EC2 and VPC


#1

For Amazon users, are you using plain ec2 or the VPC offering?
Why have you switched to VPC?
Why haven’t you switched to VPC?

For context, there may be a difference between standard corporate enterprises
and fast-moving web-based startups. We are in the latter category and using
chef to provision the servers.


#2

Hi Sam,

One thing to be aware of, if you rely on “knife bootstrap” to provision
servers, is that you need end-to-end connectivity between your workstation
(running knife) and the newly provisioned instance. That’s a given if
you’re using plain EC2, but you’ll need some kind of VPN if you’re using
VPC. Amazon has turnkey support for connecting hardware VPNs to VPC, but
you can provision something software based (eg, openvpn) if you prefer.

Other than that, not all AWS services are available inside VPC, you may
have some additional work to do to ensure redundancy, and there are the
usual tradeoffs between security and complexity. None of that is
specifically related to Chef, though, and I’d think detailed discussion of
those issues would be off-topic for this list…

Zac

On Thu, Feb 28, 2013 at 10:34 AM, Sam Darwin samuel.d.darwin@gmail.comwrote:

For Amazon users, are you using plain ec2 or the VPC offering?
Why have you switched to VPC?
Why haven’t you switched to VPC?

For context, there may be a difference between standard corporate
enterprises
and fast-moving web-based startups. We are in the latter category and
using
chef to provision the servers.


#3

Hey Sam,

Currently we are migrating from EC2 to VPC. This was mostly done because
our AWS rep told us that in the future new services will be available in
the VPC first, then general EC2.

As for working with the VPC there are still a few bugs but for the most
part it is not too difficult. Feel free to ping me privately if you have
questions.

Andrew

On Thu, Feb 28, 2013 at 6:06 AM, Zac Stevens zts@cryptocracy.com wrote:

Hi Sam,

One thing to be aware of, if you rely on “knife bootstrap” to provision
servers, is that you need end-to-end connectivity between your workstation
(running knife) and the newly provisioned instance. That’s a given if
you’re using plain EC2, but you’ll need some kind of VPN if you’re using
VPC. Amazon has turnkey support for connecting hardware VPNs to VPC, but
you can provision something software based (eg, openvpn) if you prefer.

Other than that, not all AWS services are available inside VPC, you may
have some additional work to do to ensure redundancy, and there are the
usual tradeoffs between security and complexity. None of that is
specifically related to Chef, though, and I’d think detailed discussion of
those issues would be off-topic for this list…

Zac

On Thu, Feb 28, 2013 at 10:34 AM, Sam Darwin samuel.d.darwin@gmail.comwrote:

For Amazon users, are you using plain ec2 or the VPC offering?
Why have you switched to VPC?
Why haven’t you switched to VPC?

For context, there may be a difference between standard corporate
enterprises
and fast-moving web-based startups. We are in the latter category and
using
chef to provision the servers.


#4

On 02/28/2013 12:34 AM, Sam Darwin wrote:

For Amazon users, are you using plain ec2 or the VPC offering?
Why have you switched to VPC?
Why haven’t you switched to VPC?

For context, there may be a difference between standard corporate enterprises
and fast-moving web-based startups. We are in the latter category and using
chef to provision the servers.
We’ve started using VPC here too, although now it looks like we’re not
going to be doing much of a migration to AWS that we were planning
originally.
Apart from just the few initial quirks to figure out (e.g. machines in
the non-public subnet can’t access the internet without setting up a NAT
/ route somewhere) it’s looking great, and our security auditor was
rather enthusiastic about us using it over straight EC2 as you’ve go
additional layers of security.
The impression I got from the Tech Sales folk at Amazon was that their
current aim is to make everything VPC and that plain EC2 would be become
a 2nd class citizen at best.

Paul


#5

On 02/28/2013 04:34 AM, Sam Darwin wrote:

For Amazon users, are you using plain ec2 or the VPC offering?
Why have you switched to VPC?
Why haven’t you switched to VPC?

For context, there may be a difference between standard corporate enterprises
and fast-moving web-based startups. We are in the latter category and using
chef to provision the servers.
We’re using AWS VPCs for our new product platform here. We ran into some
initial hiccups getting it started, mostly with the VPN tunnels (Amazon
didn’t support our older Cisco ASA, so we had to get a software solution
up). Once we were through those first issues, though, we haven’t had any
real problems related to being in a VPC, other than some internal tools
that weren’t originally written with VPCs and subnets in mind.

Greg