Back to Details

aws-cloudformation-auto-scaling

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

AWS CloudFormation Auto Scaling

AWS CloudFormation Auto Scaling

Overview

概述

Create production-ready Auto Scaling infrastructure using AWS CloudFormation templates. This skill covers Auto Scaling Groups for EC2, ECS, and Lambda, launch configurations, launch templates, scaling policies, lifecycle hooks, and best practices for high availability and cost optimization.
使用AWS CloudFormation模板创建可用于生产环境的Auto Scaling基础设施。本内容涵盖适用于EC2、ECS和Lambda的Auto Scaling组、启动配置、启动模板、伸缩策略、生命周期挂钩,以及高可用和成本优化的最佳实践。

When to Use

适用场景

Use this skill when:
  • Creating Auto Scaling Groups for EC2 instances
  • Configuring Launch Configurations or Launch Templates
  • Implementing scaling policies (step, target tracking, simple)
  • Adding lifecycle hooks for lifecycle management
  • Creating scaling for ECS services
  • Implementing Lambda provisioned concurrency scaling
  • Organizing templates with Parameters, Outputs, Mappings, Conditions
  • Implementing cross-stack references with export/import
  • Using mixed instances policies for diversity
在以下场景使用本内容:
  • 为EC2实例创建Auto Scaling组
  • 配置Launch Configurations或Launch Templates
  • 实现伸缩策略(阶梯式、目标追踪式、简单式)
  • 添加生命周期挂钩以进行生命周期管理
  • 为ECS服务配置伸缩
  • 实现Lambda预留并发伸缩
  • 使用Parameters、Outputs、Mappings、Conditions组织模板
  • 通过导出/导入实现跨栈引用
  • 使用混合实例策略实现实例多样性

CloudFormation Template Structure

CloudFormation模板结构

Base Template with Standard Format

标准格式的基础模板

yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling group with load balancer

Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
      - Label:
          default: Auto Scaling Configuration
        Parameters:
          - MinSize
          - MaxSize
          - DesiredCapacity
      - Label:
          default: Instance Configuration
        Parameters:
          - InstanceType
          - AmiId

Parameters:
  MinSize:
    Type: Number
    Default: 2
    Description: Minimum number of instances

  MaxSize:
    Type: Number
    Default: 10
    Description: Maximum number of instances

  DesiredCapacity:
    Type: Number
    Default: 2
    Description: Desired number of instances

  InstanceType:
    Type: String
    Default: t3.micro
    AllowedValues:
      - t3.micro
      - t3.small
      - t3.medium
      - t3.large

  AmiId:
    Type: AWS::EC2::Image::Id
    Description: AMI ID for instances

Mappings:
  EnvironmentConfig:
    dev:
      InstanceType: t3.micro
      MinSize: 1
      MaxSize: 3
    staging:
      InstanceType: t3.medium
      MinSize: 2
      MaxSize: 6
    production:
      InstanceType: t3.large
      MinSize: 3
      MaxSize: 12

Conditions:
  IsProduction: !Equals [!Ref Environment, production]
  UseSpotInstances: !Or [!Equals [!Ref Environment, dev], !Equals [!Ref Environment, staging]]

Resources:
  # Auto Scaling Group
  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: !Ref MinSize
      MaxSize: !Ref MaxSize
      DesiredCapacity: !Ref DesiredCapacity
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchConfigurationName: !Ref MyLaunchConfiguration
      LoadBalancerNames:
        - !Ref MyLoadBalancer
      HealthCheckType: ELB
      HealthCheckGracePeriod: 300
      TerminationPolicies:
        - OldestInstance
        - Default
      Tags:
        - Key: Environment
          Value: !Ref Environment
          PropagateAtLaunch: true
        - Key: ManagedBy
          Value: CloudFormation
          PropagateAtLaunch: true

Outputs:
  AutoScalingGroupName:
    Description: Name of the Auto Scaling Group
    Value: !Ref MyAutoScalingGroup
yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling group with load balancer

Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
      - Label:
          default: Auto Scaling Configuration
        Parameters:
          - MinSize
          - MaxSize
          - DesiredCapacity
      - Label:
          default: Instance Configuration
        Parameters:
          - InstanceType
          - AmiId

Parameters:
  MinSize:
    Type: Number
    Default: 2
    Description: Minimum number of instances

  MaxSize:
    Type: Number
    Default: 10
    Description: Maximum number of instances

  DesiredCapacity:
    Type: Number
    Default: 2
    Description: Desired number of instances

  InstanceType:
    Type: String
    Default: t3.micro
    AllowedValues:
      - t3.micro
      - t3.small
      - t3.medium
      - t3.large

  AmiId:
    Type: AWS::EC2::Image::Id
    Description: AMI ID for instances

Mappings:
  EnvironmentConfig:
    dev:
      InstanceType: t3.micro
      MinSize: 1
      MaxSize: 3
    staging:
      InstanceType: t3.medium
      MinSize: 2
      MaxSize: 6
    production:
      InstanceType: t3.large
      MinSize: 3
      MaxSize: 12

Conditions:
  IsProduction: !Equals [!Ref Environment, production]
  UseSpotInstances: !Or [!Equals [!Ref Environment, dev], !Equals [!Ref Environment, staging]]

Resources:
  # Auto Scaling Group
  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: !Ref MinSize
      MaxSize: !Ref MaxSize
      DesiredCapacity: !Ref DesiredCapacity
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchConfigurationName: !Ref MyLaunchConfiguration
      LoadBalancerNames:
        - !Ref MyLoadBalancer
      HealthCheckType: ELB
      HealthCheckGracePeriod: 300
      TerminationPolicies:
        - OldestInstance
        - Default
      Tags:
        - Key: Environment
          Value: !Ref Environment
          PropagateAtLaunch: true
        - Key: ManagedBy
          Value: CloudFormation
          PropagateAtLaunch: true

Outputs:
  AutoScalingGroupName:
    Description: Name of the Auto Scaling Group
    Value: !Ref MyAutoScalingGroup

Parameters Best Practices

Parameters最佳实践

AWS-Specific Parameter Types

AWS特定参数类型

yaml
Parameters:
  # AWS-specific types for validation
  InstanceType:
    Type: AWS::EC2::Instance::Type
    Description: EC2 instance type

  AmiId:
    Type: AWS::EC2::Image::Id
    Description: AMI ID for instances

  SubnetIds:
    Type: List<AWS::EC2::Subnet::Id>
    Description: Subnets for Auto Scaling group

  SecurityGroupIds:
    Type: List<AWS::EC2::SecurityGroup::Id>
    Description: Security groups for instances

  LoadBalancerArn:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer::Arn
    Description: Application Load Balancer ARN

  TargetGroupArn:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup::Arn
    Description: Target Group ARN for ALB

  LaunchTemplateId:
    Type: AWS::EC2::LaunchTemplate::LaunchTemplateId
    Description: Launch template ID

  ScalingPolicyArn:
    Type: AWS::AutoScaling::ScalingPolicy::Arn
    Description: Scaling policy ARN
yaml
Parameters:
  # AWS-specific types for validation
  InstanceType:
    Type: AWS::EC2::Instance::Type
    Description: EC2 instance type

  AmiId:
    Type: AWS::EC2::Image::Id
    Description: AMI ID for instances

  SubnetIds:
    Type: List<AWS::EC2::Subnet::Id>
    Description: Subnets for Auto Scaling group

  SecurityGroupIds:
    Type: List<AWS::EC2::SecurityGroup::Id>
    Description: Security groups for instances

  LoadBalancerArn:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer::Arn
    Description: Application Load Balancer ARN

  TargetGroupArn:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup::Arn
    Description: Target Group ARN for ALB

  LaunchTemplateId:
    Type: AWS::EC2::LaunchTemplate::LaunchTemplateId
    Description: Launch template ID

  ScalingPolicyArn:
    Type: AWS::AutoScaling::ScalingPolicy::Arn
    Description: Scaling policy ARN

Parameter Constraints

参数约束

yaml
Parameters:
  MinSize:
    Type: Number
    Default: 1
    Description: Minimum number of instances
    MinValue: 0
    MaxValue: 1000
    ConstraintDescription: Must be between 0 and 1000

