| « PreviousNext » | |
   | Did this page help you? Yes | No | Tell us about it... |
Instance Best Practices
The instance is your basic computation building block. After you launch an instance, it looks very much like a traditional host. You have complete control of your instances; you have root access to each one and you can interact with them as you would any computer.
By default, you can run up to 20 instances. You can run as many or as few of these instances as you need at any time. If you need more than 20 instances, please complete the Amazon EC2 Instance Request Form.
Here are some suggestions for making the best use of Amazon EC2 instances:
Do not rely on an instance's local storage for valuable, long-term data.
When instances fail, the data on the local disk is lost. Use a replication strategy across multiple instances to keep your data safe, or store your persistent data in Amazon S3, or use Amazon EBS.
Define images based on the type of work they perform.
For "Internet applications," you might define one image for database instances and another for web servers. Image creation and storage are cheap and easy operations, so you can individualize and customize as necessary. Specialized images can result in smaller AMI sizes, which boot considerably faster.
Monitor the health of your instances.
For more information, see the Amazon CloudWatch product page.
Keep your instances secure.
There are a number of ways you can keep your instances secure.
Restrict access by only allowing trusted hosts or networks to access ports on your instance. For example, you can restrict SSH access by restricting incoming traffic on port 22. For more information about authorizing network access, see Authorizing Network Access to Your Instances.
Disable password-based logins for instances launched from your AMI. Passwords can be found or cracked, and are a security risk. For more information, see Disable Password-Based Logins for Root. For more information about sharing AMIs safely, see Sharing AMIs Safely.
Review the rules in your security groups regularly, and ensure that you apply the principle of least privilege—only open up permissions that you require. You can also create different security groups to deal with instances that have different security requirements. Consider creating a bastion security group that allows external logins and keep the remainder of your instances in a group that does not allow external logins. For more information about security groups, see Amazon EC2 Security Groups.
Consider using AWS Identity and Access Management (IAM) to control access to your Amazon EC2 resources, including your instances. You can use IAM to create users and groups under your AWS account, assign security credentials to each, and control access to resources and services. For more information, see Controlling Access to Amazon EC2 Resources.
