Amazon EC2 Overview

Amazon Elastic Compute Cloud (ECC or EC2) is meant to provide scalable computing in Amazon Web Services (AWS) cloud. I am assuming that you have some idea of cloud computing. The focus of this article is to give you an overall picture of what Amazon EC2 offers you and how things look from a high level. If you simply want to create an EC2 instance you can learn about it here.

The BIG Picture

The figure below shows the core elements of EC2:
The Big Picture

Amazon Machine Image (AMI)

AMI is a template that contains software configurations. You can create one or multiple instances using preconfigured AMIs. You can create your own AMIs as well.

Instance Type

Instance Type contains hardware units like CPU, Memory, Disk, etc. that defines the computing power of the server. It is instantiated using an AMI. They are priced:
- On demand: You pay per hour of usage.
- Reserved Instances: You pay in advance at a lower rate than on-demand.
- Spot Instances: Good for computing that is not as time sensitive. The price is a lot lower than on-demand and you can bid for the maximum price you are willing to pay for the resources.

Storage

There are primarily two kinds of storage volumes:
- Instance based: Data is deleted when you stop or terminate your instance.
- Elastic Block Store (EBS): Persistent volumes for your data.

Security Groups

Security groups are similar to firewalls. You can use it to allow or block ports for certain protocols.

Tags

Tags are just metadata that helps you identify your resources. You should use meaningful tags to help you remember the details about your AWS resources.

Virtual Private Clouds

These are virtual networks that are logically isolated from the rest of the AWS cloud and can be connected to your own network.

Elastic IP Address

It allows you to map a fixed IP address to your instances. You can spin a parallel instance and test all the functionality as needed and simply map the existing Elastic IP address to the new instance. Very helpful!

Key Pairs

You can secure login to your Amazon resources using Key Pairs. It is a great way to avoid passwords completely. Not only does it help you overcome the password vulnerabilities, it also allows you to automate a plethora of server tasks.

Region

Every Amazon EC2 region is completely isolated from each other. This allows for the greatest possible fault tolerance. You can create resources in different regions and the resources created in one region aren't automatically replicated to other regions.

Availability Zones

In one region there are usually multiple availability zones. It is a good idea to plan your region and zones appropriately for fault tolerance.

Important Recommendations

1. AWS Account Usage

DO NOT use your AWS account for managing EC2 resources. Use AWS Identity and Access Management (IAM) instead. It is very straightforward.

  • Click on Name > My Security Credentials on top right.
  • Click Get Started with IAM Users.
  • Click on Groups > Create New Group.
  • Provide a name and attach policies.
  • Now, create some Users and follow the steps to assign them to a Group.
  • Once the user is created, you can sign out and access EC2 using https://your_aws_account_id.signin.aws.amazon.com/console.
  • To find your sign-in URL, go to the IAM dashboard. You can click on customize to create an alias of your choice.

2. Create a Key Pair

DO NOT use passwords to log into your servers. Passwords are evil and vulnerable to all sort of attacks. Create a Key Pair instead. You can create it easily:

  • Click on Network & Security > Key Pairs in the left pane of your EC2 Dashboard.
  • Click Create Key Pair and provide a name like myserver-myregion
  • Click Create and the private key file will be automatically downloaded. It ends with an extension .pem.
  • You must save all your key pairs in a safe folder. You will not be able to download this file again!
  • Change the permissions on the file:
chmod 400 myserver-myregion.pem  

3. Restrict SSH Access

It is a good idea to create Security Groups and assign it to EC2 instances. Often, the administrators allow access from Anywhere (0.0.0.0/0). This is not a good practice since it opens your servers for attacks from across the world. You should use My IP instead. If you must use Anywhere, use it only for a small period.

Anywhere

4. Update Software

Keep your software up to date. When you create a new instance, or when you log in, you may see a message asking you to update software packages.

       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/xxxx.xx-release-notes/  
There are xx security update(s) out of yyy total update(s) available  
Run "sudo yum update" to apply all updates.  
[ec2-user ~]$

Run sudo yum update to install all updates. As a good practice, reboot your instance after the updates. Learn more about updates here.

5. Know Limits

It is extremely important that you know the limits of your AWS EC2. Plan to request well in advance to avoid last minute hassles.

6. Tag Everything

Tags are simple, yet effective. Create meaningful Tags for every resource so that it is easy for you to identify their purpose later.

7. Backup, Backup, Backup!

AWS Cloud gives you a lot of freedom from actual resource and data center management. However, freedom doesn't imply carelessness. Use Amazon EBS Snapshots or a backup tool regularly.

8. Monitor

You must monitor your resources in Amazon periodically and respond to events on time. This is crucial because you wouldn't want to face any kind of data loss, performance or availability issues in production. Find and use tools to help you do that.

9. Create Documentation

In the time of crisis, a disaster recovery document comes in handy. Document BEFORE you provision your resources.

10. Verify your Documents

In a production scenario, things are agile and documents often get out of sync. Periodically, verify your documents by running through them and ensure that the resources are in sync with the document.

Summary

I hope this quick guide gives you an overall picture of Amazon Web Services. Currently, Amazon is one of the best cloud provider on the planet and the number of services they offer is massive.

Subscribe now to stay tuned for our latest articles on cloud solutions, hosting and many other web technologies. Also, if you have any consulting requirements, check out our services or contact us at contact@attosol.com.

Rahul Soni

⌘⌘ Entrepreneur. Author. Geek. ⌘⌘

Kolkata, India

Subscribe to Attosol Technologies

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!