Category: Amazon EC2

VM Import/Export Now Supports Windows 2012

The VM Import/Export feature gives you the power to import existing virtual machine images to Amazon EC2 instances and to export them back to your on-premises environment. You can move images to hasten and simplify your migration from on-premises to the AWS cloud or as part of a disaster recovery model.

Import & Export Windows Server 2012 Images
I am happy to announce that you can now import and export Windows Server 2012 images to EC2. This is generally done with the EC2 API tools; however, you can use the Amazon EC2 VM Import Connector for VMware vCenter if you use VMware.

AWS will provide the appropriate Microsoft Windows Server license key for the imported image. Your on-premises key will not be used in the cloud and you are free to use it for other Windows Server images that are still running in your on-premises environment.

The EC2 documentation contains complete information on the steps that you need to take to perform an import or export operation.

Windows Import Enhancements
In addition to adding support for Windows Server 2012, VM Import has also made a few improvements to the import process for customers importing Windows Server 2003 and Windows 2008 images.  Amazon EC2 instances created from Windows VMs will now benefit from having EC2Config installed by default and from having the latest-generation Citrix PV drivers.

Start Today
Support for Windows Server 2012 is available now and you can start using it today.

You can also import Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Red Hat Enterprise Linux, CentOS, Ubuntu, and Debian images; see the VM Import Prerequisites and Before You Get Started section of the documentation for additional information.

— Jeff;

Red Hat Enterprise Linux Now Available on AWS GovCloud (US)

The AWS GovCloud (US) Region is an isolated AWS Region designed to allow US government agencies and customers to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements.

Today we are making Red Hat Enterprise Linux (which everyone calls RHEL), available in the AWS GovCloud (US) Region.

Red Hat Enterprise Linux was designed for secure, enterprise computing. The Security-Enhanced Linux (SELinux) capabilities found in RHEL have fostered adoption across many agencies of the United States government.

With a total of 15 Common Criteria certifications across four hardware platforms, RHEL is one of the industry’s most certified operating systems. Today’s launch of RHEL in AWS GovCloud (US) means that government users can now standardize on a single operating system for on-premises and cloud-based deployments.

Update: I have received several questrions about the ITAR restriction shown in the image above. Here’s some background information:

Red Hat Enterprise Linux customers on AWS GovCloud (US) receive full support from Amazon Web Services, which is backed by Red Hat’s award-winning Global Support Services. Because Red Hat is not currently equipped to accept export controlled materials (ITAR), Amazon Web Services and Red Hat customers must verify that any data provided to Red Hat is compliant with any export controls that may apply. For more information, please see

— Jeff;

Amazon EC2 Console Improvements

We have made some important improvements to the EC2 Management Console. Late last year we introduced the Launch Instance Wizard and AWS Marketplace Integration. We also updated the look and feel of key console pages.

Today we are updating the remaining pages of the console with a new look and feel and a host of new features.

In order to see the new and updated pages, simply click the Try it out link after you open the console:

Let’s take a look at the new features!

Cloning Security Group Rules
You can now copy the rules from an existing security group to a new one by selecting the existing rule ad choosing Copy to new from the Actions menu:

Managing Outbound Rules in VPC Security Groups
You can now edit the outbound rules of a VPC Security Group from within the EC2 console (this operation was previously available from the VPC console):

Deep Linking Across EC2 Resources
The new deep linking feature lets you easily locate and work with resources that are associated with one another. For example, you can move from an instance to one of its security groups with a single click:

Compare Spot Prices Across AZs
The updated Spot Pricing History graph makes it easier for you to compare Spot prices across Availability Zones. Simply hover your cursor over the graph and observe the Spot prices across all of the Availability Zones in the Region:

Tagging of Spot Requests
You can now add tags to requests for EC2 Spot instances:

Updated Pages
The Events, Spot Requests, Bundle Tasks, Volumes, Snapshots, Security Groups, Placement Groups, Load Balancers, and Network Interfaces pages now use the new look and feel.

— Jeff;

Elastic Load Balancing – Perfect Forward Secrecy and Other Security Enhancements

My colleague Lesley Mbogo has some good news for users of the AWS Elastic Load Balancing service.

— Jeff;

We have made several enhancements to Elastic Load Balancing (ELB) to further improve the security of your application traffic, making it easier for you to better protect the confidential data and privacy of your users.