  MaxSize:
    Type: Number
    Default: 10
    Description: Maximum number of instances
    MinValue: 1
    MaxValue: 1000
    ConstraintDescription: Must be between 1 and 1000

  DesiredCapacity:
    Type: Number
    Default: 2
    Description: Desired number of instances
    MinValue: 0
    MaxValue: 1000

  InstanceType:
    Type: String
    Default: t3.micro
    Description: EC2 instance type
    ConstraintDescription: Must be a valid EC2 instance type

  AmiId:
    Type: AWS::EC2::Image::Id
    Description: AMI ID

  EnvironmentName:
    Type: String
    Default: dev
    Description: Deployment environment
    AllowedValues:
      - dev
      - staging
      - production
    ConstraintDescription: Must be dev, staging, or production
yaml
Parameters:
  MinSize:
    Type: Number
    Default: 1
    Description: Minimum number of instances
    MinValue: 0
    MaxValue: 1000
    ConstraintDescription: Must be between 0 and 1000

  MaxSize:
    Type: Number
    Default: 10
    Description: Maximum number of instances
    MinValue: 1
    MaxValue: 1000
    ConstraintDescription: Must be between 1 and 1000

  DesiredCapacity:
    Type: Number
    Default: 2
    Description: Desired number of instances
    MinValue: 0
    MaxValue: 1000

  InstanceType:
    Type: String
    Default: t3.micro
    Description: EC2 instance type
    ConstraintDescription: Must be a valid EC2 instance type

  AmiId:
    Type: AWS::EC2::Image::Id
    Description: AMI ID

  EnvironmentName:
    Type: String
    Default: dev
    Description: Deployment environment
    AllowedValues:
      - dev
      - staging
      - production
    ConstraintDescription: Must be dev, staging, or production

SSM Parameter References

SSM参数引用

yaml
Parameters:
  LatestAmiId:
    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
    Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
    Description: Latest Amazon Linux 2 AMI from SSM

  InstanceConfiguration:
    Type: AWS::SSM::Parameter::Value<String>
    Default: /myapp/instance-configuration
    Description: Instance configuration from SSM
yaml
Parameters:
  LatestAmiId:
    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
    Default: /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
    Description: Latest Amazon Linux 2 AMI from SSM

  InstanceConfiguration:
    Type: AWS::SSM::Parameter::Value<String>
    Default: /myapp/instance-configuration
    Description: Instance configuration from SSM

Outputs and Cross-Stack References

Outputs与跨栈引用

Export/Import Patterns

导出/导入模式

yaml
undefined
yaml
undefined

Stack A - Network and Auto Scaling Stack

Stack A - Network and Auto Scaling Stack

AWSTemplateFormatVersion: 2010-09-09 Description: Auto Scaling infrastructure stack
Resources: MyAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: AutoScalingGroupName: !Sub "${AWS::StackName}-asg" MinSize: 2 MaxSize: 10 DesiredCapacity: 2 VPCZoneIdentifier: !Ref SubnetIds LaunchConfigurationName: !Ref MyLaunchConfiguration
Outputs: AutoScalingGroupName: Description: Name of the Auto Scaling Group Value: !Ref MyAutoScalingGroup Export: Name: !Sub "${AWS::StackName}-AutoScalingGroupName"
AutoScalingGroupArn: Description: ARN of the Auto Scaling Group Value: !Sub "arn:aws:autoscaling:${AWS::Region}:${AWS::AccountId}:autoScalingGroup:*:autoScalingGroupName/${MyAutoScalingGroup}" Export: Name: !Sub "${AWS::StackName}-AutoScalingGroupArn"
LaunchConfigurationName: Description: Name of the Launch Configuration Value: !Ref MyLaunchConfiguration Export: Name: !Sub "${AWS::StackName}-LaunchConfigurationName"

```yaml
AWSTemplateFormatVersion: 2010-09-09 Description: Auto Scaling infrastructure stack
Resources: MyAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: AutoScalingGroupName: !Sub "${AWS::StackName}-asg" MinSize: 2 MaxSize: 10 DesiredCapacity: 2 VPCZoneIdentifier: !Ref SubnetIds LaunchConfigurationName: !Ref MyLaunchConfiguration
Outputs: AutoScalingGroupName: Description: Name of the Auto Scaling Group Value: !Ref MyAutoScalingGroup Export: Name: !Sub "${AWS::StackName}-AutoScalingGroupName"
AutoScalingGroupArn: Description: ARN of the Auto Scaling Group Value: !Sub "arn:aws:autoscaling:${AWS::Region}:${AWS::AccountId}:autoScalingGroup:*:autoScalingGroupName/${MyAutoScalingGroup}" Export: Name: !Sub "${AWS::StackName}-AutoScalingGroupArn"
LaunchConfigurationName: Description: Name of the Launch Configuration Value: !Ref MyLaunchConfiguration Export: Name: !Sub "${AWS::StackName}-LaunchConfigurationName"

```yaml

Stack B - Application Stack (imports from Stack A)

Stack B - Application Stack (imports from Stack A)

AWSTemplateFormatVersion: 2010-09-09 Description: Application stack using Auto Scaling from infrastructure stack
Parameters: InfraStackName: Type: String Default: infra-stack Description: Name of the infrastructure stack
Resources: ScalingPolicy: Type: AWS::AutoScaling::ScalingPolicy Properties: PolicyName: !Sub "${AWS::StackName}-scale-up" PolicyType: StepScaling AdjustmentType: PercentChangeInCapacity Cooldown: 300 StepAdjustments: - MetricIntervalLowerBound: 0 MetricIntervalUpperBound: 10000 ScalingAdjustment: 200 - MetricIntervalLowerBound: 10000 ScalingAdjustment: 400 AutoScalingGroupName: !ImportValue !Sub "${InfraStackName}-AutoScalingGroupName"
undefined
AWSTemplateFormatVersion: 2010-09-09 Description: Application stack using Auto Scaling from infrastructure stack
Parameters: InfraStackName: Type: String Default: infra-stack Description: Name of the infrastructure stack
Resources: ScalingPolicy: Type: AWS::AutoScaling::ScalingPolicy Properties: PolicyName: !Sub "${AWS::StackName}-scale-up" PolicyType: StepScaling AdjustmentType: PercentChangeInCapacity Cooldown: 300 StepAdjustments: - MetricIntervalLowerBound: 0 MetricIntervalUpperBound: 10000 ScalingAdjustment: 200 - MetricIntervalLowerBound: 10000 ScalingAdjustment: 400 AutoScalingGroupName: !ImportValue !Sub "${InfraStackName}-AutoScalingGroupName"
undefined

Nested Stacks for Modularity

嵌套栈实现模块化

yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Main stack with nested Auto Scaling stacks

Resources:
  # Nested stack for EC2 Auto Scaling
  EC2AutoScalingStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: https://s3.amazonaws.com/bucket/ec2-asg.yaml
      TimeoutInMinutes: 15
      Parameters:
        Environment: !Ref Environment
        InstanceType: !Ref InstanceType
        MinSize: !Ref MinSize
        MaxSize: !Ref MaxSize

  # Nested stack for scaling policies
  ScalingPoliciesStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: https://s3.amazonaws.com/bucket/scaling-policies.yaml
      TimeoutInMinutes: 15
      Parameters:
        AutoScalingGroupName: !GetAtt EC2AutoScalingStack.Outputs.AutoScalingGroupName
        Environment: !Ref Environment
yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Main stack with nested Auto Scaling stacks

Resources:
  # Nested stack for EC2 Auto Scaling
  EC2AutoScalingStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: https://s3.amazonaws.com/bucket/ec2-asg.yaml
      TimeoutInMinutes: 15
      Parameters:
        Environment: !Ref Environment
        InstanceType: !Ref InstanceType
        MinSize: !Ref MinSize
        MaxSize: !Ref MaxSize

  # Nested stack for scaling policies
  ScalingPoliciesStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: https://s3.amazonaws.com/bucket/scaling-policies.yaml
      TimeoutInMinutes: 15
      Parameters:
        AutoScalingGroupName: !GetAtt EC2AutoScalingStack.Outputs.AutoScalingGroupName
        Environment: !Ref Environment

