Creating a launch configuration - Amazon EC2 Auto Scaling

Creating a launch configuration

Important

We recommend that you create Auto Scaling groups from launch templates to ensure that you're getting the latest features from Amazon EC2. For more information, see Creating a launch template for an Auto Scaling group.

When you create a launch configuration, you must specify information about the EC2 instances to launch. Include the Amazon Machine Image (AMI), instance type, key pair, security groups, and block device mapping. Alternatively, you can create a launch configuration using attributes from a running EC2 instance. For more information, see Creating a launch configuration using an EC2 instance.

After you create a launch configuration, you can create an Auto Scaling group. For more information, see Creating an Auto Scaling group using a launch configuration.

An Auto Scaling group is associated with one launch configuration at a time, and you can't modify a launch configuration after you've created it. Therefore, if you want to change the launch configuration for an existing Auto Scaling group, you must update it with the new launch configuration. For more information, see Changing the launch configuration for an Auto Scaling group.

Creating your launch configuration (console)

To create a launch configuration (console)

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. On the navigation pane, under AUTO SCALING, choose Launch Configurations.

  3. In the navigation bar, select your AWS Region.

  4. Choose Create launch configuration, and enter a name for your launch configuration.

  5. For Amazon machine image (AMI) , choose an AMI. To find a specific AMI, you can find a suitable AMI, make note of its ID, and enter the ID as search criteria.

    To get the ID of the Amazon Linux 2 AMI:

    1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

    2. In the navigation pane, under Instances, choose Instances, and then choose Launch instances.

    3. On the Quick Start tab of the Choose an Amazon Machine Image page, note the ID of the AMI next to Amazon Linux 2 AMI (HVM).

  6. For Instance type, select a hardware configuration for your instances.

  7. Under Additional configuration, pay attention to the following fields:

    1. (Optional) For Purchasing option, you can choose Request Spot Instances to request Spot Instances at the Spot price, capped at the On-Demand price. Optionally, you can specify a maximum price per instance hour for your Spot Instances.

      Note

      Spot Instances are a cost-effective choice compared to On-Demand Instances, if you can be flexible about when your applications run and if your applications can be interrupted. For more information, see Requesting Spot Instances for fault-tolerant and flexible applications.

    2. (Optional) For IAM instance profile, choose a role to associate with the instances. For more information, see IAM role for applications that run on Amazon EC2 instances.

    3. (Optional) For Monitoring, choose whether to enable the instances to publish metric data at 1-minute intervals to Amazon CloudWatch by enabling detailed monitoring. Additional charges apply. For more information, see Configuring monitoring for Auto Scaling instances.

    4. (Optional) For Advanced details, User data, you can specify user data to configure an instance during launch, or to run a configuration script after the instance starts.

    5. (Optional) For Advanced details, IP address type, choose whether to assign a public IP address to the group's instances. If you do not set a value, the default is to use the auto-assign public IP settings of the subnets that your instances are launched into.

  8. (Optional) For Storage (volumes), if you don't need additional storage, you can skip this section. Otherwise, to specify volumes to attach to the instances in addition to the volumes specified by the AMI, choose Add new volume. Then choose the desired options and associated values for Devices, Snapshot, Size, Volume type, IOPS, Throughput, Delete on termination, and Encrypted.

  9. For Security groups, create or select the security group to associate with the group's instances. If you leave the Create a new security group option selected, a default SSH rule is configured for Amazon EC2 instances running Linux. A default RDP rule is configured for Amazon EC2 instances running Windows.

  10. For Key pair (login), choose an option under Key pair options.

    If you've already configured an Amazon EC2 instance key pair, you can choose it here.

    If you don't already have an Amazon EC2 instance key pair, choose Create a new key pair and give it a recognizable name. Choose Download key pair to download the key pair to your computer.

    Important

    If you need to connect to your instances, do not choose Proceed without a key pair.

  11. Select the acknowledgment check box, and then choose Create launch configuration.

Creating a launch configuration (AWS CLI)

To create a launch configuration using the command line

You can use one of the following commands:

Configuring the instance metadata options

Amazon EC2 Auto Scaling supports configuring the Instance Metadata Service (IMDS) in launch configurations. This gives you the option of using launch configurations to configure the Amazon EC2 instances in your Auto Scaling groups to require Instance Metadata Service Version 2 (IMDSv2), which is a session-oriented method for requesting instance metadata. For details about IMDSv2's advantages, see this article on the AWS Blog about enhancements to add defense in depth to the EC2 instance metadata service.

You can configure IMDS to support both IMDSv2 and IMDSv1 (the default), or to require the use of IMDSv2. If you are using the AWS CLI or an AWS SDK to configure IMDS, you must use the latest version of the AWS CLI or the SDK to require the use of IMDSv2.

You can configure your launch configuration for the following:

  • Require the use of IMDSv2 when requesting instance metadata

  • Specify the PUT response hop limit

  • Turn off access to instance metadata

You can find more details on configuring the Instance Metadata Service in the following topic: Configuring the instance metadata service in the Amazon EC2 User Guide for Linux Instances.

Use the following procedure to configure IMDS options in a launch configuration. After you create your launch configuration, you can associate it with your Auto Scaling group. If you associate the launch configuration with an existing Auto Scaling group, the existing launch configuration is disassociated from the Auto Scaling group, and existing instances will require replacement to use the IMDS options that you specified in the new launch configuration. For more information, see Changing the launch configuration for an Auto Scaling group.

To configure IMDS in a launch configuration (console)

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. On the navigation pane, under AUTO SCALING, choose Launch Configurations.

  3. In the navigation bar, select your AWS Region.

  4. Choose Create launch configuration, and create the launch configuration the usual way. Include the ID of the Amazon Machine Image (AMI), the instance type, and optionally, a key pair, one or more security groups, and any additional EBS volumes or instance store volumes for your instances.

  5. To configure instance metadata options for all of the instances associated with this launch configuration, in Additional configuration, under Advanced details, do the following:

    1. For Metadata accessible, choose whether to enable or disable access to the HTTP endpoint of the instance metadata service. By default, the HTTP endpoint is enabled. If you choose to disable the endpoint, access to your instance metadata is turned off. You can specify the condition to require IMDSv2 only when the HTTP endpoint is enabled.

    2. For Metadata version, you can choose to require the use of Instance Metadata Service Version 2 (IMDSv2) when requesting instance metadata. If you do not specify a value, the default is to support both IMDSv1 and IMDSv2.

    3. For Metadata token response hop limit, you can set the allowable number of network hops for the metadata token. If you do not specify a value, the default is 1.

  6. When you have finished, choose Create launch configuration.

To require the use of IMDSv2 in a launch configuration using the AWS CLI

Use the following create-launch-configuration command with --metadata-options set to HttpTokens=required. When you specify a value for HttpTokens, you must also set HttpEndpoint to enabled. Because the secure token header is set to required for metadata retrieval requests, this opts in the instance to require using IMDSv2 when requesting instance metadata.

aws autoscaling create-launch-configuration \ --launch-configuration-name my-lc-with-imdsv2 \ --image-id ami-01e24be29428c15b2 \ --instance-type t2.micro \ ... --metadata-options "HttpEndpoint=enabled,HttpTokens=required"

To turn off access to instance metadata

Use the following create-launch-configuration command to turn off access to instance metadata. You can turn access back on later by using the modify-instance-metadata-options command.

aws autoscaling create-launch-configuration \ --launch-configuration-name my-lc-with-imds-disabled \ --image-id ami-01e24be29428c15b2 \ --instance-type t2.micro \ ... --metadata-options "HttpEndpoint=disabled"