AWS EC2 Best Practices

Udemy June Discount Braincert-AWS-Certified-SA-Professional-Practice-Exam

AWS recommends the following to get maximum benefit and satisfaction from EC2

Security & Network

  • Implement the least permissive rules for your security group.
  • Regularly patch, update, and secure the operating system and applications on your instance
  • Launch your instances into a VPC instead of EC2-Classic (If aws account is newly created VPC is used by default)
  • Manage access to AWS resources and APIs using identity federation, IAM users, and IAM roles
  • Establish credential management policies and procedures for creating, distributing, rotating, and revoking AWS access credentials


  • EC2 supports Instance store and EBS volumes, so its best to understand the implications of the root device type for data persistence, backup, and recovery
  • Use separate Amazon EBS volumes for the operating system (root device) versus your data.
  • Ensure that the data volume (with your data) persists after instance termination
  • Use the instance store available for your instance to only store temporary data. (Remember that the data stored in instance store is deleted when you stop or terminate your instance)
  • If you use instance store for database storage, ensure that you have a cluster with a replication factor that ensures fault tolerance.

Resource Management

  • Use instance metadata and custom resource tags to track and identify your AWS resources
  • View your current limits for Amazon EC2. Plan to request any limit increases in advance of the time that you’ll need them.

Backup & Recovery

  • Regularly back up your instance using Amazon EBS snapshots (not done automatically) or a backup tool.
  • Implement High Availability by deploying critical components of the application across multiple Availability Zones, and replicate the data appropriately
  • Monitor and respond to events.
  • Design your applications to handle dynamic IP addressing when your instance restarts.
  • Implement failover. For a basic solution, you can manually attach a network interface or Elastic IP address to a replacement instance
  • Regularly test the process of recovering your instances and Amazon EBS volumes if they fail.


One thought on “AWS EC2 Best Practices

Leave a Reply

Your email address will not be published. Required fields are marked *