Amazon Elastic Compute Cloud (Amazon EC2) or AWS EC2 provides scalable computing capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2 eliminates your need to invest in hardware upfront, so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic.
Amazon Machine Image (AMI)
An AMI is a template that contains the software configuration (operating system, application server, and applications) required to launch your instance. You can select an AMI provided by AWS, our user community, or the AWS Marketplace; or you can select one of your own AMIs.
You can select an AMI to use based on the following characteristics:
- Region (see Regions and Availability Zones)
- Operating system
- Architecture (32-bit or 64-bit)
- Launch Permissions
- Storage for the Root Device
Instance type as per requirements
The Amazon EC2 instance provide a wide range of instance types which are specifically optimized to fit the various use cases. Generally, the types of instances will comprise various combinations of memory, networking capacity, CPU, storage that gives the flexibility in order to choose the perfect mix of resources for your applications. The each Amazon EC2 instance type will typically contain one or more instance sizes by allowing the resources to the targeted workload.
- General Purpose – (T2, M4, M3)
- Computer Optimized – (C5, C4, C3)
- Memory Optimized – (X1, R4, R3)
- Accelerated Computing (P3, P2, G3, F1)
- Storage optimized-(I3)
- Dense-storage Instances – (D2)
Networking Config
Create a VPC, Public & Private Subnet, Auto assign Public IP, Internet Gateway, Route Table, NAT Gateways etc are critical elements of making your EC2 Secure.
Termination Protection
Enabling Termination Protection for an Instance. By default, you can terminate your instance using the Amazon EC2 console, command line interface, or API. If you want to prevent your instance from being accidentally terminated using Amazon EC2, you can enable termination protection for the instance.
User Init data
Cloud init is an early initialization service that is run on certain cloud distributions which allow us to pass configuration files or files that, will allow us to the pass configurated files, giving a system a set of instructions to perform for instance boot time.
RELATED: Security Consulting and Audit of AWS Cloud.
Storage ( Volume, Size, Volume type)
Amazon EC2 provides you with flexible, cost-effective, and easy-to-use data storage options for your instances. Each option has a unique combination of performance and durability. These storage options can be used independently or in combination to suit your requirements.
- Amazon Elastic Block Store :Amazon EBS provides durable, block-level storage volumes that you can attach to a running instance. You can use Amazon EBS as a primary storage device for data that requires frequent and granular updates. For example, Amazon EBS is the recommended storage option when you run a database on an instance.
- Amazon EC2 Instance Store: Many instances can access storage from disks that are physically attached to the host computer. This disk storage is referred to as instance store. Instance store provides temporary block-level storage for instances.
- Amazon Elastic File System (Amazon EFS): Amazon EFS provides scalable file storage for use with Amazon EC2. You can create an EFS file system and configure your instances to mount the file system. You can use an EFS file system as a common data source for workloads and applications running on multiple instances.
- Amazon Simple Storage Service (Amazon S3): Amazon S3 provides access to reliable and inexpensive data storage infrastructure. It is designed to make web-scale computing easier by enabling you to store and retrieve any amount of data, at any time, from within Amazon EC2 or anywhere on the web.
Adding Tags
Amazon Web Services (AWS) allows customers to assign metadata to their AWS resources in the form of tags. Each tag is a simple label consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources.
Security Group configuration & Firewall rules setting ( Protocol type, Source etc)
To create a security group, open the Amazon EC2 console:
Select a region for the security group
- Click on “create a security group,” and enter a name for the new security group along with a description of the group
- On the Inbound tab, create rules such as:
- Allow HTTP(S) traffic to enter the instance
- Allow SSH traffic to enter the instance
Store the .pem file securely
Download the .pem file to securely ssh to Server which is created.
CloudWatch Detailed monitoring
Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real time. You can use CloudWatch to collect and track metrics, which are variables you can measure for your resources and applications
Creating Alarm for the following:
- CPU Utilization
- Disk read/ write Operation
- Network In/ Out
- Netwok Packets In/ Out
- Status Check Failed (any, System, Instance)
- CPU Credit usage/ Balance