The document outlines an AWS Summit agenda that focuses on auto scaling techniques. The agenda includes discussing auto scaling groups, launch configurations, manual and policy-based scaling, custom CloudWatch metrics, session affinity, and stateless application architectures. It also discusses techniques for securely deploying resources like using CloudFormation templates and IAM roles for access control.
29. Define an auto scaling group
Specify limits and placement of resources
within an auto-scaling group
30. Give the auto scaling group a name
$PROMPT>as-create-auto-scaling-group
WidgetsIncScalingGroup --launch-configuration
WidgetsIncConfig --availability-zones ap-
southeast-1a ap-southeast-1b --min-size 2 --max-
size 3
31. Specify the launch config to use
$PROMPT>as-create-auto-scaling-group
WidgetsIncScalingGroup --launch-configuration
WidgetsIncConfig --availability-zones ap-
southeast-1a ap-southeast-1b --min-size 2 --max-
size 3
32. Specify the availability zones
$PROMPT>as-create-auto-scaling-group
WidgetsIncScalingGroup --launch-configuration
WidgetsIncConfig --availability-zones ap-
southeast-1a ap-southeast-1b --min-size 2 --
max-size 3
42. Manual scaling
Basic use of auto scaling
Specify desired capacity
Launch config and auto scaling group parameters apply
$PROMPT> as-set-desired-capacity
WidgetsIncScalingGroup --desired-capacity 3
45. Schedule based scaling
Change the number of instances based on a schedule
Scaling occurs as a function of time and date
$ PROMPT> as-put-scheduled-update-group-action
scheduledAction1 –g WidgetsIncScalingGroup
--time “2011-12-05T02:00:00Z” –-min 5 –-max
10
54. Policy based scaling
Change the number of instances based on
environmental changes e.g. increased CPU utilisation
Environmental data provided by CloudWatch or custom
user defined metrics
Consists of two components {policies & alarms}
Puts the AUTO in auto scaling
55. Give the scaling policy a name
$ PROMPT>as-put-scaling-policy MyScaleUpPolicy
--auto-scaling-group WidgetsIncScalingGroup
--adjustment=1 --type ChangeInCapacity
56. Specify the auto scaling group it applies to
$ PROMPT>as-put-scaling-policy MyScaleUpPolicy --
auto-scaling-group WidgetsIncScalingGroup
--adjustment=1 --type ChangeInCapacity
57. Specify the adjustment to take place
$ PROMPT>as-put-scaling-policy MyScaleUpPolicy --
auto-scaling-group WidgetsIncScalingGroup
--adjustment=1 –type ChangeInCapacity
58. Give the metric alarm a name
$ PROMPT>mon-put-metric-alarm MyHighCPUAlarm
--comparison-operator GreaterThanThreshold
--evaluation-periods 1 --metric-name
CPUUtilization --namespace "AWS/EC2" --period
600 --statistic Average --threshold 80 --alarm-
actions POLICY-ARN_from_previous_step
--dimensions
"AutoScalingGroupName=WidgetsIncScalingGroup"
60. Specify the evaluation period
$ PROMPT>mon-put-metric-alarm MyHighCPUAlarm
--comparison-operator GreaterThanThreshold
--evaluation-periods 1 --metric-name
CPUUtilization --namespace "AWS/EC2" --period
600 --statistic Average --threshold 80 --alarm-
actions POLICY-ARN_from_previous_step
--dimensions
"AutoScalingGroupName=WidgetsIncScalingGroup"
61. Specify the metric name
$ PROMPT>mon-put-metric-alarm MyHighCPUAlarm
--comparison-operator GreaterThanThreshold
--evaluation-periods 1 --metric-name
CPUUtilization --namespace "AWS/EC2"
--period 600 --statistic Average --threshold
80 --alarm-actions POLICY-ARN_from_previous_step
--dimensions
"AutoScalingGroupName=WidgetsIncScalingGroup"
62. Specify the period to take an average over
$ PROMPT>mon-put-metric-alarm MyHighCPUAlarm
--comparison-operator GreaterThanThreshold
--evaluation-periods 1 --metric-name
CPUUtilization --namespace "AWS/EC2"
--period 600 --statistic Average
--threshold 80 --alarm-actions POLICY-
ARN_from_previous_step --dimensions
"AutoScalingGroupName=WidgetsIncScalingGroup"
63. Specify the % threshold to scale on
$ PROMPT>mon-put-metric-alarm MyHighCPUAlarm
--comparison-operator GreaterThanThreshold
--evaluation-periods 1 --metric-name
CPUUtilization --namespace "AWS/EC2" --period
600 --statistic Average --threshold 80
--alarm-actions POLICY-ARN_from_previous_step
--dimensions
"AutoScalingGroupName=WidgetsIncScalingGroup"
64. Associate with a policy
$ PROMPT>mon-put-metric-alarm MyHighCPUAlarm
--comparison-operator GreaterThanThreshold
--evaluation-periods 1 --metric-name
CPUUtilization --namespace "AWS/EC2" --period
600 --statistic Average --threshold 80
--alarm-actions <POLICY-
ARN_from_previous_step> --dimensions
"AutoScalingGroupName=WidgetsIncScalingGroup"
65. Specify the auto scaling group
$ PROMPT>mon-put-metric-alarm MyHighCPUAlarm
--comparison-operator GreaterThanThreshold
--evaluation-periods 1 --metric-name
CPUUtilization --namespace "AWS/EC2" --period
600 --statistic Average --threshold 80 --alarm-
actions POLICY-ARN_from_previous_step
--dimensions
"AutoScalingGroupName=WidgetsIncScalingGro
up"
66. What if you need to scale on a
metric not available in
CloudWatch?
