Consider the meaning of elastic in many of the AWS service names. When you see the word elastic, you should think of the ability to stretch and contract. All the AWS documentation alludes to this fact, but it often makes the whole process sound quite complicated when it really isn’t. Just think about a computer that can stretch when you need more resources and contract when you don’t. With AWS, you pay only for the services you actually use, so this capability to stretch and contract is important because it means that your organization can spend less money and still end up with just the right amount of services needed.
EC2 provides two common methods for making configuration changes:
– Manually using the AWS Console
– Automatically using the AWS Application Programming Interface (API)
AWS provides distinct security features. There is a summary of the security features used with EC2
– Virtual Private Cloud (VPC): Separates every instance running on the physical server from every other instance. Theoretically, no one can access someone else’s instance.
– Network Access Control Lists (ACLs) (Optional): Acts as a firewall to control both incoming and outgoing requests at the subnet level.
– Identity and Access Management (IAM) Users and Permissions: Controls the level of access granted to individual users and user groups. You can both allow and deny access to specific resources managed by EC2.
– Security Groups: Acts as a firewall to control both incoming and outgoing requests at the instance level. Each instance can have up to five security groups, each of which can have different permissions. This security feature provides finer-grained control over access than Network ACLs, but you must also maintain it for each instance, rather than for the virtual machine as a whole.
– Hardware Security Device: Relies on a hardware-based security device that you install to control security between your on-premises network and the AWS cloud.