The Cloud revolution is well and truly underway, as demonstrated by the 44,000 attendees at the recent Amazon Web Services (AWS) re:invent conference. Many businesses have adopted a Cloud provider like AWS in some form or another.
AWS’s Elastic Compute Cloud (EC2) has been a service offering since 2006. It allows users to launch virtual computing environments on demand. EC2 is one of over 100 services from AWS, and each provides incredible value in your business’ journey to the Cloud.
Many businesses will be in the early stages of their Cloud adoption journey. We have seen some really successful transitions and some…not so great transitions. This post will explore some of the challenges with AWS EC2, and how they can be solved.
Challenges with AWS EC2
Challenge: AWS EC2 makes it easy for businesses to scale. EC2 gives you complete control over your instances, with a range of instance types at your disposal. The challenge in these cases is how you manage the number of instances you have, so that costs aren’t impacted by large, long-running instances.
- Limit the number of acceptable instances, using Infrastructure as Code tools such as AWS’ CloudFormation or Hashicorp’s Terraform as a provisioning strategy. This will help display resource graphs to gain a further insight into your infrastructure.
- Understand the type of instances you require. AWS has four payment options for instances: on-demand, reserved, spot and dedicated. These will significantly reduce cost and help a business understand if EC2 is being used in the right way. For example, if all your instances are dedicated, you are most likely not leveraging the true benefits of the Cloud.
- Use AWS CloudWatch to detect and shut down idle instances. This will remove any long running instances that are not used, and ensure the environment is not cluttered.
Challenge: Whilst EC2 places importance on security, many organisations still face challenges when ensuring that instances are running securely. What happens when you have an instance that is public-facing? Who has access, and how is this monitored?
- Use AWS CloudTrail. This will track all user and API usage. This, as a minimum, will help toward auditing and begin to satisfy compliance controls.
- Create rules that restrict misconfigured instances, such as allowing for Public IPs. These could be integrated into your CloudFormation or Terraform
- Use Amazon GuardDuty to monitor your AWS accounts and workloads. This uses intelligent threat detection to determine any malicious activity, and can take action with automated remediation.
Deploying at Scale
Challenge: Running hundreds (or even thousands) of instances can result in unmanageable and cluttered environments. This can make it difficult to determine who owns which instance, which regions are using it and what it’s being used for.
- As your business scales, separate it into different AWS accounts, to maintain control. AWS Organisations will enable policy-based management for these separate accounts.
- Use CloudFormation or Terraform to enforce a tagging strategy for the separation of environments, applications, business units and more.
Challenge: Businesses will use some of the default Amazon Machine Images (AMIs) provided by AWS. However, as adoption matures, many find that custom configurations need – such as additional users and patching – need to be made.
- Create a process to manage the lifecycle of your AMI, using the default AMIs. Then, use Hashicorp’s Packer, to make further changes to the image.
- Use Cloud Init to handle the early initialisation of an instance. This, along with other config management tools such as Puppet and Ansible, can be used to make custom changes.
Challenge: Managing EC2 instances! What if we could deploy code without worrying about the instances it has to get deployed to?
Solution: Use AWS Lambda. AWS Lambda lets you run code without provisioning or managing servers. With Lambda, you can run code for virtually any type of application or back-end service. Just upload your code, and Lambda will take care of everything required to run and scale your code with high availability. You can set up your code to automatically trigger from other AWS services, or call it directly from any web or mobile app. The learning curve for Lambda can be steep, but once you have passed that barrier, you will never look at code deployment in the same way again.
How to best adopt AWS Cloud
Many of the solutions we’ve mentioned in this post are tools available within AWS. When starting your Cloud journey, it’s important to understand these resources (and the many more) that are available in AWS, to ensure successful implementation.
Some additional general practices that should be considered when adopting any Cloud, include:
Using tools like AWS Cost explorer will enable you to see patterns and trends in your spend over time, that can help you understand Cloud costs. This data can then be used to forecast Cloud costs over the next quarter, which can be used to set budgets for your Cloud spend. Tools like AWS budgets can alert businesses when costs or usage are forecasted to exceed, and provide oversight over where overspend is occurring.
Build with fault tolerance in mind
Nowadays, companies who don’t achieve 99.99% uptime are in risk of grave loss of both business and client trust, simply because they’re not available (usually in a high-traffic periods). Tools such as AWS S3 guarantee 99.99% uptime for your static assets, while services like RDS and CloudFront are designed with failover in mind, to provide HA and data availability at any given time. AWS also publishes regular whitepapers that illustrate how to architect and build resilient applications, helping businesses to decrease infrastructure and ownership costs.
There will always be challenges and learnings involved in the adoption of new technology. To make sure your Cloud migration is as effective, efficient and valuable as possible, it’s important to consider potential challenges and solutions of Cloud configuration, migration and management, before you adopt. Being aware of the challenges your business might experience using AWS or any other Cloud platform will enable you to tackle any issues and recover much more quickly.
If you’re experiencing issues with your AWS implementation, or Cloud infrastructure in general, please get in touch. ECS Digital offers a Cloud Health Assessment to help businesses realise the potential of Cloud and ensure their applications are truly native in the Cloud.