top | item 41532511

(no title)

Probably not - but by calling out EC2 instances as the way and then failing to mention patching or configuration management, this article loses some credibility for me. These considerations are not optional over any significant length of time, and will cause misery if not planned for.

Bare minimum, script out the install of your product on a fresh EC2 instance from a stock (and up-to-date) base image, and use that for every new deploy.

discuss

leetrout|1 year ago

I strong agree this is the way.

We run Spacelift workers with Auto Scaling Groups and pick up their new image ~monthly with zero hassle since everything is automated.

Raw EC2 is just part of the story...

Edit to add: I also recommend using Amazon Linux unless you _have_ to have RHEL / Cent / Rocky or Ubuntu. Just lean into the ecosystem and you can get so many great features (and yes, I ACK the vendor lock-in with this advice). A really cool feature is the ability to just flip on various AWS services like the systems manager session manager and get SSH without opening ports a-la wireguard.

hjaveed|1 year ago

For patch management particularly with EC2s, we use AWS Systems Manager Patch Manager.... fairly straightforward to setup once you configure a base image

obviously, it's not cloud-native... but if you are using AWS EC2 it works