Scaling Smart: EC2 Autoscaling, Terraform, and Secrets Manager in AWS

In the last post, we deployed a secure, scalable AWS architecture for a restaurant booking app using EC2, RDS, and CloudWatch. Now let’s take it further:

  • πŸ”„ Auto Scaling EC2 Instances
  • βš™οΈ Infrastructure as Code with Terraform
  • πŸ” Secrets Manager for Secure Configs

This final layer turns your setup into a production-grade cloud-native app.

πŸ”„ 1. Auto Scaling EC2 Instances

πŸ”Ή Why It Matters

Your app should automatically handle more traffic and recover from failure β€” even when you’re asleep.

βœ… What We’ll Do

  • Create an Auto Scaling Group (ASG)
  • Attach to Application Load Balancer (ALB)
  • Use Launch Templates for consistency

πŸ”§ Steps

Create Launch Template

aws ec2 create-launch-template \
  --launch-template-name web-app-template \
  --version-description v1 \
  --launch-template-data file://lt-config.json

Create Auto Scaling Group

aws autoscaling create-auto-scaling-group \
  --auto-scaling-group-name web-app-asg \
  --launch-template LaunchTemplateName=web-app-template,Version=1 \
  --min-size 2 --max-size 5 --desired-capacity 2 \
  --vpc-zone-identifier subnet-xxxxxx,subnet-yyyyyy \
  --target-group-arns arn:aws:elasticloadbalancing:...

Add Scaling Policy (CPU-Based)

aws autoscaling put-scaling-policy \
  --auto-scaling-group-name web-app-asg \
  --policy-name cpu-scale-up \
  --policy-type TargetTrackingScaling \
  --target-tracking-configuration file://cpu-scaling-config.json

βš™οΈ 2. Infrastructure as Code with Terraform

πŸ”Ή Why It Matters

  • Avoid manual configuration
  • Reproducible and version-controlled

βœ… What We’ll Do

  • Use Terraform to deploy VPC, EC2, RDS, IAM, ALB, etc.

🧱 Sample Terraform Structure

terraform/
β”œβ”€β”€ main.tf         # Provider and modules
β”œβ”€β”€ vpc.tf          # VPC and subnet config
β”œβ”€β”€ ec2.tf          # Launch template, ASG
β”œβ”€β”€ alb.tf          # Load balancer setup
β”œβ”€β”€ rds.tf          # Database
β”œβ”€β”€ outputs.tf      # Useful outputs (IP, URLs)

πŸ”§ Example Snippet

resource "aws_launch_template" "app" {
  name_prefix   = "web-app"
  image_id      = "ami-0abc12345"
  instance_type = "t3.micro"
  user_data     = filebase64("init.sh")
}

resource "aws_autoscaling_group" "app_asg" {
  desired_capacity     = 2
  max_size             = 5
  min_size             = 1
  launch_template {
    id      = aws_launch_template.app.id
    version = "$Latest"
  }
  vpc_zone_identifier = [aws_subnet.public1.id, aws_subnet.public2.id]
  target_group_arns   = [aws_lb_target_group.app_tg.arn]
}

Run it all with:

terraform init
terraform apply

πŸ” 3. Secrets Manager for Environment Variables

πŸ”Ή Why It Matters

Never hardcode secrets in .env files or user data scripts.

βœ… What We’ll Do

  • Store API keys, DB passwords securely
  • Inject them into EC2 via IAM + SDK/CLI

πŸ”§ Create and Retrieve Secret

aws secretsmanager create-secret \
  --name db_credentials \
  --secret-string '{"username":"admin","password":"mypassword"}'

aws secretsmanager get-secret-value --secret-id db_credentials

πŸ”§ Access via Code (Python Example)

import boto3
import json

secrets = boto3.client('secretsmanager')
response = secrets.get_secret_value(SecretId='db_credentials')
creds = json.loads(response['SecretString'])
print(creds['username'])

Or pass to container as ENV via EC2 User Data script:

#!/bin/bash
export DB_USER=$(aws secretsmanager get-secret-value --secret-id db_credentials --query 'SecretString' --output text | jq -r .username)

πŸ“¦ What You’ve Built

βœ… EC2 Auto Scaling behind ALB βœ… Declarative Infrastructure via Terraform βœ… Secure Secrets Management via AWS-native services

Related Posts

Scroll to Top