Launch Configurations

Launch Configurations

Base Launch Configuration

基础Launch Configuration

yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling with Launch Configuration

Parameters:
  InstanceType:
    Type: String
    Default: t3.micro

  AmiId:
    Type: AWS::EC2::Image::Id

  KeyName:
    Type: AWS::EC2::KeyPair::KeyName

Resources:
  MyLaunchConfiguration:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      LaunchConfigurationName: !Sub "${AWS::StackName}-lc"
      ImageId: !Ref AmiId
      InstanceType: !Ref InstanceType
      KeyName: !Ref KeyName
      SecurityGroups:
        - !Ref InstanceSecurityGroup
      InstanceMonitoring: Enabled
      SpotPrice: !If [UseSpot, "0.05", !Ref AWS::NoValue]
      UserData:
        Fn::Base64: |
          #!/bin/bash
          yum update -y
          yum install -y httpd
          systemctl start httpd
          echo "Hello from Auto Scaling" > /var/www/html/index.html

  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Sub "${AWS::StackName}-instance-sg"
      GroupDescription: Security group for instances
      VpcId: !Ref VPCId
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0

Conditions:
  UseSpot: !Equals [!Ref UseSpotInstances, true]

Parameters:
  UseSpotInstances:
    Type: String
    Default: false
    AllowedValues:
      - true
      - false
yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling with Launch Configuration

Parameters:
  InstanceType:
    Type: String
    Default: t3.micro

  AmiId:
    Type: AWS::EC2::Image::Id

  KeyName:
    Type: AWS::EC2::KeyPair::KeyName

Resources:
  MyLaunchConfiguration:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      LaunchConfigurationName: !Sub "${AWS::StackName}-lc"
      ImageId: !Ref AmiId
      InstanceType: !Ref InstanceType
      KeyName: !Ref KeyName
      SecurityGroups:
        - !Ref InstanceSecurityGroup
      InstanceMonitoring: Enabled
      SpotPrice: !If [UseSpot, "0.05", !Ref AWS::NoValue]
      UserData:
        Fn::Base64: |
          #!/bin/bash
          yum update -y
          yum install -y httpd
          systemctl start httpd
          echo "Hello from Auto Scaling" > /var/www/html/index.html

  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Sub "${AWS::StackName}-instance-sg"
      GroupDescription: Security group for instances
      VpcId: !Ref VPCId
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0

Conditions:
  UseSpot: !Equals [!Ref UseSpotInstances, true]

Parameters:
  UseSpotInstances:
    Type: String
    Default: false
    AllowedValues:
      - true
      - false

Launch Templates

Launch Templates

Launch Template with Customization

可自定义的Launch Template

yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling with Launch Template

Parameters:
  InstanceType:
    Type: String
    Default: t3.micro

  AmiId:
    Type: AWS::EC2::Image::Id

Resources:
  MyLaunchTemplate:
    Type: AWS::EC2::LaunchTemplate
    Properties:
      LaunchTemplateName: !Sub "${AWS::StackName}-lt"
      LaunchTemplateData:
        ImageId: !Ref AmiId
        InstanceType: !Ref InstanceType
        Monitoring:
          Enabled: true
        NetworkInterfaces:
          - DeviceIndex: 0
            AssociatePublicIpAddress: false
            Groups:
              - !Ref InstanceSecurityGroup
        TagSpecifications:
          - ResourceType: instance
            Tags:
              - Key: Name
                Value: !Sub "${AWS::StackName}-instance"
              - Key: Environment
                Value: !Ref Environment
        UserData:
          Fn::Base64: |
            #!/bin/bash
            yum update -y
            systemctl enable httpd
            systemctl start httpd

  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Sub "${AWS::StackName}-sg"
      GroupDescription: Security group for instances
      VpcId: !Ref VPCId

  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchTemplate:
        LaunchTemplateId: !Ref MyLaunchTemplate
        Version: !GetAtt MyLaunchTemplate.LatestVersionNumber
yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling with Launch Template

Parameters:
  InstanceType:
    Type: String
    Default: t3.micro

  AmiId:
    Type: AWS::EC2::Image::Id

Resources:
  MyLaunchTemplate:
    Type: AWS::EC2::LaunchTemplate
    Properties:
      LaunchTemplateName: !Sub "${AWS::StackName}-lt"
      LaunchTemplateData:
        ImageId: !Ref AmiId
        InstanceType: !Ref InstanceType
        Monitoring:
          Enabled: true
        NetworkInterfaces:
          - DeviceIndex: 0
            AssociatePublicIpAddress: false
            Groups:
              - !Ref InstanceSecurityGroup
        TagSpecifications:
          - ResourceType: instance
            Tags:
              - Key: Name
                Value: !Sub "${AWS::StackName}-instance"
              - Key: Environment
                Value: !Ref Environment
        UserData:
          Fn::Base64: |
            #!/bin/bash
            yum update -y
            systemctl enable httpd
            systemctl start httpd

  InstanceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Sub "${AWS::StackName}-sg"
      GroupDescription: Security group for instances
      VpcId: !Ref VPCId

  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchTemplate:
        LaunchTemplateId: !Ref MyLaunchTemplate
        Version: !GetAtt MyLaunchTemplate.LatestVersionNumber

Auto Scaling Groups

Auto Scaling Groups

ASG with Load Balancer

搭配负载均衡器的ASG

yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling group with Application Load Balancer

Resources:
  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      VPCZoneIdentifier: !Ref PrivateSubnetIds
      LaunchConfigurationName: !Ref MyLaunchConfiguration
      TargetGroupARNs:
        - !Ref MyTargetGroup
      HealthCheckType: ELB
      HealthCheckGracePeriod: 300
      TerminationPolicies:
        - OldestInstance
        - Default
      InstanceMaintenancePolicy:
        MinHealthyPercentage: 50
        MaxHealthyPercentage: 200
      Tags:
        - Key: Environment
          Value: !Ref Environment
          PropagateAtLaunch: true
        - Key: Name
          Value: !Sub "${AWS::StackName}-instance"
          PropagateAtLaunch: true

  MyTargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      Name: !Sub "${AWS::StackName}-tg"
      Port: 80
      Protocol: HTTP
      VpcId: !Ref VPCId
      HealthCheckPath: /
      HealthCheckIntervalSeconds: 30
      HealthCheckTimeoutSeconds: 5
      HealthyThresholdCount: 5
      UnhealthyThresholdCount: 2
      TargetType: instance
yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling group with Application Load Balancer

Resources:
  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      VPCZoneIdentifier: !Ref PrivateSubnetIds
      LaunchConfigurationName: !Ref MyLaunchConfiguration
      TargetGroupARNs:
        - !Ref MyTargetGroup
      HealthCheckType: ELB
      HealthCheckGracePeriod: 300
      TerminationPolicies:
        - OldestInstance
        - Default
      InstanceMaintenancePolicy:
        MinHealthyPercentage: 50
        MaxHealthyPercentage: 200
      Tags:
        - Key: Environment
          Value: !Ref Environment
          PropagateAtLaunch: true
        - Key: Name
          Value: !Sub "${AWS::StackName}-instance"
          PropagateAtLaunch: true

  MyTargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      Name: !Sub "${AWS::StackName}-tg"
      Port: 80
      Protocol: HTTP
      VpcId: !Ref VPCId
      HealthCheckPath: /
      HealthCheckIntervalSeconds: 30
      HealthCheckTimeoutSeconds: 5
      HealthyThresholdCount: 5
      UnhealthyThresholdCount: 2
      TargetType: instance

ASG with Launch Template and Mixed Instances

搭配Launch Template和混合实例的ASG

yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling with Mixed Instances Policy

Resources:
  MyLaunchTemplate:
    Type: AWS::EC2::LaunchTemplate
    Properties:
      LaunchTemplateName: !Sub "${AWS::StackName}-lt"
      LaunchTemplateData:
        ImageId: !Ref AmiId
        InstanceType: t3.micro
        KeyName: !Ref KeyName

