Do not configure large number of security group rules in your AWS EC2 instances

AWS_EC2_Instances-Performance_Optimization

IT professionals face a new set of challenges for performance and resource management on a regular basis. Cloud infrastructures are based on sharing highly virtualized resources and operating environments handling a huge amount of workload to support day to day tasks of organizations. Therefore, it is necessary to ensure that the performance of your cloud environment does not degrade, and you can start with a minimum level of optimization in AWS EC2 instances to achieve better throughputs.

How overpopulating your AWS EC2 instances with security group rules decreases cloud performance?

Potentially, users can have hundreds or even thousands of EC2 instances running in their infrastructure. Launching EC2 instances in a VPC (Virtual Private Cloud) allows users to control the security of their associated instances. Users can attach one or more security groups to multiple instances specifying security rules.

In order to ensure higher-level of performance of your cloud infrastructure, it is recommended not to configure EC2-VPC or EC2-classic instances with a large number of security group rules. Configuring AWS EC2 instances with large no. of security group rules increases latency i.e. it leads to a delay in transferring and processing data which severely affects the performance of the cloud infrastructure as most of the workload is deployed on EC2.

How does Centilytics help you?

Centilytics provides a performance optimizing practice which specifies the no. of rules attached to numerous EC2 instances and warns user whenever a large number of security group rules get configured.

It further recommends you to pay attention to the security group rules attached to your EC2 instances and configure them properly to ensure optimized cloud performance. This dedicated insight on security rules applied to EC2 instances helps users in determining the performance of their all EC2 instances running in their cloud infrastructure.

Insight descriptions:

There can be 2 possible scenarios:

Severity Description
 Warning This indication will be displayed when an EC2-VPC instance has more than 50 security rules in the corresponding security group in which it is attached OR if an EC2-classic instance has more than 100 security group rules in the attached security group.
OK This indication will be displayed when an EC2-VPC instance has less than 50 security rules in the corresponding security group in which it is attached.

 

Description of further columns are as follows:

  1. Account Id: This column shows the respective account ID of the user’s account.

    AWS EC2 large number of rules in security group-ss1

  1. Account Name: This column shows the corresponding account name to the user’s account.

    AWS EC2 large number of rules in security group-ss4

  1. Region: This column shows the corresponding region in which the resource exists.

AWS EC2 large number of rules in security group-ss6

  1. Identifier: This column shows the corresponding Security group ID associated with the security group.

    AWS EC2 large number of rules in security group-ss3

  1. Group Name: This column shows the security group name assigned to your respective AWS EC2 instances.

    AWS EC2 large number of rules in security group-ss2

 

  1. No.of rules: This column shows the number of security rules currently present in corresponding the security group.

    AWS EC2 large number of rules in security group-ss5 

Filters applicable:

Filter Name Description
Account Id Applying the account Id filter will display data for the selected account Id.
Region Applying region filter will display data according to the selected region.
Severity Applying severity filter will display data according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for warning and ok severity types
Resource Tags Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., If the user has tagged some resource by a tag named environment, then selecting an environment from the resource tags filter will display all the data accordingly.
Resource Tags Value Applying resource tags value filter will display data which will have the selected resource tag value. For e.g., If the user has tagged some resource by a tag named environment and has given it a value say production (environment: production), then the user will be able to view data of all the resources which are tagged as “environment:production”. The user can use the tag value filter only when a tag name has been provided.

 

Compliances covered:

Compliance Name Reference No. Link
Trusted Advisor https://console.aws.amazon.com/trustedadvisor/home?#/category/performance

 

You can read more about Amazon Elastic Compute Cloud (EC2) here.

LEAVE A REPLY

Please enter your comment!
Please enter your name here