Today, website operators are expanding encryption across their applications and are often using HTTPS by default to secure all web traffic. As this trend continues, many AWS customers will rely on ELB to terminate HTTPS/SSL traffic at the load balancer in order to avoid having to run the CPU-intensive decryption process on their EC2 instances:

Last year, we added support for the TLS 1.1 and 1.2 protocols, the latest industry standards for encrypted communication. We are now adding three new features to help you manage secure communications for your applications:

  • Support for Perfect Forward Secrecy
  • Server Order Preference
  • A New predefined security policy

Support for Perfect Forward Secrecy
Since privacy protection is becoming increasingly important, we have added support for Perfect Forward Secrecy. This security feature uses a derived session key to provide additional safeguards against the eavesdropping of encrypted data. This prevents the decoding of captured data, even if the secret long-term key is compromised.

To begin using Perfect Forward Secrecy, configure your load balancer with the newly added Elliptic Curve Cryptography (ECDHE) cipher suites. Most major browsers now support these newer and more secure cipher suites. Our next feature enables your load balancer to prefer using these stronger cipher suites for communication.

Server Order Preference
When establishing a secure connection, the server and client must agree on a common cipher suite from a prioritized list of ciphers that they both support. Given that some clients may have unsafe or outdated preferences, the load balancer can be configured to have the final say in the selected cipher suite.

By enabling the Server Order Preference feature, the load balancer will select a cipher suite based on the servers prioritization of cipher suites rather than the clients. This gives you more control over the level of security that clients use to connect to your load balancer.

New Predefined Security Policy
We know that configuring SSL parameters for secure connections can be a complicated process, involving selection of protocols, cipher suites, and other options. Choosing the right set of parameters requires you to strike a reasonable balance between security and compatibility; you want to achieve high security using newer protocols, but avoid ungracefully rejecting clients that may only support older and less secure ciphers, as many clients do today.

We have made it simpler for you to configure your load balancer by combining all the new security features announced today into a predefined security policy that adheres to AWS security best practices. The policy includes the latest security protocols (TLS 1.1 and 1.2), enables server order preference, and offers high security ciphers while maintaining compatibility with a wide range of clients.

Getting started is easy. Simply use the AWS Management Console to select ELBSecurityPolicy-2014-01:

If you prefer to manually choose ciphers and protocols, you can continue to use a Custom Security Policy.

Lastly, we have also simplified the CLI (and API) so that you can reference any of the predefined security policies such as the ELBSecurityPolicy-2014-01. Previously, you could only emulate the predefined security policy by enumerating each SSL attribute and setting its value.

$ elb-create-lb-policy  myELBName        \
  --policy-type SSLNegotiationPolicyType \
  --policy-name=mySSLPolicyName        \
  --attribute "name=Reference-Security-Policy, value=ELBSecurityPolicy-2014-01"

$ elb-set-lb-policies-of-listener  myELBName \
  --lb-port 443 \
  --policy-names mySSLPolicyName,[PolicyName2,...]

To learn more about the new SSL enhancements, visit the Elastic Load Balancing Developer Guide.

— Lesley Mbogo, Senior Product Manager

Amazon EC2 Instance Usage and Reserved Instance Utilization Reports

Amazon EC2 gives you the power to launch On-Demand Instances and pay by the hour. You can also purchase Reserved Instances to lower costs and reserve capacity, and you can bid for spare capacity by using Spot Instances (see the Instance Purchasing Options page for more information). With all of this flexibility at your fingertips, tracking your usage of instances and utilization of your Reserved Instances can be time consuming.

Today we are making this process a whole lot easier by introducing a pair of interactive usage reports that you can access from within the AWS Management Console! These reports will give you insights into your instance usage and your usage patterns, and will provide you with information that you need to optimize your EC2 usage.

To enable these reports, simply enable Detailed Billing Reports With Resources and Tags for your account. Then open up the Reports tab of the Billing Console. From there you can look at the EC2 Instance Usage Report and the EC2 Reserved Instance Utilization Report. You can customize the reports by choosing the granularity and the time frame the report; you can also filter the data. Once you have customized these views, you can bookmark them for later reuse.

Note: The Instance Usage and Reserved Instance Utilization reports will become available a few hours after you enable Detailed Billing With Resources and Tags.

EC2 Instance Usage Report
The EC2 Instance Usage Report displays historical usage and cost data for EC2 instances. You can control the time frame and granularity (monthly, daily, or hourly) of the report and you can filter on a number of instance attributes including availability zone, instance type, purchase option, consolidated billing account, tag, and platform:

Select the desired options and press the Update Report button to see a graph and a data table:

You can download the data in CSV form, and you can also download the graph as an image.