  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchTemplate:
        LaunchTemplateId: !Ref MyLaunchTemplate
        Version: !GetAtt MyLaunchTemplate.LatestVersionNumber
      MixedInstancesPolicy:
        InstancesDistribution:
          OnDemandAllocationStrategy: prioritized
          OnDemandBaseCapacity: 2
          OnDemandPercentageAboveBaseCapacity: 50
          SpotAllocationStrategy: capacity-optimized
          SpotInstancePools: 3
          SpotMaxPrice: !Ref MaxSpotPrice
        LaunchTemplate:
          LaunchTemplateId: !Ref MyLaunchTemplate
          Overrides:
            - InstanceType: t3.micro
            - InstanceType: t3.small
            - InstanceType: t3.medium
yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling with Mixed Instances Policy

Resources:
  MyLaunchTemplate:
    Type: AWS::EC2::LaunchTemplate
    Properties:
      LaunchTemplateName: !Sub "${AWS::StackName}-lt"
      LaunchTemplateData:
        ImageId: !Ref AmiId
        InstanceType: t3.micro
        KeyName: !Ref KeyName

  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchTemplate:
        LaunchTemplateId: !Ref MyLaunchTemplate
        Version: !GetAtt MyLaunchTemplate.LatestVersionNumber
      MixedInstancesPolicy:
        InstancesDistribution:
          OnDemandAllocationStrategy: prioritized
          OnDemandBaseCapacity: 2
          OnDemandPercentageAboveBaseCapacity: 50
          SpotAllocationStrategy: capacity-optimized
          SpotInstancePools: 3
          SpotMaxPrice: !Ref MaxSpotPrice
        LaunchTemplate:
          LaunchTemplateId: !Ref MyLaunchTemplate
          Overrides:
            - InstanceType: t3.micro
            - InstanceType: t3.small
            - InstanceType: t3.medium

ASG with Lifecycle Hooks

带生命周期挂钩的ASG

yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling with lifecycle hooks

Resources:
  MyLaunchConfiguration:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      LaunchConfigurationName: !Sub "${AWS::StackName}-lc"
      ImageId: !Ref AmiId
      InstanceType: t3.micro

  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchConfigurationName: !Ref MyLaunchConfiguration

  # Lifecycle Hook - Instance Launch
  LifecycleHookLaunch:
    Type: AWS::AutoScaling::LifecycleHook
    Properties:
      LifecycleHookName: !Sub "${AWS::StackName}-launch-hook"
      AutoScalingGroupName: !Ref MyAutoScalingGroup
      LifecycleTransition: autoscaling:EC2_INSTANCE_LAUNCHING
      HeartbeatTimeout: 900
      NotificationTargetARN: !Ref SnsTopicArn
      RoleARN: !GetAtt LifecycleHookRole.Arn

  # Lifecycle Hook - Instance Termination
  LifecycleHookTermination:
    Type: AWS::AutoScaling::LifecycleHook
    Properties:
      LifecycleHookName: !Sub "${AWS::StackName}-termination-hook"
      AutoScalingGroupName: !Ref MyAutoScalingGroup
      LifecycleTransition: autoscaling:EC2_INSTANCE_TERMINATING
      HeartbeatTimeout: 3600
      NotificationTargetARN: !Ref SnsTopicArn
      RoleARN: !GetAtt LifecycleHookRole.Arn

  # IAM Role for Lifecycle Hooks
  LifecycleHookRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${AWS::StackName}-lifecycle-role"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: autoscaling.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: !Sub "${AWS::StackName}-lifecycle-policy"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - sns:Publish
                Resource: !Ref SnsTopicArn

  SnsTopic:
    Type: AWS::SNS::Topic
    Properties:
      TopicName: !Sub "${AWS::StackName}-lifecycle"
yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling with lifecycle hooks

Resources:
  MyLaunchConfiguration:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      LaunchConfigurationName: !Sub "${AWS::StackName}-lc"
      ImageId: !Ref AmiId
      InstanceType: t3.micro

  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchConfigurationName: !Ref MyLaunchConfiguration

  # Lifecycle Hook - Instance Launch
  LifecycleHookLaunch:
    Type: AWS::AutoScaling::LifecycleHook
    Properties:
      LifecycleHookName: !Sub "${AWS::StackName}-launch-hook"
      AutoScalingGroupName: !Ref MyAutoScalingGroup
      LifecycleTransition: autoscaling:EC2_INSTANCE_LAUNCHING
      HeartbeatTimeout: 900
      NotificationTargetARN: !Ref SnsTopicArn
      RoleARN: !GetAtt LifecycleHookRole.Arn

  # Lifecycle Hook - Instance Termination
  LifecycleHookTermination:
    Type: AWS::AutoScaling::LifecycleHook
    Properties:
      LifecycleHookName: !Sub "${AWS::StackName}-termination-hook"
      AutoScalingGroupName: !Ref MyAutoScalingGroup
      LifecycleTransition: autoscaling:EC2_INSTANCE_TERMINATING
      HeartbeatTimeout: 3600
      NotificationTargetARN: !Ref SnsTopicArn
      RoleARN: !GetAtt LifecycleHookRole.Arn

  # IAM Role for Lifecycle Hooks
  LifecycleHookRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${AWS::StackName}-lifecycle-role"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: autoscaling.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: !Sub "${AWS::StackName}-lifecycle-policy"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - sns:Publish
                Resource: !Ref SnsTopicArn

  SnsTopic:
    Type: AWS::SNS::Topic
    Properties:
      TopicName: !Sub "${AWS::StackName}-lifecycle"

Scaling Policies

伸缩策略

Target Tracking Policy

目标追踪策略

yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling with Target Tracking scaling policy

Resources:
  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchConfigurationName: !Ref MyLaunchConfiguration

  TargetTrackingPolicy:
    Type: AWS::AutoScaling::ScalingPolicy
    Properties:
      PolicyName: !Sub "${AWS::StackName}-target-tracking"
      PolicyType: TargetTrackingScaling
      AutoScalingGroupName: !Ref MyAutoScalingGroup
      TargetTrackingConfiguration:
        PredefinedMetricSpecification:
          PredefinedMetricType: ASGAverageCPUUtilization
        TargetValue: 70
        DisableScaleIn: false
yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling with Target Tracking scaling policy

Resources:
  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchConfigurationName: !Ref MyLaunchConfiguration

  TargetTrackingPolicy:
    Type: AWS::AutoScaling::ScalingPolicy
    Properties:
      PolicyName: !Sub "${AWS::StackName}-target-tracking"
      PolicyType: TargetTrackingScaling
      AutoScalingGroupName: !Ref MyAutoScalingGroup
      TargetTrackingConfiguration:
        PredefinedMetricSpecification:
          PredefinedMetricType: ASGAverageCPUUtilization
        TargetValue: 70
        DisableScaleIn: false

Step Scaling Policy

阶梯式伸缩策略

yaml
Resources:
  StepScalingPolicy:
    Type: AWS::AutoScaling::ScalingPolicy
    Properties:
      PolicyName: !Sub "${AWS::StackName}-step-scaling"
      PolicyType: StepScaling
      AdjustmentType: PercentChangeInCapacity
      Cooldown: 300
      StepAdjustments:
        - MetricIntervalLowerBound: 0
          MetricIntervalUpperBound: 10000
          ScalingAdjustment: 200
        - MetricIntervalLowerBound: 10000
          MetricIntervalUpperBound: 20000
          ScalingAdjustment: 400
        - MetricIntervalLowerBound: 20000
          ScalingAdjustment: 600
      AutoScalingGroupName: !Ref MyAutoScalingGroup

  # Alarm for Step Scaling
  HighCpuAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: !Sub "${AWS::StackName}-high-cpu"
      AlarmDescription: Alarm when CPU utilization is high
      MetricName: CPUUtilization
      Namespace: AWS/EC2
      Dimensions:
        - Name: AutoScalingGroupName
          Value: !Ref MyAutoScalingGroup
      Statistic: Average
      Period: 60
      EvaluationPeriods: 3
      Threshold: 70
      ComparisonOperator: GreaterThanThreshold
      AlarmActions:
        - !Ref StepScalingPolicy
yaml
Resources:
  StepScalingPolicy:
    Type: AWS::AutoScaling::ScalingPolicy
    Properties:
      PolicyName: !Sub "${AWS::StackName}-step-scaling"
      PolicyType: StepScaling
      AdjustmentType: PercentChangeInCapacity
      Cooldown: 300
      StepAdjustments:
        - MetricIntervalLowerBound: 0
          MetricIntervalUpperBound: 10000
          ScalingAdjustment: 200
        - MetricIntervalLowerBound: 10000
          MetricIntervalUpperBound: 20000
          ScalingAdjustment: 400
        - MetricIntervalLowerBound: 20000
          ScalingAdjustment: 600
      AutoScalingGroupName: !Ref MyAutoScalingGroup

