Avi Integration with AWS Auto Scaling Groups

This article describes how the Avi Vantage platform integrates with AWS Auto Scaling groups.

Overview

An Avi pool is a group of back-end servers having similar characteristics or serving/hosting similar applications. In an Avi-AWS integration, an Avi pool is scaled in/out to reflect actions taken by AWS on the corresponding AWS Auto Scaling group. These actions are governed by AWS’ preconfigured policies and criteria.

Amazon’s literature refers to the group’s servers as instances. Scaling out is adding one or more instances to the Auto Scaling group and scaling in is removing one or more instances from the Auto Scaling group.

For more information about Auto Scaling groups on AWS, refer to http://docs.aws.amazon.com/autoscaling/latest/userguide/AutoScalingGroup.html

Background

Beginning in release 17.1.2, Avi Vantage supports AWS Auto Scaling groups for configuring Avi pools for a virtual service.

The Avi AWS cloud connector periodically polls AWS Auto Scaling group membership information and updates the corresponding Avi pool server membership in case changes are required.

For example, if a new server (instance) is added to an AWS Auto Scaling group being used as an Avi pool, Avi will automatically update the pool membership to include the newly provisioned server. Conversely, upon deletion of a server (instance) from the AWS Auto Scaling group, Avi will delete this server from its pool membership. This enables seamless, elastic and automated management of backend server resources without any operator intervention or configuration updates.

Notes:

  • Beginning in release 17.1.3, Avi Vantage supports SNS and SQS features for Auto Scaling groups. If SNS and SQS are not in use, the default polling method is used. For more information, refer to the Using SNS-SQS feature for Auto Scaling Groups section of this article.
  • Starting with Avi Vantage release 18.2.3, ASG with launch templates are supported.

Prerequisites

  • Avi Vantage release 17.1.2 or later.
  • The AWS user or IAM role needs read (i.e., “Describe”) access to Auto Scaling groups and instances therein. For more details refer to IAM Role Setup for Installation into AWS.
  • The Auto Scaling group is already configured on AWS.

Configuration Via the Avi UI

Login to the Avi UI. From the Navigation pane, choose Applications, and click the Pools option. Click Create Pool. Enter the pool name and accept the defaults for the remaining field options.

Clicking Next reveals server options as shown below. Choose the Auto Scaling Groups option from Select Servers.

Clicking the dropdown box below “Auto Scaling Group” reveals a list of the Auto Scaling group instances already configured on AWS for that specific cloud.


After selecting an instance/server from the list, Avi will fetch the instance/server information from AWS.

After choosing the Save option, the Avi UI will return to the Pools page to reveal the Auto Scaling group members as shown below. In this example, it is “demo-asw2”.

Using SNS-SQS feature for Auto Scaling Groups

Beginning with release 17.1.3, Avi Vantage can make use of the Simple Notification Service (SNS) and Simple Queue Service (SQS) features of AWS. SNS is a push notification service used to update pool member information of AWS Auto Scaling groups. SQS is a messaging queue service. For more information about SNS and SQS, please refer to the following links:

By default, the flag for using SNS/SQS option is set to false on the Avi Controller. In the default polling method, the Avi Controller polls every ten minutes to synchronize information regarding ASG membership changes. If SNS and SQS features are not enabled, set polling interval to one minute. This value can be configured between from 60 seconds (1 minute) to 1800 seconds (30 minutes). When using the SNS-SQS feature, increase the polling interval value from 1 minute to 10 minutes (recommended), as the cloud connector notifies the Avi Controller instantly when ASG membership changes.

Configuring SNS-SQS on Avi Vantage via Avi CLI

Change the value of use_sns_sqs. Check asg_poll_interval value. It should be set to ten minutes or more, based on the requirement. If the SNS and SQS features are not in use, change the polling interval to one minute.

Login to the Avi Controller’s shell prompt and follow the steps as shown below.


[admin:10-1-1-1]: cloud> aws_configuration
[admin:10-1-1-1]: cloud:aws_configuration> asg_poll_interval 600
Overwriting the previously entered value for asg_poll_interval
[admin:10-1-1-1]: cloud:aws_configuration> use_sns_sqs
Overwriting the previously entered value for use_sns_sqs
+---------------------+-------------------+
| Field               | Value             |
+---------------------+-------------------+
| access_key_id       |  sensitive        |
| secret_access_key   |  sensitive        |
| region              | us-west-2         |
| vpc                 | AVI-MISC-West-VPC |
| vpc_id              | vpc-c8d6b5af      |
| zones[1]            |                   |
|   availability_zone | us-west-2c        |
|   mgmt_network_name | 2C-nw-9           |
| route53_integration | False             |
| free_elasticips     | True              |
| use_iam_roles       | False             |
| ttl                 | 60 sec            |
| wildcard_access     | True              |
| use_sns_sqs         | True              |
| asg_poll_interval   | 600 sec           |
+---------------------+-------------------+

Set use_sns_sqs to false and change asg_poll_intervalto 60 seconds when SNS/SQS is not in use.


[admin:10-1-1-1]: cloud:aws_configuration> no use_sns_sqs
+---------------------+-------------------+
| Field               | Value             |
+---------------------+-------------------+
| access_key_id       | sensitive         |
| secret_access_key   | sensitive         |
| region              | us-west-2         |
| vpc                 | AVI-MISC-West-VPC |
| vpc_id              | vpc-c8d6b5af      |
| zones[1]            |                   |
|   availability_zone | us-west-2c        |
|   mgmt_network_name | 2C-nw-9           |
| route53_integration | False             |
| free_elasticips     | True              |
| use_iam_roles       | False             |
| ttl                 | 60 sec            |
| wildcard_access     | True              |
| use_sns_sqs         | False             |
| asg_poll_interval   | 600 sec           |
+---------------------+-------------------+
[admin:10-1-1-1]: cloud:aws_configuration>
[admin:10-1-1-1]: cloud:aws_configuration> asg_poll_interval 60
Overwriting the previously entered value for asg_poll_interval
+---------------------+-------------------+
| Field               | Value             |
+---------------------+-------------------+
| access_key_id       |    sensitive      |
| secret_access_key   |    sensitive      |
| region              | us-west-2         |
| vpc                 | AVI-MISC-West-VPC |
| vpc_id              | vpc-c8d6b5af      |
| zones[1]            |                   |
|   availability_zone | us-west-2c        |
|   mgmt_network_name | 2C-nw-9           |
| route53_integration | False             |
| free_elasticips     | True              |
| use_iam_roles       | False             |
| ttl                 | 60 sec            |
| wildcard_access     | True              |
| use_sns_sqs         | False             |
| asg_poll_interval   | 60 sec            |
+---------------------+-------------------+

Configuring on AWS

AWS users should have all the required privileges to perform various actions required to enable and use SNS-SQS services. For the list of privileges provided, check the following JSON files.

Follow the steps mentioned in IAM Role Setup for Installation into AWS to associate these policies to AWS users.

Alerts

Avi Vantage synchronizes information of Auto Scaling groups configured on AWS. Starting with release 17.2.12, and 18.1.2, if any of the Auto Scaling groups is deleted on the integrated AWS, a corresponding alert, and an event is generated on Avi Vantage. For more information on this, refer to Alerts on Avi Vantage when an Auto Scaling Group is deleted on AWS.

Additional Information