-
Notifications
You must be signed in to change notification settings - Fork 8
Amazon AWS EC2 Best Practices for AWS Admins
-
Use the standard and clean AMI to launch the EC2 Instances (Quick Start AMIs or Right Scale Images from Community AMIs are best Images)
-
Follow the Standard Naming convention to the EC2 Instances like : Purpose of the Instance, Environment, Number etc. Example : WordPress_App_Prod_01
-
Assign Elastic IP, if required for your instances. So stop and start of the Instance will not impact the end customers. Like FTP Servers, DB Servers, Backup Servers, Web Servers etc
-
Stop the Instance when it is not in use.
-
Communicate always using the Private IP’s or complete Public DNS IP when the Instances are in the same region to avoid the data transfer charges.
-
Use always Public DNS IP for communication, if it is from Internet and Other regions it will resolve as Public IP or if it is from same region it will resolve as Private IP automatically.
-
Don’t keep any important data in ephemeral storage. You will lost the data, when you stop and start the instance.
-
Enable the termination protection to prevent the accidental termination of EC2 instances.
-
Setup the CloudWatch Monitoring alarms for CPU and Instance Status and configure the alerts for your support mail ID, to notify for any CPU issues or instance reachability issues.
-
Periodically, run AWS trusted Advisor and see the underutilized instances, so that you can degrade them to the lower instance types.
-
Create a Golden AMI, once you setup & configure your EC2 machine completely.
-
Create the AMI’s of the Prod Instances weekly/fortnightly/monthly depending upon frequency of changes you made to the Instance. -
Follow the Standard Naming convention when you name the AMIs. Best practice is append the present date for the AMI name and Description. Example : WordPress_Prod_App_AMI_24012014 -
Always Copy the AMIs to the DR/backup region whenever you take the new AMI. -
Keep at least last 4 AMI’s and Golden AMI in Present Prod region and DR/Backup region. -
Clean or De-Register the AMIs which were not in use.
* Name the EBS volumes properly when you create them like : Volume Purpose, Environment etc. : WordPress_Mysql_Data_Volume
-
Take the EBS snapshots regularly. Frequency will be as per your requirement, hourly/daily/weekly. -
Copy EBS snapshots to your DR/backup region to maximum availability. -
Keep at least last 15 snapshots of EBS volumes, in case, if you want to rollback your data to certain older date. -
Cleanup the Unused Volumes to avoid the confusion and cost saving. -
Always take your Volumes snapshots at non-business hours. -
Keep checking your Snapshots consistency by creating the Volumes, mounting them to instances and verify the integrity of the data in it.
- Follow the Standard Naming convention to the Key Pairs and Security Groups Example: WordPress_Prod_App_SG & Wordpess_Prod_App_Key
-
Never ever share your Key Pairs with any one unless it is really needed. -
Never use single Security Group and Key Pairs for your entire region. Create Separate Keys and Groups for each kind of Instances. -
Remove the unused Key Pairs and Security Groups from your console. -
Create temporary keys or username/passwords, if any one needs the access the system. Don’t share the master key. -
Recycle the keys quarterly/half-yearly and create the new keys including master key. Remove the keys of users who are not part of the project or organization. -
Don’t use the default security group for any of your Instances at all. -
Never ever open any port to the public unless your application demands like 80, 443 etc. For Internal communication between EC2 machines, you can open the ports using security groups rather than IP’s. Because Public and Private IP’s keep changes. -
Remove the unused ports,which are opened for temporary purposes. -
Assign the right security group to the EC2 while launching it,because you can’t change the security group once you launch it. -
Do audit on your security groups monthly/quarterly because those are the entry and exit points for your Instances.