  # Alarm for Step Scaling
  HighCpuAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: !Sub "${AWS::StackName}-high-cpu"
      AlarmDescription: Alarm when CPU utilization is high
      MetricName: CPUUtilization
      Namespace: AWS/EC2
      Dimensions:
        - Name: AutoScalingGroupName
          Value: !Ref MyAutoScalingGroup
      Statistic: Average
      Period: 60
      EvaluationPeriods: 3
      Threshold: 70
      ComparisonOperator: GreaterThanThreshold
      AlarmActions:
        - !Ref StepScalingPolicy

Simple Scaling Policy

简单伸缩策略

yaml
Resources:
  SimpleScalingPolicy:
    Type: AWS::AutoScaling::ScalingPolicy
    Properties:
      PolicyName: !Sub "${AWS::StackName}-simple-scale-up"
      PolicyType: SimpleScaling
      AdjustmentType: ChangeInCapacity
      ScalingAdjustment: 1
      Cooldown: 300
      AutoScalingGroupName: !Ref MyAutoScalingGroup

  ScaleDownPolicy:
    Type: AWS::AutoScaling::ScalingPolicy
    Properties:
      PolicyName: !Sub "${AWS::StackName}-simple-scale-down"
      PolicyType: SimpleScaling
      AdjustmentType: ChangeInCapacity
      ScalingAdjustment: -1
      Cooldown: 600
      AutoScalingGroupName: !Ref MyAutoScalingGroup

  HighCpuAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: !Sub "${AWS::StackName}-high-cpu"
      MetricName: CPUUtilization
      Namespace: AWS/EC2
      Dimensions:
        - Name: AutoScalingGroupName
          Value: !Ref MyAutoScalingGroup
      Statistic: Average
      Period: 120
      EvaluationPeriods: 2
      Threshold: 80
      ComparisonOperator: GreaterThanThreshold
      AlarmActions:
        - !Ref SimpleScalingPolicy

  LowCpuAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: !Sub "${AWS::StackName}-low-cpu"
      MetricName: CPUUtilization
      Namespace: AWS/EC2
      Dimensions:
        - Name: AutoScalingGroupName
          Value: !Ref MyAutoScalingGroup
      Statistic: Average
      Period: 300
      EvaluationPeriods: 2
      Threshold: 30
      ComparisonOperator: LessThanThreshold
      AlarmActions:
        - !Ref ScaleDownPolicy
yaml
Resources:
  SimpleScalingPolicy:
    Type: AWS::AutoScaling::ScalingPolicy
    Properties:
      PolicyName: !Sub "${AWS::StackName}-simple-scale-up"
      PolicyType: SimpleScaling
      AdjustmentType: ChangeInCapacity
      ScalingAdjustment: 1
      Cooldown: 300
      AutoScalingGroupName: !Ref MyAutoScalingGroup

  ScaleDownPolicy:
    Type: AWS::AutoScaling::ScalingPolicy
    Properties:
      PolicyName: !Sub "${AWS::StackName}-simple-scale-down"
      PolicyType: SimpleScaling
      AdjustmentType: ChangeInCapacity
      ScalingAdjustment: -1
      Cooldown: 600
      AutoScalingGroupName: !Ref MyAutoScalingGroup

  HighCpuAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: !Sub "${AWS::StackName}-high-cpu"
      MetricName: CPUUtilization
      Namespace: AWS/EC2
      Dimensions:
        - Name: AutoScalingGroupName
          Value: !Ref MyAutoScalingGroup
      Statistic: Average
      Period: 120
      EvaluationPeriods: 2
      Threshold: 80
      ComparisonOperator: GreaterThanThreshold
      AlarmActions:
        - !Ref SimpleScalingPolicy

  LowCpuAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: !Sub "${AWS::StackName}-low-cpu"
      MetricName: CPUUtilization
      Namespace: AWS/EC2
      Dimensions:
        - Name: AutoScalingGroupName
          Value: !Ref MyAutoScalingGroup
      Statistic: Average
      Period: 300
      EvaluationPeriods: 2
      Threshold: 30
      ComparisonOperator: LessThanThreshold
      AlarmActions:
        - !Ref ScaleDownPolicy

Scheduled Scaling

定时伸缩

yaml
Resources:
  ScheduledScaleUp:
    Type: AWS::AutoScaling::ScheduledAction
    Properties:
      ScheduledActionName: !Sub "${AWS::StackName}-scheduled-scale-up"
      AutoScalingGroupName: !Ref MyAutoScalingGroup
      MinSize: 5
      MaxSize: 15
      DesiredCapacity: 5
      StartTime: "2024-01-01T08:00:00Z"

  ScheduledScaleDown:
    Type: AWS::AutoScaling::ScheduledAction
    Properties:
      ScheduledActionName: !Sub "${AWS::StackName}-scheduled-scale-down"
      AutoScalingGroupName: !Ref MyAutoScalingGroup
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      StartTime: "2024-01-01T20:00:00Z"

  # Recurring schedule using cron
  RecurringScaleUp:
    Type: AWS::AutoScaling::ScheduledAction
    Properties:
      ScheduledActionName: !Sub "${AWS::StackName}-morning-scale-up"
      AutoScalingGroupName: !Ref MyAutoScalingGroup
      MinSize: 5
      MaxSize: 15
      DesiredCapacity: 5
      Recurrence: "0 8 * * *"
yaml
Resources:
  ScheduledScaleUp:
    Type: AWS::AutoScaling::ScheduledAction
    Properties:
      ScheduledActionName: !Sub "${AWS::StackName}-scheduled-scale-up"
      AutoScalingGroupName: !Ref MyAutoScalingGroup
      MinSize: 5
      MaxSize: 15
      DesiredCapacity: 5
      StartTime: "2024-01-01T08:00:00Z"

  ScheduledScaleDown:
    Type: AWS::AutoScaling::ScheduledAction
    Properties:
      ScheduledActionName: !Sub "${AWS::StackName}-scheduled-scale-down"
      AutoScalingGroupName: !Ref MyAutoScalingGroup
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      StartTime: "2024-01-01T20:00:00Z"

  # 使用cron表达式设置重复调度
  RecurringScaleUp:
    Type: AWS::AutoScaling::ScheduledAction
    Properties:
      ScheduledActionName: !Sub "${AWS::StackName}-morning-scale-up"
      AutoScalingGroupName: !Ref MyAutoScalingGroup
      MinSize: 5
      MaxSize: 15
      DesiredCapacity: 5
      Recurrence: "0 8 * * *"

ECS Auto Scaling

ECS自动伸缩

ECS Service Scaling

ECS服务伸缩

yaml
AWSTemplateFormatVersion: 2010-09-09
Description: ECS service with Auto Scaling

Resources:
  # ECS Cluster
  EcsCluster:
    Type: AWS::ECS::Cluster
    Properties:
      ClusterName: !Sub "${AWS::StackName}-cluster"

  # Task Definition
  TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family: !Sub "${AWS::StackName}-task"
      Cpu: "512"
      Memory: "1024"
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      ContainerDefinitions:
        - Name: web
          Image: nginx:latest
          PortMappings:
            - ContainerPort: 80
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-group: !Ref LogGroup
              awslogs-region: !Ref AWS::Region

  # ECS Service
  EcsService:
    Type: AWS::ECS::Service
    Properties:
      ServiceName: !Sub "${AWS::StackName}-service"
      Cluster: !Ref EcsCluster
      TaskDefinition: !Ref TaskDefinition
      DesiredCount: 2
      LaunchType: FARGATE
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: DISABLED
          SecurityGroups:
            - !Ref ServiceSecurityGroup
          Subnets: !Ref PrivateSubnets
      LoadBalancers:
        - ContainerName: web
          ContainerPort: 80
          TargetGroupArn: !Ref TargetGroup

