.Version}" RoleARN: !GetAtt LambdaScalingRole.Arn ScalableDimension: lambda:function:ProvisionedConcurrency ServiceNamespace: lambda

Target Tracking Scaling Policy

LambdaTargetTrackingPolicy: Type: AWS::ApplicationAutoScaling::ScalingPolicy Properties: PolicyName: !Sub "${AWS::StackName}-lambda-target-tracking" PolicyType: TargetTrackingScaling ScalingTargetId: !Ref LambdaScalableTarget TargetTrackingScalingPolicyConfiguration: TargetValue: 90 PredefinedMetricSpecification: PredefinedMetricType: LambdaProvisionedConcurrencyUtilization ScaleInCooldown: 120 ScaleOutCooldown: 60

Lambda Execution Role

LambdaExecutionRole: Type: AWS::IAM::Role Properties: RoleName: !Sub "${AWS::StackName}-lambda-role" AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: lambda.amazonaws.com Action: sts:AssumeRole ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole

IAM Role for Lambda Scaling with Least Privilege

LambdaScalingRole: Type: AWS::IAM::Role Properties: RoleName: !Sub "${AWS::StackName}-lambda-scaling-role" AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: application-autoscaling.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: !Sub "${AWS::StackName}-lambda-scaling-policy" PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - lambda:PutProvisionedConcurrencyConfig - lambda:GetProvisionedConcurrencyConfig Resource: !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${MyLambdaFunction}:*"

Conditions and Transform

Conditions for Environment-Specific Scaling

AWSTemplateFormatVersion: 2010-09-09 Description: Auto Scaling with conditional scaling configuration

Parameters: Environment: Type: String Default: dev AllowedValues: - dev - staging - production

Conditions: IsProduction: !Equals [!Ref Environment, production] IsStaging: !Equals [!Ref Environment, staging] UseSpot: !Or [!Equals [!Ref Environment, dev], !Equals [!Ref Environment, staging]] UseAlb: !Not [!Equals [!Ref Environment, dev]] EnableDetailedMonitoring: !Not [!Equals [!Ref Environment, dev]]

Resources: MyLaunchConfiguration: Type: AWS::AutoScaling::LaunchConfiguration Properties: LaunchConfigurationName: !Sub "${AWS::StackName}-lc" ImageId: !Ref AmiId InstanceType: !If [IsProduction, t3.large, !If [IsStaging, t3.medium, t3.micro]] InstanceMonitoring: !If [EnableDetailedMonitoring, Enabled, Basic]

MyAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: AutoScalingGroupName: !Sub "${AWS::StackName}-asg" MinSize: !If [IsProduction, 3, !If [IsStaging, 2, 1]] MaxSize: !If [IsProduction, 12, !If [IsStaging, 6, 3]] DesiredCapacity: !If [IsProduction, 3, !If [IsStaging, 2, 1]] VPCZoneIdentifier: !Ref SubnetIds LaunchConfigurationName: !Ref MyLaunchConfiguration HealthCheckType: !If [UseAlb, ELB, EC2] HealthCheckGracePeriod: !If [UseAlb, 300, 300]

Transform for Code Reuse

AWSTemplateFormatVersion: 2010-09-09 Transform: AWS::Serverless-2016-10-31

Description: Using SAM for simplified Auto Scaling

Globals: Function: Timeout: 30 Runtime: python3.11 Tracing: Active Environment: Variables: LOG_LEVEL: INFO

Parameters: Environment: Type: String Default: dev

Resources:

Auto Scaling Group using SAM

WebServerGroup: Type: AWS::Serverless::Application Properties: Location: ./asg-template.yaml Parameters: Environment: !Ref Environment

CloudFormation Stack Management Best Practices

Stack Policies

Stack Policies prevent unintentional updates to critical stack resources. Use them to protect Auto Scaling Groups from accidental modifications or deletions.

AWSTemplateFormatVersion: 2010-09-09 Description: Stack with policy to protect Auto Scaling resources

Resources: MyAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: AutoScalingGroupName: !Sub "${AWS::StackName}-asg" MinSize: 2 MaxSize: 10 DesiredCapacity: 2 VPCZoneIdentifier: !Ref SubnetIds LaunchConfigurationName: !Ref MyLaunchConfiguration

MyLaunchConfiguration: Type: AWS::AutoScaling::LaunchConfiguration Properties: LaunchConfigurationName: !Sub "${AWS::StackName}-lc" ImageId: !Ref AmiId InstanceType: t3.micro

Metadata: AWS::CloudFormation::StackPolicy: Statement: - Effect: Allow Resource: "" Action: Update:Modify - Effect: Deny Resource: "" Action: Update:Delete Condition: StringEquals: ResourceType: - AWS::AutoScaling::AutoScalingGroup - AWS::AutoScaling::LaunchConfiguration

Termination Protection

Enable termination protection to prevent accidental deletion of Auto Scaling Groups. This is critical for production environments.

