Getting to Know the Elastic Compute Cloud (EC2) AWS Service

By John Paul Mueller

Consider the meaning of elastic in many of the AWS service names. When you see the word elastic, you should think of the ability to stretch and contract. All the AWS documentation alludes to this fact, but it often makes the whole process sound quite complicated when it really isn’t. Just think about a computer that can stretch when you need more resources and contract when you don’t.

With AWS, you pay only for the services you actually use, so this capability to stretch and contract is important because it means that your organization can spend less money and still end up with just the right amount of services needed.

Even though some members of your organization might fixate on the issue of money, the real value behind the term elastic is time. Keeping your own equipment right sized is time consuming, especially when you need to downsize. Using EC2 means that you can add or remove computing capacity in just a few minutes, rather than weeks or months. Because new requirements tend to change quickly today, the capability to right-size your capacity in minutes is crucial, especially if you really do want that pay raise.

Understanding basic EC2 configuration

From a developer perspective, the elastic nature of EC2 enables you to translate your development environment into something that you could only simulate in the past — a test environment in which you can consider the trade-offs presented by various configurations. Having an elastic environment means that you can actually test your application under various conditions so that you can make configuration recommendations based on real-world knowledge.

In addition, you can simulate failure conditions and thereby build a troubleshooting notebook before you release an application to production. Just as you do with your local server, you have choices to make when building an EC2 instance (a single session used to perform one or more related tasks). The instance can have these characteristics:

  • Operating system: Linux or Windows.
  • Instance size: You can size the instance to provide a small number of services or to act as a cluster of computers for huge computing tasks (and everything in between). In fact, you can create optimized instances for tasks that require more resources in the following areas:
    • CPU
    • Memory
    • Storage
    • GPU

As the tasks that you assign to an instance change, so can the instance configuration. You can adjust just the memory allocation for an instance or provide more storage when needed. Most developers don’t worry too much about how much things cost, but that situation changes as you move to the cloud. Your test system will require an investment, so knowing your options could reduce operating costs and make you look better in the boss’s eyes. Here are the pricing models available with EC2:

  • On Demand: You pay for what you use.
  • Reserved Instance: Provides a significantly reduced price in return for a one-time payment based on what you think you might need in the way of service.
  • Spot Instance: Lets you name the price you want to pay, with the price affecting the level of service you receive.

Autoscaling is an EC2 feature that you use to ensure that your instance automatically changes configuration as the load on it changes. Although it represents a great solution for administrators on production systems, it could pose problems for developers in the test environment because you can’t be sure about the characteristics of your test setup. In general, you want to avoid using autoscaling on test systems so that you can maintain firmer control over test conditions.

 

Defining the security setup

AWS also provides distinct security features. Developers are usually well acquainted with most of these features from a programming perspective. However, here is a summary of the security features used with EC2:

  • Virtual Private Cloud (VPC): Separates every instance running on the physical server from every other instance. Theoretically, no one can access someone else’s instance (even though it can happen in the real world (see these details on how hackers have broken into EC2 instances in the past).
  • Network Access Control Lists (ACLs) (Optional): Acts as a firewall to control both incoming and outgoing requests at the subnet level.
  • Identity and Access Management (IAM) Users and Permissions: Controls the level of access granted to individual users and user groups. You can both allow and deny access to specific resources managed by EC2.
  • Security Groups: Acts as a firewall to control both incoming and outgoing requests at the instance level. Each instance can have up to five security groups, each of which can have different permissions. This security feature provides finer-grained control over access than Network ACLs, but you must also maintain it for each instance, rather than for the virtual machine as a whole.
  • Hardware Security Device: Relies on a hardware-based security device that you install to control security between your on-premises network and the AWS cloud.

No amount of security will thwart a determined intruder. Anyone who wants to gain access to your server will find a way to do it no matter how high you build the walls. In addition to great security, you must monitor the system and, by assuming that someone will break in, deal with the intruder as quickly as possible. Providing security keeps the less skilled intruder at bay as well as helps keep essentially honest people honest, but skilled intruders will always find a way in.

The severity of these breaches varies, but it can actually cause businesses to fail, as in the case of Code Spaces. A number of security researchers warn that AWS is prone to security lapses. However, don’t assume that other cloud services provide better security. Anytime you use external services, you take significant risks as well.

Using the standard storage options

A final consideration is the use of storage. Each instance comes with a specific amount of storage based on the kind of instance you create. If the instance storage doesn’t provide the functionality or capacity you need, you can also add Elastic Block Store (EBS) support. The main advantage of using EBS, besides capacity and flexibility, is the capability to define a specific level of storage performance to ensure that your application runs as expected.