As one of the most utilised AWS services, EC2 forms the backbone for most AWS-infrastructure led organizations. We talk about what’s new, how to keep your instances happy and healthy, and share Cloud Conformity’s Golden Tips taken from our team of AWS experts leading the way in security and optimisation assurance. Our mantra: Protect, Detect, Correct.
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity within AWS eliminating your need to invest in hardware up front, so you can develop and deploy applications faster whilst reducing your need to forecast traffic. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, plus manage storage.
EC2 News 2018: Bigger, Stronger and More Cost Effective
AWS have recently launched new instances offering 6TB, 9TB and 12TB memory purpose-built for large in-memory databases without the need for new VPCs. The High Memory instances are EBS-optimised, deliver high networking throughput and low latency by being the first to take advantage of a new 8-socket platform from Intel® Xeon® Platinum 8176M (Skylake) processors.
Mid-size F1 Instances Introduced
It may have taken a while but AWS have finally released a new f1.4xlarge size instance, which now gives the option of two Xilinx FGPAs versus the previously available one and eight FGPAs. Available in US East (N. Virginia), US West (Oregon), Europe (Ireland) AWS GovCloud (US West) regions, the new size will be able to support your complex projects without the overspend.
Lower disruption for Spot Instances
Earlier this year, AWS announced a new Spot instance model “where prices adjust more gradually, based on longer-term trends in supply and demand”. This new model has meant the need for a thorough understanding of the bidding process and a high level of engineering ability to deal with sudden changes is a necessity from yesterday. Less pricing changes mean more stable instances and naturally, more uninterrupted workloads with consistent, forecastable spends.
Dynamic, Extensive Fleets
AWS launched EC2 Fleets which allows instances of all types to get started and managed via a single API. Whilst fleets were only available for Spot instances, this new all-inclusive product means that neither performance or cost are compromised when scaling up or down, and workloads are processed at the lowest possible price throughout.
Best Practice & Good Housekeeping
Some basic but crucial good habits to keep your EC2 instances in top form.
For the Security side, ensure IAM users and roles are used and management policies are established for access policies
On Storage, keep EBS volumes separate for operating systems and data, and check that the EC2 instances provisioned outside of the AWS Auto Scaling Groups (ASGs) have Termination Protection safety feature enabled in order to protect your instances from being accidentally terminated.
For efficient Resource Management, take advantage of custom tags to track and identify resources, and keep on top of your stated EC2 limits
For full confident Backup and Recovery, regularly test the process of recovering instances and EBS volumes should they fail, and create and use approved AMIs for easier and consistent future instance deployment. For ultimate flexibility, make use of multiple Availability Zones for your critical elements and design applications to handle dynamic IP addresses.
Cloud Conformity Golden Top Tips
- Ensure all your EC2 instances are managed by AWS Systems Manager so you can centralise and simplify patching, run shell scripts/powershell remotely without logging in to individual instances and see a directory of resources for your EC2 fleet.
- The top Cloud Conformity rules for EC2 Instances are two rules which check for SSH and RDP ingress on your EC2 instances. If you get an alert from either of these rules we suggest you investigate and remediate immediately.
Cloud Conformity has over 60 rules for the EC2 service and is constantly adding additional rules.
Start your free, two-week trial today and connect your first AWS account in minutes to enjoy the continuous assurance of Cloud Conformity.