{"id":2348,"date":"2017-01-11T16:28:36","date_gmt":"2017-01-11T22:28:36","guid":{"rendered":"http:\/\/www.mooreds.com\/wordpress\/?p=2348"},"modified":"2021-11-21T12:40:11","modified_gmt":"2021-11-21T18:40:11","slug":"aws-questions-asgs-and-amazon-inspector","status":"publish","type":"post","link":"https:\/\/www.mooreds.com\/wordpress\/archives\/2348","title":{"rendered":"AWS Questions: ASGs and Amazon Inspector"},"content":{"rendered":"<p>More questions from AWS course students.<\/p>\n<ul>\n<li>EC2 instances in auto scaling groups have a <a href=\"http:\/\/docs.aws.amazon.com\/autoscaling\/latest\/userguide\/as-scale-based-on-demand.html#as-scaling-warmup\">warmup period<\/a> that you can specify (so that the EC2 instance can be fully ready to take traffic directed to it).\u00a0 I retold a story from another consultant about the warmup period for an ASG increasing over time (due to increasing numbers of security patches against the base AMI) and one student asked: &#8220;Can you set an alarm on instances overrunning the the warmup period?&#8221;\n<ul>\n<li>Since you can create <a href=\"http:\/\/docs.aws.amazon.com\/AmazonCloudWatch\/latest\/monitoring\/publishingMetrics.html\">custom metrics<\/a> in cloudwatch and create alarms on those, you can definitely capture the warmup period.\u00a0 All you&#8217;d need to do is, as the last step before an EC2 instance was fully configured, subtract the current time from the launch time (obtained via <a href=\"http:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/ec2\/describe-instances.html\">the API<\/a>).\u00a0 Store that number as your &#8216;warmup&#8217; metric and set an alert if it ever gets close to your ASG <a href=\"http:\/\/docs.aws.amazon.com\/autoscaling\/latest\/userguide\/healthcheck.html\">health check value<\/a>, and you&#8217;ll avoid ASG thrashing.<\/li>\n<li><strong>Update 4\/6\/2017: Another instructor pointed out a flaw in the above statements. \u00a0Upon further research, <a href=\"http:\/\/docs.aws.amazon.com\/autoscaling\/latest\/userguide\/as-scale-based-on-demand.html#as-scaling-warmup\">warmup time settings<\/a>\u00a0\u00a0only apply if you are using step scaling, and <a href=\"http:\/\/docs.aws.amazon.com\/autoscaling\/latest\/userguide\/Cooldown.html\">cooldown periods<\/a> only apply if you are using simple scaling. \u00a0They are both trying to solve similar problems&#8211;making sure that you don&#8217;t start up or shut down instances before the instances have a chance to affect the situation that triggered the Auto Scaling Group action. \u00a0<a href=\"http:\/\/docs.aws.amazon.com\/autoscaling\/latest\/userguide\/as-scale-based-on-demand.html#as-scaling-types\">More on policy types<\/a>.<\/strong><\/li>\n<\/ul>\n<\/li>\n<li>&#8220;Can the minimum and maximum number of instances of an ASG be changed after initial configuration?&#8221;\n<ul>\n<li><a href=\"http:\/\/docs.aws.amazon.com\/AutoScaling\/latest\/APIReference\/API_UpdateAutoScalingGroup.html\">Yes<\/a>.<\/li>\n<\/ul>\n<\/li>\n<li>&#8220;Can you point <a href=\"https:\/\/aws.amazon.com\/inspector\/\">Amazon inspector<\/a> at non aws resources?\u00a0 In your own data center, for example?&#8221;\n<ul>\n<li>Amazon is a security tool that looks for vulnerabilities in your EC2 instances.\u00a0 It requires <a href=\"https:\/\/docs.aws.amazon.com\/inspector\/latest\/userguide\/inspector_settingup.html\">installing an agent<\/a> on the instances that it will be monitoring, and thus doesn&#8217;t work outside of AWS.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>More questions from AWS course students. EC2 instances in auto scaling groups have a warmup period that you can specify (so that the EC2 instance can be fully ready to [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[79],"tags":[],"class_list":["post-2348","post","type-post","status-publish","format-standard","hentry","category-aws"],"_links":{"self":[{"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/posts\/2348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/comments?post=2348"}],"version-history":[{"count":3,"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/posts\/2348\/revisions"}],"predecessor-version":[{"id":2409,"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/posts\/2348\/revisions\/2409"}],"wp:attachment":[{"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/media?parent=2348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/categories?post=2348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mooreds.com\/wordpress\/wp-json\/wp\/v2\/tags?post=2348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}