Managing Rolling Updates in AWS AutoScaling Groups with AWS CloudFormation Update Policy: Part 1

Synopsis:
A stack update, sometimes, initiates the desired change; other times, it doesn't.

Wouldn't it be nice to have a predetermined update behavior for the AWS Autoscaling Groups defined in your stacks?

This can be achieved with an UpdatePolicy defined on the AWS Auto Scaling Group in the CloudFormation template.

Read on, to learn more.

This tutorial is divided into two posts: this post focuses on the underlying theory and is suitable for beginners; the second post contains a walkthrough of the update process.

In this post, I highlight the following:

1. Why the need for an Update Policy?
2. What is a rolling update?
3. How to perform a rolling update on an ASG.

Why the need for an Update Policy?
To leverage the benefits provided by the cloud and ensure the agility, flexibility, and continuity of your business, you have implemented Infrastructure as Code (IaC). Thus, guaranteeing that you can document, deploy and update your cloud infrastructure at any time.

You have adopted AWS as your cloud provider and implemented Auto Scaling Groups (ASGs) to make your instances fault-tolerant.

AWS CloudFormation, as the native IaC tool on the AWS cloud, handles the deployment and update of your infrastructure as stacks define in a template.

By default, CloudFormation uses a rolling update deployment strategy whenever the changes to the template initiates a stack update. The problem, though, is that the stack update behavior is determined by the update behavior of the changed attribute of the resource. This behavior could be Update With No Interruption, Update with Some Interruption, and Replacement.

In other words, a change to the Launch Configuration or Launch Template of the Auto Scaling Group(ASG) may or may not take immediate effect. A deployment strategy ensures that we determine how and when the changes are made.

One such strategy is a rolling deployment.

What is a Rolling Update?
A rolling update allows you to update your ASG instances in batches: gradually replacing a certain number of instances at a time while ensuring that the desired capacity of the group is maintained.

In other words, a rolling update keeps some instances (with the previous configuration) online, and gradually rolls out replacement instances with the latest configuration. This guarantees that the application remains available during the entire process.

How to perform a rolling update on an ASG.
To perform a rolling update on an Auto Scaling group using CloudFormation, you can use the UpdatePolicy attribute in the ASG resource.

Here's an example CloudFormation template snippet that demonstrates the rolling update configuration:

Resources:
  MyASG:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      # Define your ASG properties here

      UpdatePolicy:
        AutoScalingRollingUpdate:
          MinInstancesInService: 1
          MaxBatchSize: 2
          PauseTime: PT5M
          WaitOnResourceSignals: true

In this example, the UpdatePolicy attribute is set to AutoScalingRollingUpdate, which enables the rolling update behavior. The following parameters are specified:

• MinInstancesInService: Specifies the minimum number of instances that must remain in service during the update process. In this case, we have set it to 1, so there will always be at least one instance running during the update.
• MaxBatchSize: Specifies the maximum number of instances that can be updated simultaneously. In this case, we have set it to 2, meaning that up to two instances can be replaced at a time.
• PauseTime: Specifies the time to pause between updating each batch of instances. In this example, it's set to 5 minutes (PT5M).
• WaitOnResourceSignals: Specifies whether the update process waits for signals from the instances before proceeding to the next batch. If set to true, CloudFormation waits for the instances to signal success before updating the next batch.

By configuring the UpdatePolicy in this way, CloudFormation will perform a rolling update on the Auto Scaling group when changes are made to the ASG resource definition in the CloudFormation stack. This ensures that the update process is smooth and that the desired capacity of the ASG is maintained throughout the update.

Important note about the WaitOnResourceSignals attribute:

• It helps to guarantee that the update proceeds only after the new instances have successfully installed and configured the requisite applications.
• cfn-signal is required to send signals from the instances to CloudFormation.

To wrap up, a smooth update of your Auto Scaling Groups can be guaranteed by specifying an UpdatePolicy in the ASG resource definition and by setting the WaitOnResourceSignals attribute to true.

Thank you for taking the time to read this blog post. If you find the article interesting, do like the article and connect with me on LinkedIn.