  # Application Auto Scaling Target
  ScalableTarget:
    Type: AWS::ApplicationAutoScaling::ScalableTarget
    Properties:
      MaxCapacity: 10
      MinCapacity: 2
      ResourceId: !Sub "service/${EcsCluster}/${EcsService.Name}"
      RoleARN: !GetAtt EcsServiceScalingRole.Arn
      ScalableDimension: ecs:service:DesiredCount
      ServiceNamespace: ecs

  # Target Tracking Scaling Policy
  EcsTargetTrackingPolicy:
    Type: AWS::ApplicationAutoScaling::ScalingPolicy
    Properties:
      PolicyName: !Sub "${AWS::StackName}-ecs-target-tracking"
      PolicyType: TargetTrackingScaling
      ScalingTargetId: !Ref ScalableTarget
      TargetTrackingScalingPolicyConfiguration:
        PredefinedMetricSpecification:
          PredefinedMetricType: ECSServiceAverageCPUUtilization
        TargetValue: 70
        ScaleInCooldown: 300
        ScaleOutCooldown: 60

  # Log Group
  LogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Sub "/ecs/${AWS::StackName}"
      RetentionInDays: 30

  # Security Group
  ServiceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Sub "${AWS::StackName}-service-sg"
      GroupDescription: Security group for ECS service
      VpcId: !Ref VPCId

  # Application Load Balancer Target Group
  TargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      Name: !Sub "${AWS::StackName}-ecs-tg"
      Port: 80
      Protocol: HTTP
      VpcId: !Ref VPCId
      TargetType: ip

  # IAM Role for ECS Service Scaling with Least Privilege
  EcsServiceScalingRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${AWS::StackName}-ecs-scaling-role"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: application-autoscaling.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: !Sub "${AWS::StackName}-ecs-scaling-policy"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - ecs:DescribeServices
                  - ecs:UpdateService
                Resource: !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:service/${EcsCluster}/*"
yaml
AWSTemplateFormatVersion: 2010-09-09
Description: ECS service with Auto Scaling

Resources:
  # ECS集群
  EcsCluster:
    Type: AWS::ECS::Cluster
    Properties:
      ClusterName: !Sub "${AWS::StackName}-cluster"

  # 任务定义
  TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family: !Sub "${AWS::StackName}-task"
      Cpu: "512"
      Memory: "1024"
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      ContainerDefinitions:
        - Name: web
          Image: nginx:latest
          PortMappings:
            - ContainerPort: 80
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-group: !Ref LogGroup
              awslogs-region: !Ref AWS::Region

  # ECS服务
  EcsService:
    Type: AWS::ECS::Service
    Properties:
      ServiceName: !Sub "${AWS::StackName}-service"
      Cluster: !Ref EcsCluster
      TaskDefinition: !Ref TaskDefinition
      DesiredCount: 2
      LaunchType: FARGATE
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: DISABLED
          SecurityGroups:
            - !Ref ServiceSecurityGroup
          Subnets: !Ref PrivateSubnets
      LoadBalancers:
        - ContainerName: web
          ContainerPort: 80
          TargetGroupArn: !Ref TargetGroup

  # 应用自动伸缩目标
  ScalableTarget:
    Type: AWS::ApplicationAutoScaling::ScalableTarget
    Properties:
      MaxCapacity: 10
      MinCapacity: 2
      ResourceId: !Sub "service/${EcsCluster}/${EcsService.Name}"
      RoleARN: !GetAtt EcsServiceScalingRole.Arn
      ScalableDimension: ecs:service:DesiredCount
      ServiceNamespace: ecs

  # 目标追踪伸缩策略
  EcsTargetTrackingPolicy:
    Type: AWS::ApplicationAutoScaling::ScalingPolicy
    Properties:
      PolicyName: !Sub "${AWS::StackName}-ecs-target-tracking"
      PolicyType: TargetTrackingScaling
      ScalingTargetId: !Ref ScalableTarget
      TargetTrackingScalingPolicyConfiguration:
        PredefinedMetricSpecification:
          PredefinedMetricType: ECSServiceAverageCPUUtilization
        TargetValue: 70
        ScaleInCooldown: 300
        ScaleOutCooldown: 60

  # 日志组
  LogGroup:
    Type: AWS::Logs::LogGroup
    Properties:
      LogGroupName: !Sub "/ecs/${AWS::StackName}"
      RetentionInDays: 30

  # 安全组
  ServiceSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Sub "${AWS::StackName}-service-sg"
      GroupDescription: Security group for ECS service
      VpcId: !Ref VPCId

  # 应用负载均衡器目标组
  TargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      Name: !Sub "${AWS::StackName}-ecs-tg"
      Port: 80
      Protocol: HTTP
      VpcId: !Ref VPCId
      TargetType: ip

  # ECS服务伸缩的最小权限IAM角色
  EcsServiceScalingRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${AWS::StackName}-ecs-scaling-role"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: application-autoscaling.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: !Sub "${AWS::StackName}-ecs-scaling-policy"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - ecs:DescribeServices
                  - ecs:UpdateService
                Resource: !Sub "arn:aws:ecs:${AWS::Region}:${AWS::AccountId}:service/${EcsCluster}/*"

Lambda Provisioned Concurrency Scaling

Lambda预留并发伸缩

Lambda with Provisioned Concurrency Auto Scaling

带预留并发自动伸缩的Lambda

yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Lambda with Application Auto Scaling for provisioned concurrency

Resources:
  # Lambda Function
  MyLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: !Sub "${AWS::StackName}-function"
      Runtime: python3.11
      Handler: app.handler
      Code:
        S3Bucket: !Ref CodeBucket
        S3Key: lambda/function.zip
      MemorySize: 512
      Timeout: 30
      Role: !GetAtt LambdaExecutionRole.Arn

  # Lambda Version
  LambdaVersion:
    Type: AWS::Lambda::Version
    Properties:
      FunctionName: !Ref MyLambdaFunction
      Description: Version for provisioned concurrency

  # Application Auto Scaling Scalable Target
  LambdaScalableTarget:
    Type: AWS::ApplicationAutoScaling::ScalableTarget
    Properties:
      MaxCapacity: 20
      MinCapacity: 5
      ResourceId: !Sub "function:${MyLambdaFunction}:${LambdaVersion.Version}"
      RoleARN: !GetAtt LambdaScalingRole.Arn
      ScalableDimension: lambda:function:ProvisionedConcurrency
      ServiceNamespace: lambda

  # Target Tracking Scaling Policy
  LambdaTargetTrackingPolicy:
    Type: AWS::ApplicationAutoScaling::ScalingPolicy
    Properties:
      PolicyName: !Sub "${AWS::StackName}-lambda-target-tracking"
      PolicyType: TargetTrackingScaling
      ScalingTargetId: !Ref LambdaScalableTarget
      TargetTrackingScalingPolicyConfiguration:
        TargetValue: 90
        PredefinedMetricSpecification:
          PredefinedMetricType: LambdaProvisionedConcurrencyUtilization
        ScaleInCooldown: 120
        ScaleOutCooldown: 60

  # Lambda Execution Role
  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${AWS::StackName}-lambda-role"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole

  # IAM Role for Lambda Scaling with Least Privilege
  LambdaScalingRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${AWS::StackName}-lambda-scaling-role"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: application-autoscaling.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: !Sub "${AWS::StackName}-lambda-scaling-policy"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - lambda:PutProvisionedConcurrencyConfig
                  - lambda:GetProvisionedConcurrencyConfig
                Resource: !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${MyLambdaFunction}:*"
yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Lambda with Application Auto Scaling for provisioned concurrency

Resources:
  # Lambda函数
  MyLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: !Sub "${AWS::StackName}-function"
      Runtime: python3.11
      Handler: app.handler
      Code:
        S3Bucket: !Ref CodeBucket
        S3Key: lambda/function.zip
      MemorySize: 512
      Timeout: 30
      Role: !GetAtt LambdaExecutionRole.Arn

