Auto Scaling group does not span two or more Availability Zones Affecting EC2 service in AWS

Severity Framework Snyk CCSS

Rule category Availability / Redundancy

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

AWS-Well-Architected CSA-CCM GDPR ISO-27001 NIST-800-53 SOC-2

Snyk ID SNYK-CC-00167
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Auto Scaling groups that span two or more Availability Zones promote redundancy of data, which helps ensure availability and continuity during an adverse situation.

How to fix?

Set vpc_zone_identifier to two or more subnets, or set availability_zones to two or more Availability Zones.

Example Configuration

# with vpc_zone_identifier
resource "aws_autoscaling_group" "tf_asg_example" {
  name                 = "terraform-asg-example"
  vpc_zone_identifier  = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
  launch_configuration = "${aws_launch_configuration.as_conf.name}"
  min_size             = 1
  max_size             = 2

  lifecycle {
    create_before_destroy = true
  }
}

# with availability_zones
resource "aws_autoscaling_group" "example" {
  availability_zones = ["us-east-1a", "us-east-1b"]
  desired_capacity   = 1
  max_size           = 1
  min_size           = 1

  launch_template {
    id      = aws_launch_template.example.id
    version = "$Latest"
  }
}

Terraform

Resource: aws_autoscaling_group

References

Considerations when choosing VPC subnets