Enable termination protection on an existing stack

aws cloudformation update-termination-protection
--stack-name my-auto-scaling-stack
--enable-termination-protection

Check if termination protection is enabled

aws cloudformation describe-stacks
--stack-name my-auto-scaling-stack
--query "Stacks[0].EnableTerminationProtection"

Drift Detection

Detect when your Auto Scaling infrastructure has been modified outside of CloudFormation.

Detect drift on a stack

aws cloudformation detect-stack-drift
--stack-name my-auto-scaling-stack

Get drift detection status

aws cloudformation describe-stack-drift-detection-status
--stack-name my-auto-scaling-stack

Get drift detection results

aws cloudformation describe-stack-resource-drifts
--stack-name my-auto-scaling-stack

Check specific resource drift

aws cloudformation describe-stack-resource-drifts
--stack-name my-auto-scaling-stack
--stack-resource-drifts-not-in-sync

Change Sets

Use Change Sets to preview and review changes before applying them to your Auto Scaling infrastructure.

Create a change set

aws cloudformation create-change-set
--stack-name my-auto-scaling-stack
--change-set-name my-changeset
--template-body file://template.yaml
--parameters ParameterKey=Environment,ParameterValue=production

List change sets

aws cloudformation list-change-sets
--stack-name my-auto-scaling-stack

Describe change set

aws cloudformation describe-change-set
--stack-name my-auto-scaling-stack
--change-set-name my-changeset

Execute change set

aws cloudformation execute-change-set
--stack-name my-auto-scaling-stack
--change-set-name my-changeset

Automated change set creation in CI/CD pipeline

Resources: ChangeSetRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: cloudformation.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: ChangeSetPolicy PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - autoscaling:Describe* - cloudwatch:Describe* - ec2:Describe* Resource: "" - Effect: Allow Action: - autoscaling:UpdateAutoScalingGroup - autoscaling:CreateOrUpdateTags - cloudwatch:PutMetricAlarm - cloudwatch:DeleteAlarms Resource: - !Sub "arn:aws:autoscaling:${AWS::Region}:${AWS::AccountId}:autoScalingGroup::autoScalingGroupName/" - !Sub "arn:aws:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:"

Best Practices

High Availability

  • Distribute instances across multiple AZs

  • Use ALB with health checks for automatic routing

  • Implement lifecycle hooks for graceful shutdown

  • Configure appropriate termination policies

  • Use mixed instances policies for diversity

Cost Optimization

  • Use Spot Instances for fault-tolerant workloads

  • Implement right-sizing of instances

  • Configure aggressive scale-in policies

  • Use scheduled scaling for predictable patterns

  • Monitor and optimize regularly

Monitoring

  • Create CloudWatch Alarms for key metrics

  • Implement scaling policies based on metrics

  • Use lifecycle hooks for logging and analytics

  • Configure SNS notifications for scaling events

  • Implement detailed monitoring for troubleshooting

Security

  • Use IAM roles with minimum permissions

  • Encrypt EBS volumes with KMS

  • Configure restrictive security groups

  • Use VPC with appropriate subnets

  • Implement parameter store for sensitive configuration

  • Avoid using broad managed policies like CloudWatchFullAccess

  • Use specific permissions instead of broad managed policies

Least Privilege IAM Examples

Instead of CloudWatchFullAccess, use specific permissions

ScalingAlarmRole: Type: AWS::IAM::Role Properties: RoleName: !Sub "${AWS::StackName}-scaling-alarm-role" AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: autoscaling.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: !Sub "${AWS::StackName}-cloudwatch-specific-policy" PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - cloudwatch:PutMetricAlarm - cloudwatch:DescribeAlarms - cloudwatch:DeleteAlarms - cloudwatch:EnableAlarmActions - cloudwatch:DisableAlarmActions Resource: !Sub "arn:aws:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:*"

Related Resources

  • Auto Scaling Documentation

  • AWS CloudFormation User Guide

  • Auto Scaling Best Practices

  • Application Auto Scaling

Additional Files

For complete details on resources and their properties, consult:

  • REFERENCE.md - Detailed reference guide for all CloudFormation resources

  • EXAMPLES.md - Complete production-ready examples

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Coding

shadcn-ui

No summary provided by upstream source.

Repository SourceNeeds Review
-10K
giuseppe-trisciuoglio
Coding

tailwind-css-patterns

No summary provided by upstream source.

Repository SourceNeeds Review
-1.9K
giuseppe-trisciuoglio
Coding

unit-test-bean-validation

No summary provided by upstream source.

Repository SourceNeeds Review
-1.4K
giuseppe-trisciuoglio