Skip to content

(aws-autoscaling): Build guardrail to prevent availability risk by instance profile deletion/recreation during migration to LT #34283

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task
jungseoklee opened this issue Apr 28, 2025 · 2 comments · May be fixed by #34342
Open
1 task

(aws-autoscaling): Build guardrail to prevent availability risk by instance profile deletion/recreation during migration to LT #34283

jungseoklee opened this issue Apr 28, 2025 · 2 comments · May be fixed by #34342
Labels
@aws-cdk/aws-autoscaling Related to Amazon EC2 Auto Scaling feature-request A feature should be added or improved. p2

Comments

@jungseoklee
Copy link
Contributor

jungseoklee commented Apr 28, 2025
edited
Loading

Describe the bug

Hi CDK community,

Today, AutoScalingGroup construct creates IAM instance profile using role provided by a customer. When a customer updates an existing Auto Scaling group associated with Launch Configuration to use Launch Template, i.e. passing Launch Template as an input for AutoScalingGroup construct AND creates Launch Template using role, IAM instance profile is deleted and re-created due to change in CFN logical ID. If IAM instance profile is referenced, it can end up with losing access.

This issue is about addressing the risk in AutoScalingGroup construct by building safety guardrail, e.g. enforcing RollingUpdate or throwing validation error.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

An deleted IAM instance profile should not be referenced.

Current Behavior

An deleted IAM instance profile is referenced.

Reproduction Steps

  1. Create Auto Scaling group using Launch Configuration with role.
  • This is only possible when using CDK version not enabling AUTOSCALING_GENERATE_LAUNCH_TEMPLATE feature flag.
  1. Create Launch Template with role.
  2. Update Auto Scaling group to take Launch Template created in the previous step.

Possible Solution

A high-level proposal is to enforce RollingUpdate when migrating Launch Template from Launch Configuration. Here are implementation details:

  • Add migrateToLaunchTemplate? attribute to AutoScalingGroup construct.
  • Set UpdatePolicy.rollingUpdate() when migrateToLaunchTemplate is true.

In this way, we can guarantee that existing EC2 instances based on Launch Configuration are terminated and new EC2 instances based on Launch Template are launched, which always uses IAM instance profile defined by Launch Template.

Additional Information/Context

No response

CDK CLI Version

Applicable to every versions before AutoScalingGroup is created with Launch Template by default

Framework Version

No response

Node.js Version

Applicable to every version

OS

Applicable to every OS

Language

TypeScript

Language Version

No response

Other information

No response
@jungseoklee jungseoklee added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 28, 2025
@github-actions github-actions bot added the @aws-cdk/aws-autoscaling Related to Amazon EC2 Auto Scaling label Apr 28, 2025
@ykethan
Copy link
Contributor

ykethan commented Apr 28, 2025
edited
Loading

Hey, thank you for reporting this issue regarding the potential availability risk during migration from Launch Configuration to Launch Template.

Current behavior:

  1. When an AutoScalingGroup is created with a Launch Configuration, it creates an IAM instance profile with logical ID 'InstanceProfile'
// In AutoScalingGroup constructor when using Launch Configuration
const iamProfile = new iam.CfnInstanceProfile(this, 'InstanceProfile', {
  roles: [this.role.roleName],
});
  1. When using a Launch Template, it creates an IAM instance profile with logical ID 'Profile'
// In LaunchTemplate constructor
const iamProfile = new iam.CfnInstanceProfile(this, 'Profile', {
  roles: [this.role.roleName],
});
  1. During migration, CloudFormation deletes the old profile and creates a new one, causing a window where running instances may lose access

Users can currently mitigate this issue by explicitly specifying a rolling update policy when migrating:

// When migrating from Launch Configuration to Launch Template
new autoscaling.AutoScalingGroup(this, 'ASG', {
  // ... other properties ...
  launchTemplate: myLaunchTemplate,
  updatePolicy: autoscaling.UpdatePolicy.rollingUpdate({
    maxBatchSize: 1,
    minInstancesInService: 1,
    pauseTime: Duration.minutes(5),
    waitOnResourceSignals: true,
  }),
});

This ensures instances are properly replaced during the migration, preventing the availability issue.

I do agree with your proposed solution to add a migrateToLaunchTemplate property for better visibility. However, I'd suggest a slight modification:

Instead of automatically applying a default rolling update policy (which might not be suitable for all users), the property could enforce that users explicitly define their own rolling update policy:

// In the AutoScalingGroup constructor
if (props.migrateToLaunchTemplate === true && !props.updatePolicy) {
  throw new ValidationError(
    'When migrateToLaunchTemplate is true, you must also provide an updatePolicy ' +
    'to ensure instances are properly replaced during migration. ' +
    'This prevents instances from referencing a deleted IAM instance profile. ' +
    'Use UpdatePolicy.rollingUpdate() to define your rolling update settings.',
    this
  );
}

This approach:
would maintain backward compatibility as its a optional property
provides different users with different rolling update requirements
Ensures the safety guardrail is in place

If you are interested in implementing this feature, please feel free to open a Pull Request. The contribution guidelines can be found here.

Marking as feature request P2

@ykethan ykethan added p2 feature-request A feature should be added or improved. and removed bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 28, 2025
@jungseoklee
Copy link
Contributor Author

jungseoklee commented Apr 28, 2025
edited
Loading

Thanks for taking a look! Your understanding is correct, and I agree with your suggestion.

@github-actions github-actions bot mentioned this issue May 1, 2025
Open
@jungseoklee jungseoklee linked a pull request May 2, 2025 that will close this issue
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-autoscaling Related to Amazon EC2 Auto Scaling feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
2 participants
@jungseoklee @ykethan