Scaling plans and interface VPC endpoints (Amazon PrivateLink)
You can improve the security posture of your VPC by configuring Amazon Auto Scaling to use an interface VPC endpoint. Interface endpoints are powered by Amazon PrivateLink, a technology that enables you to privately access Amazon Auto Scaling APIs by restricting all network traffic between your VPC and Amazon Auto Scaling to the Amazon network. With interface endpoints, you also don't need an internet gateway, a NAT device, or a virtual private gateway.
You are not required to configure Amazon PrivateLink, but it's recommended. For more information about Amazon PrivateLink and VPC endpoints, see What is Amazon PrivateLink? in the Amazon PrivateLink Guide.
Topics
Create an interface VPC endpoint for scaling plans
Create an endpoint for Amazon Auto Scaling scaling plans using the following service name:
com.amazonaws.region.autoscaling-plans
For more information, see Access an Amazon service using an interface VPC endpoint in the Amazon PrivateLink Guide.
You do not need to change any other settings. Amazon Auto Scaling API calls other Amazon Web Services using either service endpoints or private interface VPC endpoints, whichever are in use.
Create a VPC endpoint policy for scaling plans
You can attach a policy to your VPC endpoint to control access to the Amazon Auto Scaling API. The policy specifies:
-
The principal that can perform actions.
-
The actions that can be performed.
-
The resource on which the actions can be performed.
The following example shows a VPC endpoint policy that denies everyone permission to delete a scaling plan through the endpoint. The example policy also grants everyone permission to perform all other actions.
{ "Statement": [ { "Action": "*", "Effect": "Allow", "Resource": "*", "Principal": "*" }, { "Action": "autoscaling-plans:DeleteScalingPlan", "Effect": "Deny", "Resource": "*", "Principal": "*" } ] }
For more information, see VPC endpoint policies in the Amazon PrivateLink Guide.
Endpoint migration
On November 22, 2019, we introduced
autoscaling-plans. as the new
default DNS hostname and endpoint for calls to the Amazon Auto Scaling API. The new endpoint is
compatible with the latest release of the Amazon CLI and SDKs. If you have not done so already,
install the latest Amazon CLI and SDKs to use the new endpoint. To update the Amazon CLI, see Installing the Amazon CLI using pip in the Amazon Command Line Interface User Guide. For information about the Amazon SDKs, see Tools for Amazon Web Servicesregion.amazonaws.com
Important
For backward compatibility, the existing
autoscaling. endpoint will
continue to be supported for calls to the Amazon Auto Scaling API. To set up the
region.amazonaws.comautoscaling. endpoint as a
private interface VPC endpoint, see Amazon EC2 Auto Scaling and interface VPC
endpoints in the Amazon EC2 Auto Scaling User Guide.region.amazonaws.com
Endpoint to Call When Using the CLI or the Amazon Auto Scaling API
For the current release of Amazon Auto Scaling, your calls to the Amazon Auto Scaling API automatically go to
the autoscaling-plans. endpoint
instead of region.amazonaws.comautoscaling..region.amazonaws.com
You can call the new endpoint in the CLI by using the following parameter with each
command to specify the endpoint: --endpoint-url
https://autoscaling-plans.. region.amazonaws.com
Although it is not recommended, you can also call the old endpoint in the CLI by using the
following parameter with each command to specify the endpoint: --endpoint-url
https://autoscaling.. region.amazonaws.com
For the various SDKs used to call the APIs, see the documentation for the SDK of interest
to learn how to direct the requests to a specific endpoint. For more information, see Tools for Amazon Web Services