  # Lambda版本
  LambdaVersion:
    Type: AWS::Lambda::Version
    Properties:
      FunctionName: !Ref MyLambdaFunction
      Description: Version for provisioned concurrency

  # 应用自动伸缩可伸缩目标
  LambdaScalableTarget:
    Type: AWS::ApplicationAutoScaling::ScalableTarget
    Properties:
      MaxCapacity: 20
      MinCapacity: 5
      ResourceId: !Sub "function:${MyLambdaFunction}:${LambdaVersion.Version}"
      RoleARN: !GetAtt LambdaScalingRole.Arn
      ScalableDimension: lambda:function:ProvisionedConcurrency
      ServiceNamespace: lambda

  # 目标追踪伸缩策略
  LambdaTargetTrackingPolicy:
    Type: AWS::ApplicationAutoScaling::ScalingPolicy
    Properties:
      PolicyName: !Sub "${AWS::StackName}-lambda-target-tracking"
      PolicyType: TargetTrackingScaling
      ScalingTargetId: !Ref LambdaScalableTarget
      TargetTrackingScalingPolicyConfiguration:
        TargetValue: 90
        PredefinedMetricSpecification:
          PredefinedMetricType: LambdaProvisionedConcurrencyUtilization
        ScaleInCooldown: 120
        ScaleOutCooldown: 60

  # Lambda执行角色
  LambdaExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${AWS::StackName}-lambda-role"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole

  # Lambda伸缩的最小权限IAM角色
  LambdaScalingRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "${AWS::StackName}-lambda-scaling-role"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: application-autoscaling.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: !Sub "${AWS::StackName}-lambda-scaling-policy"
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - lambda:PutProvisionedConcurrencyConfig
                  - lambda:GetProvisionedConcurrencyConfig
                Resource: !Sub "arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${MyLambdaFunction}:*"

Conditions and Transform

条件与转换

Conditions for Environment-Specific Scaling

针对不同环境的条件伸缩配置

yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling with conditional scaling configuration

Parameters:
  Environment:
    Type: String
    Default: dev
    AllowedValues:
      - dev
      - staging
      - production

Conditions:
  IsProduction: !Equals [!Ref Environment, production]
  IsStaging: !Equals [!Ref Environment, staging]
  UseSpot: !Or [!Equals [!Ref Environment, dev], !Equals [!Ref Environment, staging]]
  UseAlb: !Not [!Equals [!Ref Environment, dev]]
  EnableDetailedMonitoring: !Not [!Equals [!Ref Environment, dev]]

Resources:
  MyLaunchConfiguration:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      LaunchConfigurationName: !Sub "${AWS::StackName}-lc"
      ImageId: !Ref AmiId
      InstanceType: !If [IsProduction, t3.large, !If [IsStaging, t3.medium, t3.micro]]
      InstanceMonitoring: !If [EnableDetailedMonitoring, Enabled, Basic]

  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: !If [IsProduction, 3, !If [IsStaging, 2, 1]]
      MaxSize: !If [IsProduction, 12, !If [IsStaging, 6, 3]]
      DesiredCapacity: !If [IsProduction, 3, !If [IsStaging, 2, 1]]
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchConfigurationName: !Ref MyLaunchConfiguration
      HealthCheckType: !If [UseAlb, ELB, EC2]
      HealthCheckGracePeriod: !If [UseAlb, 300, 300]
yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Auto Scaling with conditional scaling configuration

Parameters:
  Environment:
    Type: String
    Default: dev
    AllowedValues:
      - dev
      - staging
      - production

Conditions:
  IsProduction: !Equals [!Ref Environment, production]
  IsStaging: !Equals [!Ref Environment, staging]
  UseSpot: !Or [!Equals [!Ref Environment, dev], !Equals [!Ref Environment, staging]]
  UseAlb: !Not [!Equals [!Ref Environment, dev]]
  EnableDetailedMonitoring: !Not [!Equals [!Ref Environment, dev]]

Resources:
  MyLaunchConfiguration:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      LaunchConfigurationName: !Sub "${AWS::StackName}-lc"
      ImageId: !Ref AmiId
      InstanceType: !If [IsProduction, t3.large, !If [IsStaging, t3.medium, t3.micro]]
      InstanceMonitoring: !If [EnableDetailedMonitoring, Enabled, Basic]

  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: !If [IsProduction, 3, !If [IsStaging, 2, 1]]
      MaxSize: !If [IsProduction, 12, !If [IsStaging, 6, 3]]
      DesiredCapacity: !If [IsProduction, 3, !If [IsStaging, 2, 1]]
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchConfigurationName: !Ref MyLaunchConfiguration
      HealthCheckType: !If [UseAlb, ELB, EC2]
      HealthCheckGracePeriod: !If [UseAlb, 300, 300]

Transform for Code Reuse

使用转换实现代码复用

yaml
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31

Description: Using SAM for simplified Auto Scaling

Globals:
  Function:
    Timeout: 30
    Runtime: python3.11
    Tracing: Active
    Environment:
      Variables:
        LOG_LEVEL: INFO

Parameters:
  Environment:
    Type: String
    Default: dev

Resources:
  # Auto Scaling Group using SAM
  WebServerGroup:
    Type: AWS::Serverless::Application
    Properties:
      Location: ./asg-template.yaml
      Parameters:
        Environment: !Ref Environment
yaml
AWSTemplateFormatVersion: 2010-09-09
Transform: AWS::Serverless-2016-10-31

Description: Using SAM for simplified Auto Scaling

Globals:
  Function:
    Timeout: 30
    Runtime: python3.11
    Tracing: Active
    Environment:
      Variables:
        LOG_LEVEL: INFO

Parameters:
  Environment:
    Type: String
    Default: dev

Resources:
  # 使用SAM的Auto Scaling组
  WebServerGroup:
    Type: AWS::Serverless::Application
    Properties:
      Location: ./asg-template.yaml
      Parameters:
        Environment: !Ref Environment

CloudFormation Stack Management Best Practices

CloudFormation栈管理最佳实践

Stack Policies

栈策略

Stack Policies prevent unintentional updates to critical stack resources. Use them to protect Auto Scaling Groups from accidental modifications or deletions.
yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Stack with policy to protect Auto Scaling resources

Resources:
  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchConfigurationName: !Ref MyLaunchConfiguration

  MyLaunchConfiguration:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      LaunchConfigurationName: !Sub "${AWS::StackName}-lc"
      ImageId: !Ref AmiId
      InstanceType: t3.micro

Metadata:
  AWS::CloudFormation::StackPolicy:
    Statement:
      - Effect: Allow
        Resource: "*"
        Action: Update:Modify
      - Effect: Deny
        Resource: "*"
        Action: Update:Delete
        Condition:
          StringEquals:
            ResourceType:
              - AWS::AutoScaling::AutoScalingGroup
              - AWS::AutoScaling::LaunchConfiguration
栈策略可防止对关键栈资源进行意外更新。使用栈策略保护Auto Scaling组,避免意外修改或删除。
yaml
AWSTemplateFormatVersion: 2010-09-09
Description: Stack with policy to protect Auto Scaling resources

Resources:
  MyAutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      AutoScalingGroupName: !Sub "${AWS::StackName}-asg"
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      VPCZoneIdentifier: !Ref SubnetIds
      LaunchConfigurationName: !Ref MyLaunchConfiguration

  MyLaunchConfiguration:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      LaunchConfigurationName: !Sub "${AWS::StackName}-lc"
      ImageId: !Ref AmiId
      InstanceType: t3.micro

Metadata:
  AWS::CloudFormation::StackPolicy:
    Statement:
      - Effect: Allow
        Resource: "*"
        Action: Update:Modify
      - Effect: Deny
        Resource: "*"
        Action: Update:Delete
        Condition:
          StringEquals:
            ResourceType:
              - AWS::AutoScaling::AutoScalingGroup
              - AWS::AutoScaling::LaunchConfiguration

Termination Protection

终止保护

Enable termination protection to prevent accidental deletion of Auto Scaling Groups. This is critical for production environments.
bash
undefined
启用终止保护可防止意外删除Auto Scaling组,这在生产环境中至关重要。
bash
undefined

