Amazon EC2 Tips

We have talked about a number of concepts in this book that left open the question of how you actually implement those concepts. In this section, I attempt to put together a few recipes to help you set up and manage your EC2 environments. These tips do not represent the only way to accomplish any of the tasks they support, so there may be alternatives that better fit your needs.

Filesystem Encryption

I have recommended the encryption of your Amazon filesystems. Before you decide to encrypt, you need to balance security needs with filesystem performance. An encrypted filesystem will always be slower than one that is not encrypted. How much slower depends on which underlying filesystem you are using and whether you are leveraging a RAID. I generally use XFS on an encrypted RAID0.

To leverage this tip, you will need to have the cryptsetup package installed. If you want XFS support, you will also need xfsprogs. Under Debian, you need to execute the following as root:

apt-get install -y cryptsetup
apt-get install -y xfsprogs
echo sha256 >> /etc/modules
echo dm_crypt >> /etc/modules

The following Unix script at launch will set up an encrypted XFS volume for the ephemeral volume on an Amazon m1.small instance.

# enStratus passes in an encryption key via a web service at startup # You can pull the encryption key from startup parameters or, for the # ephemeral store, you can even generate it on-demand as long as you # don't expect the need to support rebooting. # At any rate, the ...

Get Cloud Application Architectures now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.