1---
2layout: docs
3page_title: 'Autoscaling Plugins: AWS ASG'
4description: The "aws-asg" target plugin scales an Amazon Web Services Autoscaling Group.
5---
6
7# AWS AutoScaling Group Target
8
9The `aws-asg` target plugin allows for the scaling of the Nomad cluster clients
10via manipulating [AWS AutoScaling Groups][aws_autoscaling].
11
12## Agent Configuration Options
13
14To use the `aws-asg` target plugin, the agent configuration needs to be
15populated with the appropriate target block. Authentication to the AWS API can
16be supplied in a number of ways including EC2 instance roles.
17
18It is recommended, if possible to use the [Vault AWS Secrets
19engine][vault_aws_backend] for supplying access credentials to the plugin.
20
21Credentials should be injected into the configuration via a template rather
22than as environment variables. This ensures the credentials are passed only to
23the plugin, rather than being available for all plugins and the agent process.
24
25The IAM policy required for the AWS ASG plugin to function properly is detailed
26below.
27
28```json
29{
30  "Version": "2012-10-17",
31  "Statement": [
32    {
33      "Sid": "",
34      "Effect": "Allow",
35      "Action": [
36        "autoscaling:UpdateAutoScalingGroup",
37        "autoscaling:DescribeScalingActivities",
38        "autoscaling:DescribeAutoScalingGroups",
39        "autoscaling:CreateOrUpdateTags",
40        "autoscaling:TerminateInstanceInAutoScalingGroup"
41      ],
42      "Resource": "*"
43    }
44  ]
45}
46```
47
48```hcl
49target "aws-asg" {
50  driver = "aws-asg"
51  config = {
52    aws_region            = "eu-west-3"
53    aws_access_key_id     = "AKIAIOSFODNN7EXAMPLE"
54    aws_secret_access_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
55  }
56}
57```
58
59- `aws_region` `(string: "us-east-1")` - The [AWS region][aws_region] identifier
60  to connect to and where resources should be managed.
61
62- `aws_access_key_id` `(string: "")` - The AWS access key ID used to authenticate
63  with the AWS API.
64
65- `aws_secret_access_key` `(string: "")` - The AWS secret key ID used to authenticate
66  with the AWS API.
67
68- `aws_session_token` `(string: "")` - The AWS session token used to authenticate
69  with the AWS API.
70
71### Nomad ACL
72
73When using a Nomad cluster with ACLs enabled, the plugin will require an ACL
74token which provides the following permissions:
75
76```hcl
77node {
78  policy = "write"
79}
80```
81
82## Policy Configuration Options
83
84```hcl
85check "hashistack-allocated-cpu" {
86  # ...
87  target "aws-asg" {
88    aws_asg_name        = "hashistack-client-asg"
89    node_class          = "hashistack"
90    node_drain_deadline = "5m"
91    node_purge          = "true"
92  }
93  # ...
94}
95```
96
97- `aws_asg_name` `(string: <required>)` - The name of the AWS AutoScaling Group to
98  interact with when performing scaling actions.
99
100- `datacenter` `(string: "")` - The Nomad client [datacenter][nomad_datacenter]
101  identifier used to group nodes into a pool of resource. Conflicts with
102  `node_class`.
103
104- `node_class` `(string: "")` - The Nomad [client node class][nomad_node_class]
105  identifier used to group nodes into a pool of resource. Conflicts with
106  `datacenter`.
107
108- `node_drain_deadline` `(duration: "15m")` The Nomad [drain
109  deadline][nomad_node_drain_deadline] to use when performing node draining
110  actions. **Note that the default value for this setting differs from Nomad's
111  default of 1h.**
112
113- `node_drain_ignore_system_jobs` `(bool: "false")` A boolean flag used to
114  control if system jobs should be stopped when performing node draining
115  actions.
116
117- `node_purge` `(bool: "false")` A boolean flag to determine whether Nomad
118  clients should be [purged][nomad_node_purge] when performing scale in
119  actions.
120
121- `node_selector_strategy` `(string: "least_busy")` The strategy to use when
122  selecting nodes for termination. Refer to the [node selector
123  strategy][node_selector_strategy] documentation for more information.
124
125[aws_autoscaling]: https://aws.amazon.com/autoscaling/
126[aws_region]: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
127[nomad_datacenter]: /docs/configuration#datacenter
128[nomad_node_class]: /docs/configuration/client#node_class
129[nomad_node_drain_deadline]: /api-docs/nodes#deadline
130[nomad_node_purge]: /api-docs/nodes#purge-node
131[node_selector_strategy]: /docs/autoscaling/internals/node-selector-strategy
132[vault_aws_backend]: https://www.vaultproject.io/docs/secrets/aws
133