/
Pay-As-You-Go (PAYG)/Hourly Auto Scaling

Pay-As-You-Go (PAYG)/Hourly Auto Scaling

Jan 08, 2026

To deploy the Pay-As-You-Go/Hourly Barracuda Web Application Firewall for AWS in the auto scaling model, follow the instructions in this article.

 The Pay-As-You-Go/Hourly Auto Scaling CloudFormation Template:

  • Includes the number of Barracuda Web Application Firewall instances to be deployed and provisioned.

  • Creates an IAM role that can be used to access the S3 storage and create the S3 bucket for the stack. Typically, an S3 bucket stores the instance data such as the serial number and primary IP address (i.e., WAN IP address) of the deployed Barracuda Web Application Firewall VM(s).

  • Includes the security group created and attached to the deployed Barracuda Web Application Firewall instances.

  • Includes alarms created for CPU and network usage to determine the scaling up/down of instances.

Before proceeding with the deployment, ensure that the AWS services required for the auto scaling setup are created/configured. See to the section "AWS Services Required for the Auto Scaling Setup" in the article Auto Scaling of Barracuda Web Application Firewall using CloudFormation Template on Amazon Web Services.

The PAYG auto scaling CFT is available on GitHub.

Prerequisites

  • Latest Barracuda Web Application Firewall CFT Template.

  • Availability zone(s), VPC ID, and subnet ID where you want to deploy the Barracuda Web Application Firewall and protect your servers.

  • Elastic Load Balancer to load balance the traffic between the deployed Barracuda Web Application Firewalls. For more information, see Elastic Load Balancing in the AWS documentation.

  • Ability to create an IAM role with access to S3. The CFT will create an IAM role that has permissions to create and modify an S3 bucket. The S3 bucket stores the IP address and serial number details of the deployed Barracuda Web Application Firewall instances. The IAM role uses  "AssumeRole" and "STS keys" for maximum security while accessing the S3 bucket.

Default Values of the Barracuda Web Application Firewall PAYG CloudFormation Template

The following are the default values of the Barracuda Web Application Firewall PAYG CloudFormation Template (CFT). You can modify the values as needed.

  • ScalingMinSize - The minimum number of Barracuda Web Application Firewall instances to be deployed initially to serve the web traffic. Default: 1

  • Scaling MaxSize - The maximum number of instances to be scaled up to handle the traffic whenever required.  Default: 4

  • Instance Type - Instance type to be used in Amazon Web Services (AWS). Default: m3.medium

  • Health Check Grace Period for Auto Scaling is set to 1200 seconds.

  • Pause Time for Update Policy is set to 600 seconds.

  • Security Group with the following ports opened:

  • Default Cool Down time for scaling the instances up/down is set to 300 seconds.

  • Alarms for CPU and bandwidth. Note: These alarms are designed to ensure that auto scaling does not lead to instability. The alarms will scale up quickly and scale down slowly to ensure traffic to the site is not disrupted.

Next Step

Continue with the article How the Barracuda CloudFormation Template Works in Pay-As-You-Go (PAYG)/Hourly Instance.

Contact Us
Barracuda Campus
Barracuda Support