EC2 Reserved Instance Utilization Report
The EC2 Reserved Instance Utilization Report displays hourly and total costs for your Reserved Instances, including cost savings when compared to On-Demand instances. It also displays average and maximum utilization rates for your Reserved Instances with respect to the selected time range.

You can also drill down and see detailed data for your Reserved Instances by adding them to the graph. As is the case with the Instance Usage Report, you can download the data and the graph for additional analysis and reporting.

IAM User Access
You can control access to these reports through IAM policies.  By default, root accounts will have access to both reports and the necessary EC2 APIs.  You can grant access to the reports with the following policy:

  "Version": "2012-10-17",
  "Statement": [
      "Action": "ec2-reports:*",
      "Effect": "Allow",
      "Resource": "*"

You can get started with the new reports today. Check out the EC2 usage report documentation to learn more.

— Jeff;

AWS Update – New M3 Sizes & Features + Reduced EBS Prices + Reduced S3 Prices

I’ve got lots of great AWS news today! Here’s a summary:

  • M3 instances are now available in two additional sizes.
  • Several additional features are now available for newly launched M3 instances.
  • Prices for S3 storage have been reduced by up to 22%.
  • Prices for EBS Standard volume storage and I/O operations have been reduced by up to 50%.

Let’s take a closer look!

M3 Instance Type News
We announced the M3 instance type a little over a year ago. Our customers and our partners have found them to be very attractive. For example, a wide variety of top software is available to run on M3, with offerings such as aiScaler, Syncsort, Riak, NITRC available with 1-click deployment on AWS Marketplace

The M3 is our Second Generation General-purpose EC2 instance type. They have a balance of CPU power, RAM, and networking capacity that is suitable for a very wide variety of applications. Today we are making the M3 instance type even more useful, with support for two new instance sizes and some new features.

New Instance Sizes
We are adding medium and large M3 instances. Here’s the full lineup:

Instance Name vCPU Count RAM Instance Storage (SSD) Price/Hour
m3.medium 1 3.75 GiB 1 x 4 GB $0.113
m3.large 2 7 GiB 1 x 32 GB $0.225
m3.xlarge 4 15 GiB 2 x 40 GB $0.450
m3.2xlarge 8 30 GiB 2 x 80 GB $0.900

The M3 instances feature high frequency Intel Xeon E5-2670 (Sandy Bridge or Ivy Bridge) processors.

When compared to the venerable M1 instance type, the M3 instances offer higher clock frequencies, significantly improved memory performance, and SSD-based instance storage, all at a lower price. If you are currently using M1 instances, switching to M3 instances will provide your users with better and more consistent performance while also decreasing your AWS bill. We reduced the prices for the M3 instances late last year and they are now more cost-effective than the M1 instances.

SSD-Based Storage
As you can see from the table above, the M3’s now include fast, SSD-based instance storage. You can add instance storage for M3 instances by specifying block device mappings in the instance launch parameters.

Instance Store-Backed AMIs
M3 instances have always supported launching from EBS-backed AMIs. They now support the use of instance store-backed AMIs (previously known as S3-backed AMIs) as well. This will allow you to make use of older AMIs that have not been converted to the newer, EBS-backed format. To learn more about the two types of AMIs, read the EC2 Root Volume documentation.

The new sizes and features are available in all of the public AWS Regions. They are not yet available in AWS GovCloud (US); however, the original M3 instance sizes (m3.xlarge and m3.2xlarge) are already available in GovCloud.

S3 Price Reduction
We are reducing the price for Amazon S3 storage in all Regions by up to 22%, with a proportionate reduction in the price of Reduced Redundancy Storage (RRS). Here are the new prices for Standard Storage in the US Standard Region (see the New S3 Pricing page for more information):

Tier Old Price (/GB/Month) New Price (/GB/Month) Change
0-1TB $0.095 $0.085 -11%
1-50TB $0.080 $0.075 -6%
50-500TB $0.070 $0.060 -14%
500-1000TB $0.065 $0.055 -15%
1000-5000TB $0.060 $0.051 -15%
5000TB+ $0.055 $0.043 -22%

The new pricing take effect on February 1, 2014 and will be applied automatically.

