Skip to content
Public documentation for boltopspro/ecs-asg
Ruby Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.meta add public docs Nov 6, 2019
app add public docs Nov 6, 2019
docs add public docs Nov 6, 2019
.gitignore add public docs Nov 6, 2019 add public docs Nov 6, 2019
Gemfile add public docs Nov 6, 2019
LICENSE.txt add public docs Nov 6, 2019 add public docs Nov 6, 2019
Rakefile add public docs Nov 6, 2019
ecs-asg.gemspec add public docs Nov 6, 2019

NOTE: This repo contains only the documentation for the private BoltsOps Pro repo code. Original file: The docs are publish so they are available for interested customers. For access to the source code, you must be a paying BoltOps Pro subscriber. If are interested, you can contact us at or

ECS ASG Blueprint

Watch the video



  1. Add blueprint to Gemfile
  2. Configure: configs/ecs-asg values
  3. Deploy blueprint


Add the blueprint to your lono project's Gemfile.

gem "ecs-asg", git: ""


Use the lono seed command to generate a starter config params files. Here are commands for the development and production environments:

LONO_ENV=development lono seed ecs-asg
LONO_ENV=production  lono seed ecs-asg

The files in config/ecs-asg folder will look something like this:

└── params
    ├── development.txt
    └── production.txt

There are 2 parameters required: Subnets and Vpc. Replace them with your values. The example starter configs/ecs-asg/params/development.txt looks something like this:

# Required parameters:
Vpc=vpc-111 # Find at vpc CloudFormation Outputs
Subnets=subnet-111,subnet-222,subnet-333 # Find at vpc CloudFormation Outputs
# Optional parameters:
# InstanceType=m5.large
# KeyName=...
# SshLocation=...
# EcsCluster=development
# TagName=ecs-asg-development
# ExistingIamInstanceProfile=...
# ExistingSecurityGroups=...
# EbsVolumeSize=50
# MinSize=1
# MaxSize=4
# MinInstancesInService=2
# MaxBatchSize=1

A quick way to get the VPC and subnet values is from the vpc CloudFormation Outputs. Here's an example of development.

It is recommended to run the ECS containers on the PrivateAppSubnets.

Repeat the same process and configure params and variables files for the production environment also.


Use the lono cfn deploy command to deploy.:

LONO_ENV=development lono cfn deploy ecs-asg --sure --no-wait
LONO_ENV=production  lono cfn deploy ecs-asg --sure --no-wait

If you are using One AWS Account, use these commands instead: One Account.

Instance Access

To access the ec2 instances for debugging we strongly recommend using SSM Session Manager. The instances in this blueprint have SSM manager installed. You can quickly setup Session Manager on your AWS account with the Session Manager Pro script.

Security Groups

A security group will be assigned to the ASG EC2 instances. The security group that may be created depends on how you configure the parameters. Here's how they work:

  • If you would like to use a pre-created existing security group then set the ExistingSecurityGroups parameter. The existing security gorup will be used and no "managed" security group will be created by the CloudFormation template.
  • If you would like the CloudFormation template to create and manage the security group for you. You can set the SshLocation parameter. A security group with Port 22 will be whitelisted to that SshLocation.
  • If the SshLocation parameter is not set, then no managed security group will be created and the default security group will be assigned to the EC2 instances in the AutoScaling group.

IAM Permissions

The IAM permissions required for this stack are described below.

Service Description
autoscaling Creates AutoScaling Group, Policies, Launch Configuration, Lifecycle Hook
cloudformation To launch the CloudFormation stack.
cloudwatch Alarm to trigger the AutoScaling Policies.
ec2 Security Group
iam Instance Profile associated with AutoScaling Group.
lambda Lambda function for the AutoScaling Lifecycle Hook.
s3 Lono managed s3 bucket
sns SNS Topic notification

Back to Reference Architecture

That's it. Go back to the main boltopspro/reference-architecture

You can’t perform that action at this time.