Use instance scale-in protection to control instance termination
Instance scale-in protection gives you control over which instances Amazon EC2 Auto Scaling can terminate. A common use case for this feature is scaling container-based workloads. For more information, see Design your applications to gracefully handle instance termination.
By default, instance scale-in protection is disabled when you create an Auto Scaling group. This means that Amazon EC2 Auto Scaling can terminate any instance in the group.
You can protect instances as soon as they launch by enabling the instance scale-in
protection setting on your Auto Scaling group. Instance scale-in protection starts when the
instance state is InService
. Then, to control which instances can
terminate, disable the scale-in protection setting on individual instances within
the Auto Scaling group. By doing so, you can continue to protect certain instances from
unwanted terminations.
Topics
Considerations
The following are considerations when using instance scale-in protection:
-
If all instances in an Auto Scaling group are protected from scale in, and a scale in event occurs, its desired capacity is decremented. However, the Auto Scaling group can't terminate the required number of instances until their instance scale in protection settings are disabled. In the AWS Management Console, the Activity history for the Auto Scaling group includes the following message if all instances in an Auto Scaling group are protected from scale in when a scale in event occurs:
Could not scale to desired capacity because all remaining instances are protected from scale in.
-
If you detach an instance that is protected from scale in, its instance scale in protection setting is lost. When you attach the instance to the group again, it inherits the current instance scale in protection setting of the group. When Amazon EC2 Auto Scaling launches a new instance or moves an instance from a warm pool into the Auto Scaling group, the instance inherits the instance scale in protection setting of the Auto Scaling group.
-
Instance scale-in protection does not protect Auto Scaling instances from the following:
-
Health check replacement if the instance fails health checks. For more information, see Health checks for instances in an Auto Scaling group.
-
Spot Instance interruptions. A Spot Instance is terminated when capacity is no longer available or the Spot price exceeds your maximum price.
-
A Capacity Block reservation ends. Amazon EC2 reclaims the Capacity Block instances even if they are protected from scale in.
-
Manual termination through the
terminate-instance-in-auto-scaling-group
command. For more information, see Terminate an instance in your Auto Scaling group (AWS CLI). -
Manual termination through the Amazon EC2 console, CLI commands, and API operations. To protect Auto Scaling instances from manual termination, enable Amazon EC2 termination protection. (This does not prevent Amazon EC2 Auto Scaling from terminating instances or manual termination through the
terminate-instance-in-auto-scaling-group
command.) For information about enabling Amazon EC2 termination protection in a launch template, see Create a launch template using advanced settings.
-
Change scale-in protection for an Auto Scaling group
You can enable or disable the instance scale-in protection setting for an Auto Scaling group. When you enable it, all new instances launched by the group will have instance scale-in protection enabled.
Enabling or disabling this setting for an Auto Scaling group does not affect existing instances.
Change scale-in protection for an instance
By default, an instance gets its instance scale-in protection setting from its Auto Scaling group. However, you can enable or disable instance scale-in protection for individual instances after they launch.
Note
Remember, instance scale-in protection does not guarantee that instances won't be terminated in the event of a human error—for example, if someone manually terminates an instance using the Amazon EC2 console or AWS CLI. To protect your instance from accidental termination, you can use Amazon EC2 termination protection. However, even with termination protection and instance scale-in protection enabled, data saved to instance storage can be lost if a health check determines that an instance is unhealthy or if the group itself is accidentally deleted. As with any environment, a best practice is to back up your data frequently, or whenever it's appropriate for your business continuity requirements.