Best practices for Amazon EC2 - Amazon Elastic Compute Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Best practices for Amazon EC2

This list of practices will help you get the maximum benefit from Amazon EC2.


  • Manage access to Amazon resources and APIs using identity federation, IAM users, and IAM roles. Establish credential management policies and procedures for creating, distributing, rotating, and revoking Amazon access credentials. For more information, see IAM Best Practices in the IAM User Guide.

  • Implement the least permissive rules for your security group. For more information, see Security group rules.

  • Regularly patch, update, and secure the operating system and applications on your instance. For more information about updating Amazon Linux 2 or the Amazon Linux AMI, see Manage software on your Linux instance in the Amazon EC2 User Guide for Linux Instances.


  • Understand the implications of the root device type for data persistence, backup, and recovery. For more information, see Storage for the root device.

  • Use separate Amazon EBS volumes for the operating system versus your data. Ensure that the volume with your data persists after instance termination. For more information, see Preserve Amazon EBS volumes on instance termination.

  • Use the instance store available for your instance to store temporary data. Remember that the data stored in instance store is deleted when you stop, hibernate, or terminate your instance. If you use instance store for database storage, ensure that you have a cluster with a replication factor that ensures fault tolerance.

  • Encrypt EBS volumes and snapshots. For more information, see Amazon EBS encryption.

Resource management

Backup and recovery

  • Regularly back up your EBS volumes using Amazon EBS snapshots, and create an Amazon Machine Image (AMI) from your instance to save the configuration as a template for launching future instances.

  • Deploy critical components of your application across multiple Availability Zones, and replicate your data appropriately.

  • Design your applications to handle dynamic IP addressing when your instance restarts. For more information, see Amazon EC2 instance IP addressing.

  • Monitor and respond to events. For more information, see Monitor Amazon EC2.

  • Ensure that you are prepared to handle failover. For a basic solution, you can manually attach a network interface or Elastic IP address to a replacement instance. For more information, see Elastic network interfaces. For an automated solution, you can use Amazon EC2 Auto Scaling. For more information, see the Amazon EC2 Auto Scaling User Guide.

  • Regularly test the process of recovering your instances and Amazon EBS volumes if they fail.


  • Set the time-to-live (TTL) value for your applications to 255, for IPv4 and IPv6. If you use a smaller value, there is a risk that the TTL will expire while application traffic is in transit, causing reachability issues for your instances.