alpha

AWS Auto Scaling Groups

Operational guide for AWS Auto Scaling Groups

#aws#asg#autoscaling#production#safety

Guardrail Operations for Auto Scaling Groups

Prevent unwanted instance termination when updating ASG configuration, launch templates, or underlying infrastructure.

Verify Protection Status

Confirm which instances are currently protected from scale-in.

ASG= # Auto Scaling Group name
aws autoscaling describe-auto-scaling-groups \
  --auto-scaling-group-names $ASG \
  --query "AutoScalingGroups[0].Instances[].{Id:InstanceId,ScaleIn:ProtectedFromScaleIn}" \
  --output table

Enable Protections

Scale-in protection MUST be enabled before applying changes that could replace instances.

ASG= # Auto Scaling Group name
INSTANCES=$(aws autoscaling describe-auto-scaling-groups \
  --auto-scaling-group-names $ASG \
  --query "AutoScalingGroups[0].Instances[?LifecycleState=='InService'].InstanceId" \
  --output text)
aws autoscaling set-instance-protection \
  --auto-scaling-group-name $ASG \
  --instance-ids $INSTANCES \
  --protected-from-scale-in

Verify Post-Change State

Validate ASG state after applying changes.

Check instance state:

ASG= # Auto Scaling Group name
aws autoscaling describe-auto-scaling-groups \
  --auto-scaling-group-names $ASG \
  --query "AutoScalingGroups[0].{Desired:DesiredCapacity,Instances:Instances[*].{Id:InstanceId,State:LifecycleState,Health:HealthStatus,Protected:ProtectedFromScaleIn}}" \
  --output yaml

Check for scaling activities:

ASG= # Auto Scaling Group name
aws autoscaling describe-scaling-activities \
  --auto-scaling-group-name $ASG \
  --max-items 5 \
  --query "Activities[*].{Time:StartTime,Status:StatusCode,Description:Description}" \
  --output table

Expected state: All instances InService, Healthy, Protected: true. No recent scaling activities.

Only proceed to the next ASG after verification passes.