90. Apache Tomcat
Install memcached-session-manager on each tomcat
server
Configure memcached to store copy of state in
Elasticache
91. Apache Tomcat
Install memcached-session-manager on each tomcat
server
Configure memcached to store copy of state in
Elasticache
If user session is not available from local cache, request
it from Elasticache
92. Apache Tomcat
Install memcached-session-manager on each tomcat
server
Configure memcached to store copy of state in
Elasticache
If user session is not available from local cache, request
it from Elasticache
Use with or without session affinity
93. Deploying
Resources
Techniques to increase
efficiency and productivity
103. CloudFormation
Define application stack via simple text file
Use stack parameters to customise
Deploy new stacks/update existing stacks
104. CloudFormation
Define application stack via simple text file
Use stack parameters to customise
Deploy new stacks/update existing stacks
Create templates from existing resources with
CloudFormer
133. Bake in AWS credentials
• AWS credentials provide full access to all your AWS
resources
134. Bake in AWS credentials
• AWS credentials provide full access to all your AWS
resources
• If the AMI or EC2 instance is compromised then the
credentials can be used to access all your resources
135. Bake in AWS credentials
• AWS credentials provide full access to all your AWS
resources
• If the AMI or EC2 instance is compromised then the
credentials can be used to access all your resources
• Rotating credentials requires rebuilding AMI
140. Bake in IAM credentials
• Reduced the impact in the event that instance or AMI is
compromised
141. Bake in IAM credentials
• Reduced the impact in the event that instance or AMI is
compromised
• Rotating credentials still requires rebuilding AMI
144. Bake in IAM credentials
• Pass in IAM credentials as user-data
145. Bake in IAM credentials
• Pass in IAM credentials as user-data
• Rotating credentials does not require rebuilding an AMI
146. Bake in IAM credentials
• Pass in IAM credentials as user-data
• Rotating credentials does not require rebuilding an AMI
• We still need a way to rotate credentials if an instance is
compromised
147. Bake in IAM credentials
• Pass in IAM credentials as user-data
• Rotating credentials does not require rebuilding an AMI
• We still need a way to rotate credentials if an instance is
compromised
• IAM credentials available to any local user with access to
http://169.254.169.254
149. Two stage look-up of IAM credentials
• Pass in a time-based pre-authenticated URL to IAM
credentials stored in S3
150. Two stage look-up of IAM credentials
• Pass in a time-based pre-authenticated URL to IAM
credentials stored in S3
• Download credentials from S3
151. Two stage look-up of IAM credentials
• Pass in a time-based pre-authenticated URL to IAM
credentials stored in S3
• Download credentials from S3
• If instance is compromised after URL expires then we
expire the IAM credentials on S3
152. Two stage look-up of IAM credentials
• Pass in a time-based pre-authenticated URL to IAM
credentials stored in S3
• Download credentials from S3
• If instance is compromised after URL expires then we
expire the IAM credentials on S3
• Improved security but complicates auto scaling
154. Add IAM to config file management
• Register instance with config management tool on boot
e.g. puppet/chef
155. Add IAM to config file management
• Register instance with config management tool on boot
e.g. puppet/chef
• Deploy latest valid credentials
156. Add IAM to config file management
• Register instance with config management tool on boot
e.g. puppet/chef
• Deploy latest valid credentials
• In the event that you need to rotate IAM credentials push
the latest set to to each instance
162. IAM temporary security credentials
• Create a small number of IAM users for mobile devices
163. IAM temporary security credentials
• Create a small number of IAM users for mobile devices
• Device user authenticates via session proxy
164. IAM temporary security credentials
• Create a small number of IAM users for mobile devices
• Device user authenticates via session proxy
• Session proxy requests token from AWS security token
service
165. IAM temporary security credentials
• Create a small number of IAM users for mobile devices
• Device user authenticates via session proxy
• Session proxy requests token from AWS security token
service
• Token passed to device
173. Access Tags via the CLI
$ PROMPT>ec2-create-tags ami-1a2b3c4di i-6f5d4e3a
–tag webserver –tag stack=production
TAG ami-1a2b3c4di image webserver
TAG ami-1a2b3c4di image stack production
TAG i-6f5d4e3a image webserver
TAG i-6f5d4e3a image stack production
174. Tag auto scaling groups
$ PROMPT>as-describe-auto-scaling-groups MyTagASG
AUTO-SCALING-GROUP MyTagLC us-east-1a 1 10 5
INSTANCE INSTANCE-ID AVAILABILITY-ZONE STATE STATUS LAUNCH-CONFIG
TAG RESOURCE-ID RESOURCE-TYPE KEY VALUE PROPOGATE-AT-LAUNCH TAG
MyTagASG auto-scaling-group version 1.0 true
198. Read replicas
• Modify application to use a connection pool
• Determine which reads need to be synchronous
199. Read replicas
• Modify application to use a connection pool
• Determine which reads need to be synchronous
• Determine which reads can be asynchronous
203. Sharding
• Choose a suitable primary key to shard on
• Split database across multiple database servers
204. Sharding
• Choose a suitable primary key to shard on
• Split database across multiple database servers
• Implement two-stage shard access at application tier
• Stage #1 – What shard modulus does customer X use
• Stage #2 - Direct query at relevant database