Skip to content

(aws-autoscaling): Build guardrail to prevent availability risk by instance profile deletion/recreation during migration to LT #34283

New issue
New issue
Open
#34342
Open
(aws-autoscaling): Build guardrail to prevent availability risk by instance profile deletion/recreation during migration to LT#34283
#34342
Labels
@aws-cdk/aws-autoscalingRelated to Amazon EC2 Auto Scalingfeature-requestA feature should be added or improved.p2
@jungseoklee

Description

@jungseoklee
jungseoklee
opened on Apr 28, 2025

Describe the bug

Hi CDK community,

Today, AutoScalingGroup construct creates IAM instance profile using role provided by a customer. When a customer updates an existing Auto Scaling group associated with Launch Configuration to use Launch Template, i.e. passing Launch Template as an input for AutoScalingGroup construct AND creates Launch Template using role, IAM instance profile is deleted and re-created due to change in CFN logical ID. If IAM instance profile is referenced, it can end up with losing access.

This issue is about addressing the risk in AutoScalingGroup construct by building safety guardrail, e.g. enforcing RollingUpdate or throwing validation error.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

An deleted IAM instance profile should not be referenced.

Current Behavior

An deleted IAM instance profile is referenced.

Reproduction Steps

  1. Create Auto Scaling group using Launch Configuration with role.
  • This is only possible when using CDK version not enabling AUTOSCALING_GENERATE_LAUNCH_TEMPLATE feature flag.
  1. Create Launch Template with role.
  2. Update Auto Scaling group to take Launch Template created in the previous step.

Possible Solution

A high-level proposal is to enforce RollingUpdate when migrating Launch Template from Launch Configuration. Here are implementation details:

  • Add migrateToLaunchTemplate? attribute to AutoScalingGroup construct.
  • Set UpdatePolicy.rollingUpdate() when migrateToLaunchTemplate is true.

In this way, we can guarantee that existing EC2 instances based on Launch Configuration are terminated and new EC2 instances based on Launch Template are launched, which always uses IAM instance profile defined by Launch Template.

Additional Information/Context

No response

CDK CLI Version

Applicable to every versions before AutoScalingGroup is created with Launch Template by default

Framework Version

No response

Node.js Version

Applicable to every version

OS

Applicable to every OS

Language

TypeScript

Language Version

No response

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-autoscalingRelated to Amazon EC2 Auto Scalingfeature-requestA feature should be added or improved.p2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions