There are many different tools to help with EC2 management. Most are effective at reducing costs, optimizing performance, and enhancing security, but the management process can be time-consuming. In order to achieve your objectives with maximum efficiency, a far better solution is EC2 management by exception.
Enterprise users of Amazon Web Services (AWS) share a common problem—complexity. Not only is the range of AWS services complex (and frequently overlapping), pricing structures are complex, support services are complex, and even management tools are complex.
The pace at which AWS is releasing new features and services (1,430 new features and services in 2017) can be bewildering—so much so that Forbes was prompted to publish an article questioning whether the AWS service sprawl was starting to hurt the cloud ecosystem.
AWS responded by publishing its own article, in which the author likened the choice of services to an industrial supply store for the digital age (Forbes referred to it as a hypermarket for cloud services). It was claimed (by AWS) the wide choice of services provided the building blocks for innovation.
Admittedly, the latest release of features and services is great for innovators looking to build machine learning capabilities or automatic translation capabilities into the applications of the future. But it is not so great for enterprises struggling with the complexity of EC2 management.
As the AWS “service sprawl” has developed, so has the market for tools to help with EC2 management tools. Multiple vendors—including Amazon itself—offer a range of tools to “simplify” EC2 management, reduce costs, optimize performance, and enhance security.
Many of these tools achieve their objectives, but at what cost? System managers can find themselves bouncing back and forth between different tools trying to match the financial demands of one department with the performance requirements of another.
It’s all very time-consuming and complex; and, the larger your organization, the more time-consuming and complex it becomes. If you give a more people administrative access to help ease the burden of EC2 management, you risk creating Shadow IT environments.
The solution is a tool that allows you to manage your EC2 resources and other assets by exception—i.e. using policy-driven automation to maintain the day-to-day governance of your AWS account and addressing violations of your policies when they occur.
Let´s say for example you create a policy that authorization has to be sought before an EC2 instance with more than 8 cores is launched. One of your developers spins up a 16 core EC2 instance and, depending on how you have configured the policy, you can either receive a notification of the policy violation or an approval workflow seeking your authorization.
In scenarios in which security is jeopardized—for example if an EC2 instance is launched with an unauthorized open port—policies can be configured to terminate the instance. Policies can also be configured to execute Lambda functions when suspicious activity is identified—for example you could revoke user access if a large volume of EC2 instances is launched outside normal working hours.
Other policies can be created to enforce financial management rules, cost optimization rules, operational governance rules, performance management rules, asset management rules, and incident management rules, and not just for EC2 instances—the policies can be applied to any assets in your cloud and/or on-premises environment.
Consequently, you or your system managers only have to address incidents that violate the policies you have created—reducing the complexity of EC2 management and the time spent checking on elements of your environment that are working perfectly fine. As well as monitoring activity, solutions that enable you to manage EC2 resources and other assets by exception usually have other benefits.
Typically, the automation element of EC2 management solutions is just one of a number of capabilities. In most cases you will be able to apply policies that alert you to underperforming or over-performing assets that can be rightsized for cost or performance optimization. In some cases, EC2 management solutions also make recommendations about the most appropriate configuration of assets.
Other capabilities include Reserved Instance management, non-production resource scheduling, automatic upgrades to the latest generation instance, and automatic termination of zombie resources such as unattached storage volumes and unused elastic IP addresses. You will also be able to eliminate many cloud security risks due to the insights you get from the solution.
Love the cloud but not loving your cloud spend? Download the 5 Best Practices for Improving Cloud Cost Management eBook.