AWS - EC2: Understanding the Challenges and Solutions
Dwelling further in to the sub topics of AWS Cloud and its pillars - here is what EC2 provides (with simple depictions).
Although EC2 makes business life easy to scale up or down by giving full control on the instances.
It still accounts for below challenges:
1) Resource utilisation
Manage multiple instances so that Costs are not or minimally impacted by large & long running instances.
Solution:
There may be multiple approaches to streamline resources to implement and support cost effective cloud based solutions/applications. I will start with the ones shared here in below:
a) Having a provisioning strategy in place to limit number of instances by using tools such as AWS CloudFormation.
b) Understand what type of instance is needed so that it is best aligned with AWS' four offerings; On-Demand, Dedicated, Spot & Reserved.
c) AWS CloudWatch - shut down what is not needed by detecting unwanted long running instances.
2) Deployment at scale
Hundreds of thousands of running instances could easily become unmanageable and create cluttered environments (who owns which instance, which region is using what & what it is mainly used for).
Solution:
a) As business scales, separating it into different AWS accounts helps to keep control. Policy based management of these accounts can also be achieved through AWS Organisations.
b) Always good to have a tagging strategy to practice. Tags do help in differentiating environments, business units to name few (of course applications as well :-)). AWS CloudFormation comes handy here.
3) Security
Security has always been of utmost importance and with 'Data at the Centre', it is even more critical for businesses to ensure a robust security plan and strategy. Having a public facing instance is such a challenge to manage its access and constant monitor of possible breaches/risks.
Solution(s):
a) GuardDuty monitors AWS workloads and accounts both with intelligent threat detection techniques and even can take automated action(s) to remediate.
b) Put in rules to enforce restrictions for misconfigured instances, specially in case of allowing Public IPs
c) Have compliance and auditing controls in place through AWS CloudTrail to track every user and usage of API.
4) Serverless
Blue sky scenario what if the code can be deployed without the worry of who, when, how and more importantly which instance(s) to be deployed with.
Solution:
AWS Lambda is my favourite for many of its capabilities. Lambda can run the code for any type of applications or even back-end services without having to provision or manage servers.
Of course there are more challenges than what I have tried to put together. But this is the time to involve the readers of this post and seek their experiences and how they go around them to solve in real-world.
