1--- 2layout: docs 3page_title: 'Autoscaling Plugins: AWS ASG' 4description: The "aws-asg" target plugin scales an Amazon Web Services Autoscaling Group. 5--- 6 7# AWS AutoScaling Group Target 8 9The `aws-asg` target plugin allows for the scaling of the Nomad cluster clients 10via manipulating [AWS AutoScaling Groups][aws_autoscaling]. 11 12## Agent Configuration Options 13 14To use the `aws-asg` target plugin, the agent configuration needs to be 15populated with the appropriate target block. Authentication to the AWS API can 16be supplied in a number of ways including EC2 instance roles. 17 18It is recommended, if possible to use the [Vault AWS Secrets 19engine][vault_aws_backend] for supplying access credentials to the plugin. 20 21Credentials should be injected into the configuration via a template rather 22than as environment variables. This ensures the credentials are passed only to 23the plugin, rather than being available for all plugins and the agent process. 24 25The IAM policy required for the AWS ASG plugin to function properly is detailed 26below. 27 28```json 29{ 30 "Version": "2012-10-17", 31 "Statement": [ 32 { 33 "Sid": "", 34 "Effect": "Allow", 35 "Action": [ 36 "autoscaling:UpdateAutoScalingGroup", 37 "autoscaling:DescribeScalingActivities", 38 "autoscaling:DescribeAutoScalingGroups", 39 "autoscaling:CreateOrUpdateTags", 40 "autoscaling:TerminateInstanceInAutoScalingGroup" 41 ], 42 "Resource": "*" 43 } 44 ] 45} 46``` 47 48```hcl 49target "aws-asg" { 50 driver = "aws-asg" 51 config = { 52 aws_region = "eu-west-3" 53 aws_access_key_id = "AKIAIOSFODNN7EXAMPLE" 54 aws_secret_access_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" 55 } 56} 57``` 58 59- `aws_region` `(string: "us-east-1")` - The [AWS region][aws_region] identifier 60 to connect to and where resources should be managed. 61 62- `aws_access_key_id` `(string: "")` - The AWS access key ID used to authenticate 63 with the AWS API. 64 65- `aws_secret_access_key` `(string: "")` - The AWS secret key ID used to authenticate 66 with the AWS API. 67 68- `aws_session_token` `(string: "")` - The AWS session token used to authenticate 69 with the AWS API. 70 71### Nomad ACL 72 73When using a Nomad cluster with ACLs enabled, the plugin will require an ACL 74token which provides the following permissions: 75 76```hcl 77node { 78 policy = "write" 79} 80``` 81 82## Policy Configuration Options 83 84```hcl 85check "hashistack-allocated-cpu" { 86 # ... 87 target "aws-asg" { 88 aws_asg_name = "hashistack-client-asg" 89 node_class = "hashistack" 90 node_drain_deadline = "5m" 91 node_purge = "true" 92 } 93 # ... 94} 95``` 96 97- `aws_asg_name` `(string: <required>)` - The name of the AWS AutoScaling Group to 98 interact with when performing scaling actions. 99 100- `datacenter` `(string: "")` - The Nomad client [datacenter][nomad_datacenter] 101 identifier used to group nodes into a pool of resource. Conflicts with 102 `node_class`. 103 104- `node_class` `(string: "")` - The Nomad [client node class][nomad_node_class] 105 identifier used to group nodes into a pool of resource. Conflicts with 106 `datacenter`. 107 108- `node_drain_deadline` `(duration: "15m")` The Nomad [drain 109 deadline][nomad_node_drain_deadline] to use when performing node draining 110 actions. **Note that the default value for this setting differs from Nomad's 111 default of 1h.** 112 113- `node_drain_ignore_system_jobs` `(bool: "false")` A boolean flag used to 114 control if system jobs should be stopped when performing node draining 115 actions. 116 117- `node_purge` `(bool: "false")` A boolean flag to determine whether Nomad 118 clients should be [purged][nomad_node_purge] when performing scale in 119 actions. 120 121- `node_selector_strategy` `(string: "least_busy")` The strategy to use when 122 selecting nodes for termination. Refer to the [node selector 123 strategy][node_selector_strategy] documentation for more information. 124 125[aws_autoscaling]: https://aws.amazon.com/autoscaling/ 126[aws_region]: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/ 127[nomad_datacenter]: /docs/configuration#datacenter 128[nomad_node_class]: /docs/configuration/client#node_class 129[nomad_node_drain_deadline]: /api-docs/nodes#deadline 130[nomad_node_purge]: /api-docs/nodes#purge-node 131[node_selector_strategy]: /docs/autoscaling/internals/node-selector-strategy 132[vault_aws_backend]: https://www.vaultproject.io/docs/secrets/aws 133