AWS EC2 stands for Elastic Compute Cloud and is the most popular Infrastructure as a Service offering by Amazon.  Knowledge of EC2 components and works is fundamental to working in the AWS Cloud.  

Capabilities of AWS EC2

 -Virtual Machine offering (EC2)

 -Virtual data storage Drives (EBS)

 -Distribution of Load or Load Balancing across EC2 Instance (ELB

 -Scaling service via auto-scaling groups (ASG)

EC2 Instance sizing and configuration options must be considered like a normal Data Center Server.  AWS provides standard EC2 sizing for any solution or organizational needs and you can build your own configuration.

 –  OS: Linux, Windows or Mac OS

 –  Number of Computer Cores per Instance (CPU)

 –  Amount of memory per Instance

 –  Storage and Type

  – Network-attached (EBS or EFS)

  – Hardware-attached (Per EC2 Instance)

 –  Number network cards and speeds

                – Public IP address

                – Private IP address

 –  Firewall Rules: security group

 –  Bootstrap script (Configure EC2 Instance): EC2 User Data

EC2 User Data is the startup instructions of your EC2 Instance and can contain:

 –  Installing updates

 –  Installing software

 –  Downloading files, data or update.

 –  Any other organizational processes necessary at startup.

To maintain proper security and access to your AWS environment, it is important that we follow some basic security guidelines.  The following list is not all encompassing.

1.  Never user the root account except for setting up your AWS environment and creating initial IAM Administrators.

2.  Never create share accounts which are used by more than one user.

3.  Avoid assigning permissions to users directly and grant permissions via groups.

4.  Create groups for users and place each user in one or more groups.

5.  Ensure that you create a strong password policy which meets your organizational requirements.

6.  Ensure that you use roles to grant permissions to AWS Services.

7.  Ensure MFA is enabled for all users.

8.  Use only Access Keys for CLI/SDK connections.

9.  Audit unused permissions through IAM Access reports and IAM Credential reports and remove permissions not utilized.

10.  Do not share Access Keys or IAM User credentials.