EBS Price Reduction
We are reducing prices for Elastic Block Store (EBS) Standard volume storage and I/O requests across all AWS Regions. The reductions vary by Region, and are as high as 50% in some locations. Here’s the new pricing in the US East (Northern Virginia) Region:

EBS Standard Volumes Old Price New Price Change
GB-Month of Provisioned Storage $0.10 $0.05 -50%
1 Million I/O Requests $0.10 $0.05 -50%

Again, the new pricing takes effect on February 1, 2014 and will be applied automatically. See the New EBS Pricing page for additional information.

— Jeff;

Hosting Minecraft Realms on AWS

Minecraft appears to be the gaming and visual building environment of choice for today’s youth! Pretty much everyone I know in the 8-18 age range admits to spending a lot of time in-world. The game’s outward simplicity hides an environment of considerable richness and complexity, with many interesting emergent properties.

The game runs in single and multiplayer mode. In the latter mode, you can host and run your own server for you and your friends, or you can use a commercial or freely available multiplayer host. Running your own server brings with it all of the usual issues — maintenance, scaling, security, and upgrades. You can avoid these issues by using a multiplayer hosting service. The hosts remove the administrative burden and make it possible for more fans to enjoy and to play multiplayer games.

Minecraft Realms is a new multiplayer hosting service from Mojang, the creators of Minecraft. It was designed to help people who don’t want to deal with all of the technical aspects of hosting. Each realm can accommodate up to 20 friends, 10 of which can be playing at any given time. The service is offered on a subscription basis, and is currently available to players in Sweden, with plans to expand availability in early 2014.

In order to prepare for the expected onslaught of players, the development team at Mojang decided to host Realms on AWS. I chatted with Chief Architect Daniel Frisk (pictured at right) to learn more about why and how they did this.

The team was impressed by the ease with which they were able to get started on AWS. They enjoyed the fact that they didn’t have to make an investment in development or production hardware, and looked forward to being able to scale their systems as needed once they were in production.

Assisted by the AWS Solution Architects, the team decided to make use of the following AWS services:

The architecture is clean and simple, with three distinct types of servers:

  • Frontend – Handles communication with clients and serves dynamic web pages.
  • Manager – Manages the controllers, starting and stopping them as required; collects data & statistics.
  • Controller – Runs the Minecraft game servers.

Daniel was kind enough to share the architecture with me:

The architecture was designed for scalability and high availability. Controllers hosting the game are added and removed in response to changes in demand, and there’s no single point of failure.

The Minecraft client applications require low-latency access to the Realms servers. In order to meet this need, servers are run across multiple AWS Regions (see the AWS Global Infrastructure page for more information).

Minecraft worlds and game state are stored in Amazon S3. The system takes advantage of S3 versioning, giving the owner / administrator of a realm the ability to roll back to a previous state. The team implemented efficient transfers to S3 by using S3’s multipart upload capabilty.

— Jeff;

PS – If you are interested in building and hosting a game of your own on AWS, please take a look at our game hosting page.

Amazon EC2 HI1 Instance Price Reduction & Spot Availability

I am happy to announce a reduction in the On Demand and Reserved Instance (RI) prices for EC2’s HI1 (First Generation High I/O Performance) instances in select AWS regions, effective December 1, 2013, along with availability in the form of Spot Instances

The HI1 instances feature 16 vCPUs (Virtual CPUs), 60.5 GiB of RAM, 2 TB of SSD-backed instance storage, and 10 Gigabit Ethernet connectivity, including support for cluster placement groups. You can learn more about them in the blog post that I wrote when we launched this instance type late last year.

Price Reduction
The On Demand prices for Linux and Windows instances have been reduced by 10% for HI1 instances in EU (Ireland) and Asia Pacific (Tokyo).This change takes effect on December 1, 2013.

We are also reducing Reserved Instance (RI) pricing for HI1 – Linux and Windows instances by 10% for HI1 instances in EU (Ireland) and Asia Pacific (Tokyo). New Reserved Instance prices will only apply to Reserved Instances purchases made on or after December 1.

Spot Instances
You can now bid for HI1 instances on the Spot market in the US East (N. Virginia), US West (Oregon), EU (Ireland)  and Asia Pacific (Tokyo) regions.

— Jeff;


Amazon EC2’s New I2 Instance Type – Available Now!

Late last month I gave you a sneak peak at our newest EC2 instance type, the I2. These instance types are available today, in four sizes across seven AWS regions.

The I2 instance type was designed to host I/O intensive workloads typically generated by relational databases, NoSQL databases, and transactional systems. The largest I2 instance type can deliver over 365K random reads per second and over 315K random writes per second, both measured with a block size of 4 KB. With four instance sizes, you can start small and scale up as your storage and I/O needs grow.

