I have create an ELB with an autoscaling group on AWS and I was wondering how does autoscaling work when a DDoS attack takes places? Is it going to scale until the limit I have set? How can I protect my AWS infrastructure against this? Thanks a lot in advance.
There are a lot of varieties of DDOS and an autoscaling group won't recognize a DDOS attack from normal traffic implicitly.
Assuming your scaling policies are setup correctly, your autoscaling group MAY grow (in number of instances) in the event of a DDOS attack because the instances are receiving a high volume of traffic and overloading. (I say may because all applications respond slightly differently to high volumes and varieties of traffic. I have worked with applications that don't play nicely with scaling policies without extra engineering. Also if your max number of instances is already reached it should not continue to grow).
The problem is that there is nothing to distinguish between real traffic and non-real traffic, so your services will still be flooded with the 'fake' stuff. The general goal is to 'filter' DDOS traffic before it hits your application instances.
That being said, AWS has some services to help against DDOS attacks:
https://aws.amazon.com/answers/networking/aws-ddos-attack-mitigation/
Specifically AWS Shield and AWS WAF would allow you to use tools like pattern matching or geolocation blocking to reject the unwanted traffic in question from attacking your infrastructure. Different services use different mitigation techniques. If you implement some of these services, they will help you respond effectively and keep your costs down but there is no 'one size fits all' methodology that I'm aware of.
Depending on budget there are other organizations and applications that you can work with to prepare yourself. For people where this is your first application or your organization is just starting out, I wouldn't worry too much about DDOS mitigation. Having and becoming comfortable with web application firewalls/shields are a good starting point for a host of other benefits that are likely more relevant for the early days. (Good security hygiene, familiarity with an applications traffic, etc etc)