Amazon Elastic Compute Cloud (ECC or EC2) is meant to provide scalable computing in Amazon Web Services (AWS) cloud. I am assuming that you have some idea of cloud computing. The focus of this article is to give you an overall picture of what Amazon EC2 offers you and how things look from a high level. If you simply want to create an EC2 instance you can learn about it here.
The BIG Picture
The figure below shows the core elements of EC2:
Amazon Machine Image (AMI)
AMI is a template that contains software configurations. You can create one or multiple instances using preconfigured AMIs. You can create your own AMIs as well.
Instance Type contains hardware units like CPU, Memory, Disk, etc. that defines the computing power of the server. It is instantiated using an AMI. They are priced:
On demand: You pay per hour of usage.
Reserved Instances: You pay in advance at a lower rate than on-demand.
Spot Instances: Good for computing that is not as time sensitive. The price is a lot lower than on-demand and you can bid for the maximum price you are willing to pay for the resources.
There are primarily two kinds of storage volumes:
Instance based: Data is deleted when you stop or terminate your instance.
Elastic Block Store (EBS): Persistent volumes for your data.
Security groups are similar to firewalls. You can use it to allow or block ports for certain protocols.
Tags are just metadata that helps you identify your resources. You should use meaningful tags to help you remember the details about your AWS resources.
Virtual Private Clouds
These are virtual networks that are logically isolated from the rest of the AWS cloud and can be connected to your own network.
Elastic IP Address
It allows you to map a fixed IP address to your instances. You can spin a parallel instance and test all the functionality as needed and simply map the existing Elastic IP address to the new instance. Very helpful!
You can secure login to your Amazon resources using Key Pairs. It is a great way to avoid passwords completely. Not only does it help you overcome the password vulnerabilities, it also allows you to automate a plethora of server tasks.
Every Amazon EC2 region is completely isolated from each other. This allows for the greatest possible fault tolerance. You can create resources in different regions and the resources created in one region aren't automatically replicated to other regions.
In one region there are usually multiple availability zones. It is a good idea to plan your region and zones appropriately for fault tolerance.
1. AWS Account Usage
DO NOT use your AWS account for managing EC2 resources. Use AWS Identity and Access Management (IAM) instead. It is very straightforward.
- Click on
Name > My Security Credentialson top right.
Get Started with IAM Users.
- Click on Groups > Create New Group.
- Provide a name and attach policies.
- Now, create some
Usersand follow the steps to assign them to a
- Once the user is created, you can sign out and access EC2 using
- To find your sign-in URL, go to the IAM dashboard. You can click on customize to create an alias of your choice.
2. Create a Key Pair
DO NOT use passwords to log into your servers. Passwords are evil and vulnerable to all sort of attacks. Create a
Key Pair instead. You can create it easily:
- Click on
Network & Security > Key Pairsin the left pane of your EC2 Dashboard.
Create Key Pairand provide a name like
Createand the private key file will be automatically downloaded. It ends with an extension
- You must save all your key pairs in a safe folder. You will not be able to download this file again!
- Change the permissions on the file:
chmod 400 myserver-myregion.pem
- Use this key pair when creating a new EC2 instance.
3. Restrict SSH Access
It is a good idea to create Security Groups and assign it to EC2 instances. Often, the administrators allow access from
Anywhere (0.0.0.0/0). This is not a good practice since it opens your servers for attacks from across the world. You should use My IP instead. If you must use
Anywhere, use it only for a small period.
4. Update Software
Keep your software up to date. When you create a new instance, or when you log in, you may see a message asking you to update software packages.
__| __|_ ) _| ( / Amazon Linux AMI ___|\___|___| https://aws.amazon.com/amazon-linux-ami/xxxx.xx-release-notes/ There are xx security update(s) out of yyy total update(s) available Run "sudo yum update" to apply all updates. [ec2-user ~]$
sudo yum update to install all updates. As a good practice,
reboot your instance after the updates. Learn more about updates here.
5. Know Limits
It is extremely important that you know the limits of your AWS EC2. Plan to request well in advance to avoid last minute hassles.
6. Tag Everything
Tags are simple, yet effective. Create meaningful
Tags for every resource so that it is easy for you to identify their purpose later.
7. Backup, Backup, Backup!
AWS Cloud gives you a lot of freedom from actual resource and data center management. However, freedom doesn't imply carelessness. Use Amazon EBS Snapshots or a backup tool regularly.
You must monitor your resources in Amazon periodically and respond to events on time. This is crucial because you wouldn't want to face any kind of data loss, performance or availability issues in production. Find and use tools to help you do that.
9. Create Documentation
In the time of crisis, a disaster recovery document comes in handy. Document BEFORE you provision your resources.
10. Verify your Documents
In a production scenario, things are agile and documents often get out of sync. Periodically, verify your documents by running through them and ensure that the resources are in sync with the document.
I hope this quick guide gives you an overall picture of Amazon Web Services. Currently, Amazon is one of the best cloud provider on the planet and the number of services they offer is massive.
Subscribe now to stay tuned for our latest articles on cloud solutions, hosting and many other web technologies. Also, if you have any consulting requirements, check out our services or contact us at firstname.lastname@example.org.