AWS Auto Scaling
      Back to home
      1. Knowledge Base
      2. AWS Knowledge Base
      3. AWS Auto Scaling

      Auto Scaling Notifications Not Active

      This plugin ensures AWS Auto Scaling Groups have at least one notification configuration active.

      Risk Level: Medium

      Description

      This plugin ensures AWS Auto Scaling Groups have at least one notification configuration active. Auto Scaling groups can have SNS notification service enabled for trigger events like launch, terminate, fail to launch and fail to terminate for the instances associated. It is recommended that these notifications are active for all AutoScaling groups.

      About the Service

      AWS Auto Scaling: As the name suggests, AWS AutoScaling monitors the running resources and if required, increases the scaling capability at the lowest possible costs. AutoScaling is easy to set up and automatically maintains performance of your cloud infrastructure.

      Impact

      AWS Auto Scaling groups supports SNS notifications for events like launch, terminate, fail to launch and fail to terminate instances. If the notifications are disabled, these warnings might be missed by the cloud engineers essential for setting up smooth functioning of the infrastructure.

      Steps to Reproduce

      Using AWS Console-

      1. Log In to your AWS Console.
      2. Open the Amazon EC2 Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
      3. Scroll down and select Auto Scaling Groups under the Auto Scaling section from the left pane.
      4. A list of Auto Scaling Groups will be displayed, select the one you want to investigate by clicking on its Name.
      5. Move to the Activity tab. If the Activity notifications have no SNS endpoint enabled, the Auto Scaling Group has no active notifications. 
      6. Repeat steps 3 to 5 for all the Auto Scaling groups you want to investigate.

      Steps for Remediation

      Add a notification endpoint to the auto scaling group.

      1. Log In to your AWS Console.
      2. Open the Amazon EC2 Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
      3. Scroll down and select Auto Scaling Groups under the Auto Scaling section from the left pane.
      4. A list of Auto Scaling Groups will be displayed, select the vulnerable Auto Scaling Group by clicking on its Name.
      5. Move to the Activity tab. If the Activity notifications have no SNS endpoint enabled, the Auto Scaling Group has no active notifications. 
      6. Click on Create Notification. A popup box appears. Choose an existing SNS Topic or create a topic. Check all the event types that need to be captured by SNS. Click on Create when done.
      7. Repeat steps 3 to 6 for all the vulnerable Auto Scaling groups.