3 min read
Provision compliant Amazon EC2 Instances On-Demand
Samrat Priyadarshi : Nov 11, 2020 11:44:00 AM
Amazon EC2 instances are the most consumed compute instances in the cloud today. It takes about 15 steps to provision and continuously manage a compliant server. As customers scale up their EC2 consumption to tens and even thousands of instances, traditional provisioning methods can lead to cost overruns as well as compliance and security issues. In this blog Samrat Priyadarshi (Sam) – Sr. Cloud Solutions Architect at MontyCloud explains how you, as an IT administrator, can enable your users to deploy compliant Amazon EC2 instances on-demand through a self-service portal and automate routine management tasks at the time of deployment with DAY2.
– Sabrinath S. Rao
Amazon Elastic Compute Cloud instances (EC2) powers the majority of the applications and workloads on Amazon Web Services (AWS). However, spinning up a virtual machine (VM) that meets your applications’ needs, always conforms to your organizations’ compliance, security and cost policies and is easily manageable, involves at least ten steps. IT teams regularly have to enable their application teams to provision VMs on demand. For example, one of our customers has over 10,000 active servers in their server fleet. Some VMs are persistent and run for months while others such as dev/test VMs are temporary and run only for hours. How can cloud infrastructure IT teams ensure consistency and compliance while enabling their application teams to be agile?
On-demand provisioning and operations automation through deployment templates is the best way to scale. In this blog, I will share how MontyCloud enables IT teams to be responsive while also driving down costs and enforcing granular compliance through the DAY2 Amazon EC2 deployment templates.
Provisioning Operations Ready Virtual Machines At Scale Can Be Complex:
Users and developers have the flexibility of multiple configuration choices while deploying a virtual machine. Let us look at the step’s users have to execute to deploy a compliant server.
- Select the correct account and region
- Select the right instance type and ensure it has the right amount of compute and memory
- Ensure the instance type follows the corporate cost policies
- Pick the operating system – Windows or one of the corporate approved Linux distributions
- Configure the appropriate autoscaling groups
- Deploy the VM within the right Virtual Private Cloud (VPC) boundaries
- Stay up to date with currently approved patches
- Configure SSO and/or grant user rights with relevant AWS Identity & Access Management (IAM) policies
- Turn on AWS CloudTrail Logs
- Connect the VM to its primary storage such as Amazon Elastic Block Storage (EBS)
- Discover and classify the VMs into the departments and/or central IT’s inventory systems
- Configure snapshots and other routine operations such as adding or deleting users
- Monitoring, alerting and performing remediations
- Enabling secure RDP/Session access to Servers
- Routine operations such as tag management, up/down time schedule management etc.,
These can be daunting for the users, a management challenge for the IT teams and unknown cost variables for the finance teams.
DAY2 EC2 Blueprint(s) help central IT teams enable their users to deploy compliant VMs on demand
MontyCloud simplifies the process for deploying Amazon EC2 instances with well-architected blueprints. Central IT teams can enable their application teams and users to deploy compliant server fleets on-demand through a self-service portal with the DAY2 EC2 Blueprint.
As an IT administrator you can create multiple versions of the same configuration, with pre-approved accounts and regions. For example, you can have a pre-approved version for dev/test where only your users who have permissions to deploy in the dev/test account. They can use the blueprint and a version with the configuration setting such as VPC boundaries and user entitlements for production environment.
The EC2 Blueprint is built on AWS CloudFormation using AWS Well-Architected principles. The blueprint comes with built in task automations that you can execute immediately or schedule the action, against a single instance or an instance group. These include:
- Start instance(s)
- Stop instance(s)
- Terminate instance(s)
- Restart Instance(s)
- Create snapshots
- Scan instance(s) for patch levels/configuration drifts
- Patch instance(s)
- Create an image
- Execute desired server state policies
- Configure AWS CloudWatch events
You can also upload your custom tasks as python scripts or AWS Automation Documents.
Now, central IT teams can preconfigure approved AWS Accounts, Regions, Instance Types and VPC boundaries. IT teams can also apply and enforce OS configuration and patch compliance, and cost policies. Central IT teams can create multiple configurations by user/department/application type and make these deployment options available on demand to their users through a self-service portal. Once a compute instance is deployed, DAY2 instantly discovers the instance and makes the instance manageable.
Provisioning is the first step to a Well-Managed Server
Consistent on-demand provisioning can improve productivity by 30% or more and build the pathway to run more secure and cost-efficient servers. It also sets you up for Well-Managed Server operations including autonomous desired server state configuration enforcement, patch management at scale, monitoring, alerting, compliance reporting, automation of routine tasks such as cost-saving scheduled shutdown operations, snapshot creation and remote session access and RDP access without the burden of SSH keys or bastion hosts. This blueprint is available through a DAY2 Well-Architected Cloud subscription.