EC2 High Availability and Scalability for CloudOps
Operate highly available EC2 workloads with load balancers, Auto Scaling groups, placement groups, health checks, instance refresh, and warm pools.
What you'll learn
- Choose the right Elastic Load Balancer type for a workload
- Configure target groups, health checks, and listener rules
- Build an Auto Scaling group across multiple Availability Zones
- Use scaling policies, instance refresh, and warm pools
- Understand placement group tradeoffs for performance and resilience
Prerequisites
Relevant for certifications
High Availability Pattern
A production EC2 application normally runs across at least two Availability Zones:
Users
-> Application Load Balancer
-> Target group
-> Auto Scaling group in AZ-a
-> Auto Scaling group in AZ-b
The load balancer spreads traffic, health checks remove bad targets, and the Auto Scaling group replaces failed instances.
Elastic Load Balancing
| Load balancer | Layer | Best for |
|---|---|---|
| Application Load Balancer | 7 | HTTP/HTTPS, path routing, host routing, redirects, WAF |
| Network Load Balancer | 4 | Very high throughput, static IPs, TCP/UDP/TLS |
| Gateway Load Balancer | 3/4 | Third-party appliances such as firewalls and inspection tools |
Target groups and health checks
Target groups define where traffic goes. Health checks decide whether a target receives traffic.
Important settings:
- Protocol and port: usually HTTP 80 or HTTPS 443 for ALB targets.
- Health path: use a real endpoint such as
/health, not the home page if it depends on downstream services. - Healthy threshold: number of successful checks before traffic resumes.
- Unhealthy threshold: number of failed checks before target removal.
- Deregistration delay: connection draining time before a target is removed.
Exam cue
If users see intermittent failures during deployments, look at target group health checks, deregistration delay, and whether old instances are being drained before termination.
Auto Scaling Groups
An Auto Scaling group manages capacity using a launch template and desired/min/max size.
| Setting | Meaning |
|---|---|
| Desired capacity | Number of instances ASG tries to maintain right now |
| Minimum capacity | Floor for scale-in |
| Maximum capacity | Ceiling for scale-out |
| Health checks | EC2 status checks and optionally ELB target health |
| Availability Zones | Subnets where the group can launch instances |
Scaling policies
| Policy | Use case |
|---|---|
| Target tracking | Keep a metric near a target, such as CPU 50% |
| Step scaling | Add/remove different capacity based on alarm severity |
| Scheduled scaling | Predictable daily or weekly demand |
| Predictive scaling | AWS forecasts recurring traffic patterns |
Instance refresh
Instance refresh rolls new launch template versions through the ASG without rebuilding the group.
Use it when you update the AMI ID, user data, instance type, security group, or IAM instance profile.
Placement Groups
| Strategy | Benefit | Tradeoff |
|---|---|---|
| Cluster | Lowest latency and highest throughput | Lower AZ-level fault tolerance |
| Spread | Each instance on distinct hardware | Limited to small critical fleets |
| Partition | Groups instances across partitions | Good for distributed systems like Hadoop, Kafka, Cassandra |
Hands-on: Application Load Balancer with Two EC2 Instances
Goal: Put two web servers behind an ALB and confirm traffic is served only by healthy targets.
- Launch two EC2 instances in different Availability Zones.
- Use the nginx user data from the EC2 basics lab, but make each instance return a different hostname.
- Create a security group for the ALB: inbound HTTP 80 from
0.0.0.0/0, outbound all traffic. - Update the EC2 security group to allow inbound HTTP 80 from the ALB security group.
- Create a target group with target type Instances, protocol HTTP, port 80, and health check path
/. - Register both instances as targets.
- Create an internet-facing Application Load Balancer across at least two public subnets.
- Add an HTTP 80 listener that forwards to the target group.
- Wait until both targets are healthy.
- Open the ALB DNS name several times and confirm both instances serve traffic.
- Stop nginx on one instance:
sudo systemctl stop nginx
- Watch the target become unhealthy, then confirm the ALB only routes to the healthy instance.
- Restart nginx and confirm the instance re-enters service.
Hands-on: Auto Scaling Group Behind an ALB
Goal: Replace individual instances with an ASG that maintains desired capacity.
- Create a launch template using Amazon Linux 2023,
t3.micro, the EC2 web security group, and nginx user data. - Create an Auto Scaling group from the launch template.
- Select two or more subnets across different Availability Zones.
- Attach the existing target group.
- Set desired capacity
2, minimum2, maximum4. - Enable ELB health checks.
- Create a target tracking policy for average CPU utilization at 50%.
- Terminate one instance manually from the EC2 console.
- Confirm the ASG launches a replacement and the target group returns to two healthy targets.
- Clean up the ASG, launch template, target group, and load balancer.
Common SOA-C03 Exam Questions
Q: Which load balancer supports path-based routing? Application Load Balancer.
Q: Which load balancer gives static IP addresses and handles TCP/UDP? Network Load Balancer.
Q: An ASG instance passes EC2 checks but the application is broken. What should the ASG use? Enable ELB health checks so target group health influences replacement.
Q: How do you roll a new AMI through an existing ASG? Create a new launch template version and start an instance refresh.
What to Learn Next
- AWS CloudWatch Monitoring - alarm on ALB, target group, and ASG metrics
- AWS CloudFormation for CloudOps - deploy ASGs and ALBs as code
- AWS Route 53 for CloudOps - add DNS failover and health checks