All Products
Search

This Product

    Auto Scaling:Automatically bind EIPs to ECS instances

    Document Center

    Auto Scaling:Automatically bind EIPs to ECS instances

    Last Updated:Apr 01, 2024

    If you enable the lifecycle hook feature of Auto Scaling for an Elastic Compute Service (ECS) instance, you can perform custom operations on the ECS instance before the ECS instance is stopped. This provides an opportunity for you to bind an elastic IP address (EIP) to the ECS instance. If you combine the lifecycle hook feature with a CloudOps Orchestration Service (OOS) template, the process for binding an EIP to an ECS instance is more simplified and automated.

    Prerequisites

    • A scaling group is created. The scaling group is in the Enabled state. For information about how to create a scaling group, see Manage scaling groups.

    • You did not select Assign Public IPv4 Address when you created the scaling configuration.

    • A RAM role is created for OOS. The trusted entity of the RAM role must be Alibaba Cloud Service, the trusted service must be CloudOps Orchestration Service, and the RAM role must have the permissions to perform operations on the OOS template. For more information, see Grant RAM permissions to OOS.

      Note

      In this topic, the OOSServiceRole RAM role is used as an example. You can also use other roles.

    Procedure

    You cannot specify EIPs when you create a scaling configuration. You can combine the lifecycle hook feature with an OOS template to automatically bind EIPs to ECS instances. This method is more efficient than manually binding EIPs to ECS instances after the ECS instances are created.

    Note

    An EIP is a public IP address that you can purchase and own as an independent resource. You can use EIPs to serve as public IP addresses until the EIPs are released. You can bind or unbind EIPs to or from resources such as ECS instances and elastic network interfaces (ENIs) to meet your business requirements. For more information, see Elastic IP addresses.

    In this example, the ACS-ESS-LifeCycleAllocateEipAddressAndAttachToInstance OOS template is used as an example to bind EIPs to ECS instances during a scale-out. You must complete the following steps:

    Step 1: Grant a RAM role the permissions on OOS

    You must have the permissions to execute OOS templates. The O&M operations defined in the ACS-ESS-LifeCycleAllocateEipAddressAndAttachToInstance template are performed on resources such as ECS, Auto Scaling, and EIP resources.

    1. Log on to the RAM console.

    2. In the left-side navigation pane, choose Identities > Roles.

    3. Find OOSServiceRole and click Grant Permission in the Actions column.

      Add the required permissions for the OOSServiceRole RAM role that is assumed by OOS to complete the authorization.

    4. In the Grant Permission panel, configure parameters based on your business requirements and click OK.

      The following table describes the parameters that are used in this example. For parameters that are not described in the table, use the default settings.

      Parameter

      Description

      Authorized Scope

      Select Alibaba Cloud Account.

      Select Policy

      Select the following system policies: AliyunECSFullAccess, AliyunESSFullAccess, and AliyunEIPFullAccess.

    Step 2: Create a lifecycle hook of the scale-out type and trigger a scale-out

    1. Log on to the Auto Scaling console.

    2. In the left-side navigation pane, click Scaling Groups.

    3. In the top navigation bar, select the region where Auto Scaling is activated.

    4. Find a scaling group and use one of the following methods to go to the scaling group details page:

      • Click the ID of the scaling group in the Scaling Group Name/ID column.

      • Click Details in the Actions column.

    5. Create a lifecycle hook of the scale-out type.

      1. In the upper part of the scaling group details page, click the Lifecycle Hook tab.

      2. Click Create Lifecycle Hook.

      3. Configure parameters based on your business requirements and click OK.

        The following table describes the parameters that are used in this example. For parameters that are not described in the table, use the default settings.

        Parameter

        Description

        Name

        Enter ESSHookForAttachEip.

        Scaling Activity

        Select Scale-out Event.

        Timeout Period

        Configure the Timeout Period parameter based on your business requirements. Unit: seconds. In this example, the Timeout Period parameter is set to 300.

        Note

        The timeout period is the period of time during which you can perform custom operations on ECS instances. If the timeout period is shorter than what is required to perform the custom operations, the operations may fail. We recommend that you assess the time required and configure the Timeout Period parameter based on your business requirements.

        Default Execution Policy

        Select Continue.

        Send Notification When Lifecycle Hook Takes Effect

        In this example, the following configurations are used:

        • Select OOS Template.

        • Select Public Templates.

        • Select the ACS-ESS-LifeCycleAllocateEipAddressAndAttachToInstance public template.

        The following example shows how to configure execution parameters in the ACS-ESS-LifeCycleAllocateEipAddressAndAttachToInstance public template:

        • internetChargeType: You can set the value to PayByBandwidth or PayByTraffic. If you set the value to PayByBandwidth, you are charged for the EIPs based on the bandwidth. If you set the value to PayByTraffic, you are charged for the EIPs based on the data transferred. In this example, PayByBandwidth is used.

