Posts tagged ‘EBS’

Guys from EC2 announced micro instances – it costs 2 (two) cents per hour for linux and now it’s will costs less than traditional dedicated hosting with root access – monthly payment for EC2 micro instance will be about 15 USD, and price for root/linux on dedicated hosting will be about 30 USD/month. It’s really good news – you can have 100 boxes cluster just for two usd per hour! Bad thing is that micro instances don’t have their own disk space – EBS only, looks like this best ever use case for this type of instances will be highly-distributed computational grid with all data stored in RAM. And don’t forget that EBS will costs you some money – $0.10 per allocated GB per month Amazon EBS also charges $0.10 per 1 million I/O requests you make to your volume . Fredrick Poller’s already check out micro instances performance by sysbench : Amazon EC2 Micro instance, how fast is it?.

Guys from Amazon posts in Amazon Web Services Blog interesting document – AWS Security White Paper.
Main points –

  • there’s no backup for data ( EBS, S3, anything), but all data redundantly stored in multiple physical locations
  • for EC2 they have four security levels – host OS ( access : only AWS administrators ),  guest OS ( access : only customers, AWS admins can’t log onto guest OS ),  Firewall ( indirectly configured by customers, AWS admins also have access ) , Amazon EC2 API ( access : only customers ).
  • all guest OS running by hypervisor XEN – so instances have no direct access to hardware resources, and can’t read-write any data which owned another instances – including network packets, disk devices and memory.
  • network traffic ( for different instances ) can not be sniffed, external DDoS secured by firewal, port scanning inside network prohibited by Acceptable Use Policy ( customer will be blocked for this, I suppose ), instances can’t use IP spoofing ( because of hypervisor Xen :-). Anyway, Amazon reccomend to use SSL for network connections.
  • Security in S3 and SimpleDB based in ACL ( access control list ) – only data owner may edit access permission.
  • All data in S3 and SimpleDB stored ‘as is’ without any encryption. If you want to be more secure – you should store encrypted data – “Encrypting before sending to SimpleDB guarantees that no party, including AWS, has access to sensitive customer data”.  Once you delete data from S3 or SimpleDB all external links to them will be unaccessible – “area is then made available only for write operations and the data is overwritten by newly stored data”.  S3 and SimpleDB nodes use SSL for network connection, so there’s no chances for Man-In-The-Middle attack.