This is our second generation High I/O instance type, picking up where the HI1 instance left off. In comparison to the HI1 instance type, members of the I2 family offer faster processors, three additional instance sizes, a doubling of the amount of memory per vCPU, and 56% more SSD-based instance storage.

The Specs
Here are the instance sizes and the associated specs:

Instance Name vCPU Count RAM
Instance Storage (SSD) Price/Hour
i2.xlarge 4 30.5 GiB 1 x 800 GB $0.85
i2.2xlarge 8 61 GiB 2 x 800 GB $1.71
i2.4xlarge 16 122 GiB 4 x 800 GB $3.41
i2.8xlarge 32 244 GiB 8 x 800 GB $6.82

The prices shown above are for On-Demand instances in the US East (Northern Virginia) and US West (Oregon) regions; see the EC2 pricing page for full information.

The instances are available in On-Demand and Reserved form in the US East (Northern Virginia), US West (Oregon), US West (Northern California), EU (Ireland), Asia Pacific (Singapore), Asia Pacific (Tokyo), and Asia Pacific (Sydney) regions.

I2 instances support Hardware Virtualization (HVM) AMIs only. In order to obtain the best I/O performance from these instances, you should use the Amazon Linux AMI 2013.09.02 or any Linux AMI with a version 3.8 or newer kernel. Older versions of the kernel will exhibit lower I/O performance when used with I2 instances.

CPU Power
Each vCPU (Virtual CPU) is a hardware hyperthread on an Intel E5-2670 v2 (Ivy Bridge) processor. The processor supports the AVX (Advanced Vector Extensions), along with Turbo Boost and NUMA.

NUMA (Non-Uniform Memory Access) speeds access to main memory by optimizing for workloads where the majority of requests for a particular block of memory come from a single processor. By enabling processor affinity (asking the scheduler to tie a particular thread to one of the processors) and taking care to manage memory allocation according to prescribed rules, substantial performance gains are possible.

Enhanced Networking
All four sizes of the I2 instance type benefit from our new Enhanced Networking feature. When you launch these instances inside of a Virtual Private Cloud (VPC), you will enjoy low latency, low jitter, and the ability to move a very large number of packets per second (PPS). In order to take advantage of this important feature, you will need to use an HVM AMI with the proper drivers installed (read our documentation on Enabling Enhanced Networking to learn more).

The three smallest instance types also support EBS Optimization, with dedicated network throughput from the instance to Amazon EBS.

SSD Storage
As you can see from the table above, the I2 instances include a copious amount of SSD storage, ranging from 800 gigabytes on the i2.xlarge all the way up to 6.4 terabytes on the i2.8xlarge.

The SSD storage now supports TRIM functionality, which improves performance when the SSD handles a series of successive write operations.

Go For Launch
As I mentioned earlier, these instance types are available now in seven AWS regions and you can start to use them right now.

— Jeff;


AWS Console for iOS and Android Now Supports AWS OpsWorks

The AWS Console for iOS and Android now includes support for AWS OpsWorks.

You can see your OpsWorks resources — stacks, layers, instances, apps, and deployments with the newest version of the app. It also supports EC2, Elastic Load Balancing, the Relational Database Service, Auto Scaling, CloudWatch, and the Service Health Dashboard.

The Android version of the console app also gets a new native interface.

OpsWorks Support
With this new release, iOS and Android users have access to a wide variety of OpsWorks resources. Here’s what you can do:

  • View and navigate your OpsWorks stacks, layers, instances, apps, and deployments.
  • View the configuration details for each of these resources.
  • View your CloudWatch metrics and alarms.
  • View deployment details such as command, status, creation time, completion time, duration, and affected instances.
  • Manage the OpsWorks instance lifecycle (e.g. reboot, stop, start), view logs, and create snaphsots of attached Volumes.

Take a Look
Here are some screen shots of the Android console app in action. The dashboard displays resource counts and overall status:

The status of each EC2 instance is visible. Instances can be rebooted, stopped, or terminated:

CloudWatch alarms and the associated metrics are visible:

Each OpsWork stack is shown, along with any alarms:

Full information is displayed for each database instance:

And for each Elastic Load Balancer:

There’s also access to Auto Scaling resources:

Download Today
You can download the new version of the console app from Amazon AppStore, Google Play, or iTunes.

— Jeff;