Provision a full web application stack (VPC, ECS, SLB, RDS) via Terraform, then configure Auto Scaling to manage ECS instances and integrate them with SLB for load balancing and RDS for database access, while setting up security groups and networking for the scaled instances.
Use this workflow when deploying a production web application that requires infrastructure-as-code provisioning, dynamic compute scaling based on traffic, and automated integration with load balancers and managed databases. It eliminates manual ECS lifecycle management while ensuring consistent networking, security policies, and service discovery across all scaled nodes.
alicloud_vpc, alicloud_vswitch, and alicloud_security_group in main.tf. Run terraform init && terraform apply to establish the network boundary and baseline security group.alicloud_slb (type intranet) and alicloud_db_instance resources. Export their IDs via output "slb_id" { value = alicloud_slb.web.id } for downstream ESS integration.alicloud_ess_scaling_configuration with instance_type = "ecs.c6.large", image_id, and security_group_id = alicloud_security_group.web.id.alicloud_ess_scaling_group with min_size = 2, max_size = 10, and vswitch_ids = [alicloud_vswitch.web.id].aliyun ess AttachLoadBalancers --ScalingGroupId <sg_id> --LoadBalancerIds <slb_id> --ForceAttach true (from ess-integrate-services) to auto-register new ECS nodes to the SLB.aliyun ess AttachDBInstances --ScalingGroupId <sg_id> --DBInstanceIds <rds_id> to automatically inject scaled ECS private IPs into the RDS IP whitelist.aliyun ecs AuthorizeSecurityGroup --SecurityGroupId <sg_id> --IpProtocol tcp --PortRange 80/80 --SourceCidrIp 0.0.0.0/0 to allow web traffic, and add a rule for RDS port 3306 restricted to the VPC CIDR.aliyun ess DescribeScalingInstances. Before patching, isolate a node using aliyun ess SetInstancesToStandby --ScalingGroupId <sg_id> --InstanceIds <i-xxx> (from ess-manage-instances).Terraform acts as the declarative orchestrator, provisioning VPC, SLB, RDS, and security groups. The ESS scaling group dynamically provisions ECS instances using the scaling configuration. Client traffic flows through SLB → ECS. ESS automatically registers new ECS nodes to the SLB backend pool and syncs their private IPs to the RDS whitelist. Security groups enforce north-south (SLB→ECS) and east-west (ECS→RDS) traffic isolation.
aliyun) and Terraform (>=1.5.0) installedALICLOUD_ACCESS_KEY and ALICLOUD_SECRET_KEY environment variables configuredAliyunESSFullAccess, AliyunECSFullAccess, and AliyunSLBFullAccess/health) doesn't return HTTP 200. Align the SLB HealthCheckURI with your app's actual endpoint.terraform plan diffs. Always route infra changes through terraform apply.Q: How do I deploy an auto-scaling web cluster or scalable application stack? A: You can provision this architecture by using Terraform to deploy a complete web application stack and configuring Auto Scaling to manage ECS instances alongside SLB and RDS. This solution integrates infrastructure provisioning, instance management, service binding, and networking configuration across the specified cloud services.