        • bandwidth: In this example, 5 is used. A value of 5 indicates that the peak bandwidth is 5 Mbit/s.

        • eipTags: Add tags to the EIPs. You can manage your EIPs by group based on tags.

        • OOSAssumeRole: Select OOSServiceRole. In Step 1, the OOSServiceRole RAM role obtains the permissions on ECS, Auto Scaling, and OOS resources. OOS can obtain the required permissions after it assumes the OOSServiceRole RAM role.

    6. Trigger a scale-out.

      A scale-out is triggered in this example by manually executing a scaling rule. You can also trigger scale-outs by using scheduled or event-triggered tasks.

      Note

      If scaling activities are triggered when you manually execute scaling rules, lifecycle hooks take effect. Lifecycle hooks do not take effect when you manually add or remove ECS instances to or from a scaling group.

      1. In the upper part of the page that appears, click the Scaling Rules and Event-triggered Tasks tab.

      2. On the Scaling Rules tab, click Create Scaling Rule.

      3. In the Create Scaling Rule dialog box, configure parameters based on your business requirements and click OK.

        The following table describes the parameters that are used in this example. For parameters that are not described in the table, use the default settings.

        Parameter

        Description

        Rule Name

        Enter Add1.

        Rule Type

        Select Simple Scaling Rule.

        Operation

        Set the value to Add 1 Instances.

      4. On the Scaling Rules tab, find the Add1 scaling rule and click Execute in the Actions column.

      5. In the message that appears, click OK.

      After the Add1 scaling rule is executed, one ECS instance is created. Due to the ESSHookForAttachEip lifecycle hook, the ECS instance enters the Pending Add state, and Auto Scaling notifies OOS to execute the O&M operations defined in the ACS-ESS-LifeCycleAllocateEipAddressAndAttachToInstance template.

      If the scale-out failed and the following error is reported, you can go to the OSS console to check the execution of the O&M operations. For more information, see (Optional) Step 3: View the OOS execution. scaling-failed

    7. Check whether the automatically created ECS instance meets your expectations.

      1. In the upper part of the scaling group details page, click the Instances tab.

      2. Find the automatically created ECS instance and click its ID in the ECS Instance ID/Name section.

      3. In the left-side navigation pane of the page that appears, click the Instance Details tab.

        If the output is similar to the following figure, an EIP is bound to the ECS instance, which specifies that the ACS-ESS-LifeCycleAllocateEipAddressAndAttachToInstance public template yields the expected effect. primary-eip

        If the ECS instance is created but no EIP is bound, you can go to the OOS console to check the execution of the O&M operations. For more information, see (Optional) Step 3: View the OOS execution.

    (Optional) Step 3: View the OOS execution

    1. Log on to the OOS console.

    2. In the left-side navigation pane, choose Automated Tasks > Task Execution Management.

    3. Filter O&M tasks by start time and click Details in the Actions column of the desired O&M task.

    4. On the execution details page, view information about the task.

      For example, in the Basic Information section, you can view the execution ID and status. In the Execution Steps and Results section, you can click a task node to view the execution details. For more information, see View the details of an execution.

      Important

      If the task failed, the error message is displayed on the execution details page.

    FAQ

    If you fail to execute an O&M task, troubleshoot the issue based on the error message in the execution result. The following section describes the common error messages and solutions:

    • Error message: Forbidden.Unauthorized message: A required authorization for the specified action is not supplied.

      Solution: Check whether the required permissions, such as the sample permissions in Step 1, are granted to the OOSServiceRole RAM role. Before OOS can manage the resources that are declared in the OOS template, you must grant the required permissions to the RAM role.

    • Error message: Forbidden.RAM message: User not authorized to operate on the specified resource, or this API doesn't support RAM.

      Solution: Check whether the required permissions, such as the sample permissions in Step 1, are granted to the OOSServiceRole RAM role. Before OOS can manage the resources that are declared in the OOS template, you must grant the required permissions to the RAM role.

    • Error message: LifecycleHookIdAndLifecycleActionToken.Invalid message: The specified lifecycleActionToken and lifecycleActionId you provided does not match any in process lifecycle action.

      Solution: Check whether the timeout period of the lifecycle hook is sufficient for the O&M task specified in the OOS template to complete.

    References

    • When you create a scaling configuration, you cannot specify secondary ENIs or EIPs. If you want to specify EIPs for ECS instances, you can combine the lifecycle hook feature with OOS templates to automatically bind secondary ENIs that have EIPs. Automatic EIP binding is more efficient than manual binding after ECS instances are created. For more information, see Automatically bind secondary ENIs to ECS instances.

    • You can also combine the lifecycle hook feature of Auto Scaling with OOS to implement automatic release of EIPs or automatic unbinding of secondary ENIs that provide the EIPs from ECS instances. For more information, see the following links: