AWS EC2 Best practices
AWS recommends these best practices to maximize the benefits and satisfaction of EC2
Security & Network
For security group, use the most permissive rules.
Regularly patch, update and secure the operating system, as well as the applications, on the instance
Use identity federation, IAM user and IAM roles to manage access to AWS resources.
Credential management policies and procedures should be established for creating, distributing and rotating AWS access credentials.
If the AWS account has been newly created, VPC will be used by default.
Securely encrypt EBS volumes and snapshots
EC2 supports Instance Store and EBS volumes. It is important to understand the implications for root device type for data persistence and backup.
Separate Amazon EBS volumes should be used for the root device (operating system) and your data.
Ensure that the data volume (with data) persists after an instance termination.
To store only temporary data, you can use the instance store. Keep in mind that data stored in the instance stores is deleted when an instance terminates or is stopped.
Instance Store database storage requires that you have a cluster with a replication factor that guarantees fault tolerance. Resource Management
To track and identify your AWS resources, you can use custom resource tags and instance metadata
Check out your Amazon EC2 limits. You should request any limit increases well in advance of when you will need them.Backup and Recovery
Backup the instance regularly using Amazon EBS snapshots (not automatically) or another backup tool.
Data Lifecycle Manager (DLM), automates the creation, retention and deletion of snapshots taken for back up EBS volumes
To save the configuration as an AMI (Amazon Machine Image) for future instances, create an instance.
Implement High Availability by deploying critical components across multiple Availability Zones and replicating the data accordingly
Respond to and monitor events.
You should design the applications to handle dynamic IP address when the instance is restarted.
Implement failover. As a starting point, you can attach a network interface to a replacement instance.
Refer to references