Check out Newvem cloud insights. We invite you to comment and suggest a new insights.
We would like to offer our community the opportunity to suggest additional cloud insights that you would like to see in your cloud environments. Check out our Insights Channel to learn more about Newvem’s unique insights. We also invite you to Order Your Cloud Insight and take part in developing the next killer insight together with the KnowYourCloud Community.
EBS Volumes are always charged for their provisioned storage, regardless of being attached to an EC2 instance. Therefore, when it comes to volumes that are not attached to an instance, the best practice is to keep only those volumes that will be needed in the future. Keeping volumes you don’t plan to use in the future, or those you just forgot, may contribute to unexpectedly high bills.
Furthermore, those volumes left on the side can become old data, that may be inadvertently misused in the future.
Newvem tracks the usage of your EBS Volumes and identifies those that haven’t been attached to any instance for a significant period. We suggest you consider discarding such volumes if you do not plan to use them.
In order to prevent losing important data, it is essential to back up your EBS Volumes. EBS Snapshots enable the creation of virtual copies of EBS Volumes at a specific point in time. A snapshot comprises data blocks that are incrementally saved to Simple Storage Service (S3), meaning that only the blocks on the device that have changed since your last snapshot are saved. For that reason, EBS Snapshots can be an efficient way to back-up the data in EBS Volumes.
For typical data backup procedures, EBS Snapshots offer an adequate instrument to perform backup of EBS Volumes. When using EBS Snapshots as part of a backup procedure, an important parameter to take into consideration when defining your policy is the frequency of snapshots. Factors like the type of data stored in the EBS volumes, its volatility, the amount of data, and others, are key in determining the frequency in which EBS Snapshots should be created.
In AWS, users are charged for allocated Elastic IPs that are not associated to a running instance nor to a network interface (VPC). Therefore, the best practice is to keep only those IP addresses that will be needed in the future. Allocated Elastic IPs you don’t plan to use in the future, or those you just forgot to release, may contribute to unexpectedly high bills.
Newvem tracks the usage of your allocated Elastic IPs and identifies those that haven’t been in use for a significant period. We suggest you consider releasing those allocated IP addresses if you do not plan to use them.
We have noticed that at least one unnecessary port is open on your DB server, meaning that your DB server is potentially vulnerable. Typically this issue occurs when using the same security groups to secure DB and non-DB servers. We suggest setting security groups specifically for the DB server and limiting access to recommended DB-related ports only.
We have found that you have at least one of your security groups’ IP ports open to all internal AWS servers. This can potentially make some of your servers vulnerable. This issue can occur if one of your security groups was configured to allow access to the following IP range - 10.0.0.1/8.
We suggest limiting access of internal AWS servers to these open ports in one of the following ways:
Newvem monitors your security groups’ ports, and notifies you if it finds that at least one of them is currently open to all IP addresses. An open IP port may mean that some servers are exposed to access from any IP address worldwide, making them vulnerable. We suggest that you reduce the number of open ports to a minimum, limiting access from the outside world only to web-facing services. For example, port 80 for HTTP and port 443 for HTTPS.
It can be risky to publicly share Amazon Machine Images (AMIs), as they may contain sensitive data that you do not want to be publicly accessible.
There are two options:
Newvem monitors your security groups’ critical IP ports, and notifies you if it finds that at least one of them is open. An open critical IP port may mean that some security group servers are exposed to access from public IP addresses, making them vulnerable. We suggest that critical IP ports be locked down, limiting access to critical ports from your private network only.
Newvem continuously monitors servers’ CPU load and notifies on high CPU loads. We consider an average CPU load of 80% and above as a high load. As high CPU load can lead to a major service availability risks, which results in service degradation. In order to protect the system one should consider changing the instance size or implementing a different scaling method. We suggest that you either:
