How do I set instances launched through EC2 Auto Scaling to have multiple elastic network interfaces with each interface in different subnets?

5 minute read
1

When Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling launches a new instance, I want a second elastic network interface in a different subnet to automatically attach to it. I also want EC2 Auto Scaling to delete the elastic network interface upon instance termination.

Short description

EC2 Auto Scaling supports the attachment of a second elastic network interface automatically when Auto Scaling spins up a new instance. However, both elastic network interfaces attached to the instance are in the same subnet. You can manually place instances launched by EC2 Auto Scaling in two different subnets of your choice. For example, you can have one elastic network interface in a public subnet and the other in a private subnet. To avoid exhausting private IP addresses in the subnet, elastic network interfaces attached to the instance are deleted after the instances stop. This helps prevent reaching the elastic network interface limit in your account.

Note: The following resolution is for an Auto Scaling group active in a single or multiple Availability Zones with two subnets in each Availability Zone. And also supports warm pools and scale-in to warm pool.

Resolution

Create an AWS Lambda function

Note: When Auto Scaling launches a new instance the rule or SNS topic is invoked by EC2 Instance-launch Lifecycle Action.

Create a Lambda function that performs the following actions:

  • Checks the subnet of the first network interface that's attached to the launched instance.
  • Attaches a second elastic network interface to the instance in the other subnet configured in that Availability Zone on the Auto Scaling group.

To create the Lambda function, complete the following steps:

Note: The second elastic network interface attached to the instance must be created when the instance is in the Pending:wait state.

  1. Open the Lambda console.

  2. Choose Create function.

  3. Select Author from scratch.

  4. Enter a name for the Lambda function in the Function name field, and then choose Python 3.8 for Runtime.

  5. Expand Permissions by selecting the dropdown list arrow to change the default execution role for a Lambda function. You can choose to use an existing AWS Identity and Access Management (IAM) role or create a custom role on IAM console.

    The function role must have the following permissions:

    {
      "Statement": [
        {
          "Action": [
            "logs:CreateLogGroup",
            "logs:CreateLogStream",
            "logs:PutLogEvents"
          ],
          "Effect": "Allow",
          "Resource": "arn:aws:logs:*:*:*"
        },
        {
          "Action": [
            "ec2:CreateNetworkInterface",
            "ec2:DescribeNetworkInterfaces",
            "ec2:DetachNetworkInterface",
            "ec2:DeleteNetworkInterface",
            "ec2:DescribeSubnets",
            "ec2:AttachNetworkInterface",
            "ec2:DescribeInstances",
            "ec2:ModifyNetworkInterfaceAttribute",
            "autoscaling:CompleteLifecycleAction",
            "autoscaling:DescribeAutoScalingGroups"
          ],
          "Effect": "Allow",
          "Resource": "*"
        }
      ],
      "Version": "2012-10-17"
    }
  6. Choose Create function.

  7. Download the multiple ENI Auto Scaling group Python script. For more information, see Multiple ENI Auto Scaling group from AWS on the GitHub website. Then copy the code into the Function code field in the Lambda console.

  8. Select the Deploy tab to make sure that the changes are saved.

Create a lifecycle hook

Create a lifecycle hook to activate your event from the AWS Management Console. For more information, see Add lifecycle hooks (console). Or, run the following command:

Note: Set the Heartbeat timeout parameter to 300 secs and the Default result parameter as ABANDON.

aws autoscaling put-lifecycle-hook --lifecycle-hook-name my-lifecycle-launch-hook --auto-scaling-group-name my-asg --lifecycle-transition autoscaling:EC2_INSTANCE_LAUNCHING --heartbeat-timeout 300 --default-result ABANDON

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Start the Lambda function

Use Amazon EventBridge to activate the Lambda function

To create an EventBridge rule to start the Lambda function, complete the following steps:

  1. Open the EventBridge console.

  2. From the navigation pane, under Buses, choose Rules.

  3. Choose Create rule.

  4. Enter a Name and Description for the rule.

  5. Under Rule type, select Rule with an event pattern, and then choose Next.

  6. Select Other under Event Source, add the following command into the Event pattern section, and then choose Next.

    Note: In the following example, change AutoScalingGroupName to the name of your Auto Scaling group and LifecycleHookName to the name of your lifecycle hook.

    {
      "source": [
        "aws.autoscaling"
      ],
      "detail-type": [
        "EC2 Instance-launch Lifecycle Action"
      ],
      "detail": {
        "AutoScalingGroupName": [
          "my-asg"
        ],
        "LifecycleHookName": [
          "my-lifecycle-launch-hook"
        ]
      }
    }
  7. For Target types, choose AWS service.

  8. For Select a target, choose Lambda function from the dropdown list, and then select the Lambda function that you previously created.

  9. Choose Next.

  10. Optional) Enter one or more tags for the rule.

  11. Choose Next.

  12. Review the details of the rule and choose Create rule.

Use Amazon Simple Notification Service (Amazon SNS) topic to activate the Lambda function

To create an SNS topic to start the Lambda function, complete the following steps:

  1. Run the following command to create a lifecycle hook that sends a notification to your SNS topic with the AWS CLI command:

    Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

    aws autoscaling put-lifecycle-hook --lifecycle-hook-name my-lifecycle-launch-hook --auto-scaling-group-name my-asg --lifecycle-transition autoscaling:EC2_INSTANCE_LAUNCHING --heartbeat-timeout 300 --default-result ABANDON --notification-target-arn <SNStopicARN>
  2. Configure this SNS topic to activate the Lambda function. After configuration when Auto Scaling launches a new instance, a second elastic network interface is created in a different subnet and attached to the instance.
    Note: Launch templates that aren't using the Amazon Linux AMI might need additional options configured on the OS-level to create the additional interface.

Related information

Use EventBridge to handle Auto Scaling events

Create a launch template for an Auto Scaling group

AWS OFFICIAL
AWS OFFICIALUpdated a month ago