With AWS, you pay only for the services you actually use, so this capability to stretch and contract is important because it means that your organization can spend less money and still end up with just the right amount of services needed.
Even though some members of your organization might fixate on the issue of money, the real value behind the term elastic is time. Keeping your own equipment right sized is time consuming, especially when you need to downsize. Using EC2 means that you can add or remove computing capacity in just a few minutes, rather than weeks or months. Because new requirements tend to change quickly today, the capability to right size your capacity in minutes is crucial, especially if you really do want that pay raise.
As important as being agile and keeping costs low are to an administrator, another issue is even more important: being able to make the changes without jumping through all sorts of hoops. EC2 provides two common methods for making configuration changes:- Manually using the AWS Console
- Automatically using the AWS Application Programming Interface (API)
- CPU
- Memory
- Storage
- GPU
- On Demand: You pay for what you use.
- Reserved Instance: Provides a significantly reduced price in return for a one-time payment based on what you think you might need in the way of service.
- Spot Instance: Lets you name the price you want to pay, with the price affecting the level of service you receive.
AWS also provides distinct security features. The use of these security features will become more detailed as the book progresses. However, here is a summary of the security features used with EC2:
- Virtual Private Cloud (VPC): Separates every instance running on the physical server from every other instance. Theoretically, no one can access someone else's instance (even though it can happen in the real world).
- Network Access Control Lists (ACLs) (Optional): Acts as a firewall to control both incoming and outgoing requests at the subnet level.
- Identity and Access Management (IAM) Users and Permissions: Controls the level of access granted to individual users and user groups. You can both allow and deny access to specific resources managed by EC2.
- Security Groups: Acts as a firewall to control both incoming and outgoing requests at the instance level. Each instance can have up to five security groups, each of which can have different permissions. This security feature provides finer-grained control over access than Network ACLs, but you must also maintain it for each instance, rather than for the virtual machine as a whole.
- Hardware Security Device: Relies on a hardware-based security device that you install to control security between your on-premises network and the AWS cloud.
No amount of security will thwart a determined intruder. Anyone who wants to gain access to your server will find a way to do it no matter how high you build the walls. In addition to great security, you must monitor the system and, by assuming that someone will break in, deal with the intruder as quickly as possible. Providing security keeps the less skilled intruder at bay as well as helps keep essentially honest people honest, but skilled intruders will always find a way in. The severity of these breaches varies, but it can actually cause businesses to fail, as in the case of Code Spaces. A number of security researchers warn that AWS is prone to security lapses. However, don't assume that other cloud services provide better security. Any time you use external services, you take significant risks as well.
A final consideration is the use of storage. Each instance comes with a specific amount of storage based on the kind of instance you create. If the instance storage doesn't provide the functionality or capacity you need, you can also add Elastic Block Store (EBS) support. The main advantage of using EBS, besides capacity and flexibility, is the capability to define a specific level of storage performance to ensure that your application runs as expected.