Enable termination protection on an existing stack

为现有栈启用终止保护

aws cloudformation update-termination-protection
--stack-name my-auto-scaling-stack
--enable-termination-protection
aws cloudformation update-termination-protection
--stack-name my-auto-scaling-stack
--enable-termination-protection

Check if termination protection is enabled

检查终止保护是否启用

aws cloudformation describe-stacks
--stack-name my-auto-scaling-stack
--query "Stacks[0].EnableTerminationProtection"
undefined
aws cloudformation describe-stacks
--stack-name my-auto-scaling-stack
--query "Stacks[0].EnableTerminationProtection"
undefined

Drift Detection

漂移检测

Detect when your Auto Scaling infrastructure has been modified outside of CloudFormation.
bash
undefined
检测Auto Scaling基础设施是否在CloudFormation之外被修改。
bash
undefined

Detect drift on a stack

检测栈漂移

aws cloudformation detect-stack-drift
--stack-name my-auto-scaling-stack
aws cloudformation detect-stack-drift
--stack-name my-auto-scaling-stack

Get drift detection status

获取漂移检测状态

aws cloudformation describe-stack-drift-detection-status
--stack-name my-auto-scaling-stack
aws cloudformation describe-stack-drift-detection-status
--stack-name my-auto-scaling-stack

Get drift detection results

获取漂移检测结果

aws cloudformation describe-stack-resource-drifts
--stack-name my-auto-scaling-stack
aws cloudformation describe-stack-resource-drifts
--stack-name my-auto-scaling-stack

Check specific resource drift

检查特定资源的漂移情况

aws cloudformation describe-stack-resource-drifts
--stack-name my-auto-scaling-stack
--stack-resource-drifts-not-in-sync
undefined
aws cloudformation describe-stack-resource-drifts
--stack-name my-auto-scaling-stack
--stack-resource-drifts-not-in-sync
undefined

Change Sets

变更集

Use Change Sets to preview and review changes before applying them to your Auto Scaling infrastructure.
bash
undefined
使用变更集在将变更应用到Auto Scaling基础设施之前进行预览和审核。
bash
undefined

Create a change set

创建变更集

aws cloudformation create-change-set
--stack-name my-auto-scaling-stack
--change-set-name my-changeset
--template-body file://template.yaml
--parameters ParameterKey=Environment,ParameterValue=production
aws cloudformation create-change-set
--stack-name my-auto-scaling-stack
--change-set-name my-changeset
--template-body file://template.yaml
--parameters ParameterKey=Environment,ParameterValue=production

List change sets

列出变更集

aws cloudformation list-change-sets
--stack-name my-auto-scaling-stack
aws cloudformation list-change-sets
--stack-name my-auto-scaling-stack

Describe change set

描述变更集

aws cloudformation describe-change-set
--stack-name my-auto-scaling-stack
--change-set-name my-changeset
aws cloudformation describe-change-set
--stack-name my-auto-scaling-stack
--change-set-name my-changeset

Execute change set

执行变更集

aws cloudformation execute-change-set
--stack-name my-auto-scaling-stack
--change-set-name my-changeset

```yaml
aws cloudformation execute-change-set
--stack-name my-auto-scaling-stack
--change-set-name my-changeset

```yaml

Automated change set creation in CI/CD pipeline

CI/CD流水线中自动创建变更集

Resources: ChangeSetRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: cloudformation.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: ChangeSetPolicy PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - autoscaling:Describe* - cloudwatch:Describe* - ec2:Describe* Resource: "" - Effect: Allow Action: - autoscaling:UpdateAutoScalingGroup - autoscaling:CreateOrUpdateTags - cloudwatch:PutMetricAlarm - cloudwatch:DeleteAlarms Resource: - !Sub "arn:aws:autoscaling:${AWS::Region}:${AWS::AccountId}:autoScalingGroup::autoScalingGroupName/" - !Sub "arn:aws:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:"
undefined
Resources: ChangeSetRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: cloudformation.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: ChangeSetPolicy PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - autoscaling:Describe* - cloudwatch:Describe* - ec2:Describe* Resource: "" - Effect: Allow Action: - autoscaling:UpdateAutoScalingGroup - autoscaling:CreateOrUpdateTags - cloudwatch:PutMetricAlarm - cloudwatch:DeleteAlarms Resource: - !Sub "arn:aws:autoscaling:${AWS::Region}:${AWS::AccountId}:autoScalingGroup::autoScalingGroupName/" - !Sub "arn:aws:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:"
undefined

Best Practices

最佳实践

High Availability

高可用性

  • Distribute instances across multiple AZs
  • Use ALB with health checks for automatic routing
  • Implement lifecycle hooks for graceful shutdown
  • Configure appropriate termination policies
  • Use mixed instances policies for diversity
  • 在多个可用区中分布实例
  • 使用带健康检查的ALB实现自动路由
  • 实现生命周期挂钩以实现优雅关闭
  • 配置合适的终止策略
  • 使用混合实例策略实现实例多样性

Cost Optimization

成本优化

  • Use Spot Instances for fault-tolerant workloads
  • Implement right-sizing of instances
  • Configure aggressive scale-in policies
  • Use scheduled scaling for predictable patterns
  • Monitor and optimize regularly
  • 为容错型工作负载使用Spot实例
  • 实现实例的合理选型
  • 配置激进的缩容策略
  • 为可预测的负载模式使用定时伸缩
  • 定期监控和优化

Monitoring

监控

  • Create CloudWatch Alarms for key metrics
  • Implement scaling policies based on metrics
  • Use lifecycle hooks for logging and analytics
  • Configure SNS notifications for scaling events
  • Implement detailed monitoring for troubleshooting
  • 为关键指标创建CloudWatch告警
  • 基于指标实现伸缩策略
  • 使用生命周期挂钩进行日志记录和分析
  • 为伸缩事件配置SNS通知
  • 配置详细监控以进行故障排查

Security

安全

  • Use IAM roles with minimum permissions
  • Encrypt EBS volumes with KMS
  • Configure restrictive security groups
  • Use VPC with appropriate subnets
  • Implement parameter store for sensitive configuration
  • Avoid using broad managed policies like 
    CloudWatchFullAccess
  • Use specific permissions instead of broad managed policies
  • 使用最小权限的IAM角色
  • 使用KMS加密EBS卷
  • 配置严格的安全组
  • 使用带合适子网的VPC
  • 使用参数存储管理敏感配置
  • 避免使用
    CloudWatchFullAccess
    这类宽泛的托管策略
  • 使用特定权限而非宽泛的托管策略

Least Privilege IAM Examples

最小权限IAM示例

yaml
undefined
yaml
undefined

Instead of CloudWatchFullAccess, use specific permissions

替代CloudWatchFullAccess,使用特定权限

ScalingAlarmRole: Type: AWS::IAM::Role Properties: RoleName: !Sub "${AWS::StackName}-scaling-alarm-role" AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: autoscaling.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: !Sub "${AWS::StackName}-cloudwatch-specific-policy" PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - cloudwatch:PutMetricAlarm - cloudwatch:DescribeAlarms - cloudwatch:DeleteAlarms - cloudwatch:EnableAlarmActions - cloudwatch:DisableAlarmActions Resource: !Sub "arn:aws:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:*"
undefined
ScalingAlarmRole: Type: AWS::IAM::Role Properties: RoleName: !Sub "${AWS::StackName}-scaling-alarm-role" AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: autoscaling.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: !Sub "${AWS::StackName}-cloudwatch-specific-policy" PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - cloudwatch:PutMetricAlarm - cloudwatch:DescribeAlarms - cloudwatch:DeleteAlarms - cloudwatch:EnableAlarmActions - cloudwatch:DisableAlarmActions Resource: !Sub "arn:aws:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:*"
undefined

Related Resources

相关资源

Additional Files

附加文件

For complete details on resources and their properties, consult:
  • REFERENCE.md - Detailed reference guide for all CloudFormation resources
  • EXAMPLES.md - Complete production-ready examples
如需了解资源及其属性的完整详情,请参考:
  • REFERENCE.md - 所有CloudFormation资源的详细参考指南
  • EXAMPLES.md - 完整的生产环境可用示例