I’ve been using EC2 since it started because it provides a good value (specifically a reserved m1.small instance is a good value). Every once in a while I’ll talk to some operations person who has serious issues with the platform and the “loss of control” that comes with using a cloud platform like Rackspace or EC2, but the advantages outweigh the disadvantages. When I’m running infrastructure on EC2 there’s just so much bull I can offload to the platform.
It isn’t that I don’t have to worry about failure. Failure happens everywhere. A machine might become unresponsive or a cosmic ray might flip just the right bit in RAM to cause the system to blow up. The real advantage to me is that, if there is a power supply failure, it certainly isn’t my problem. I don’t have to call up some operations drone and hear about how they are back-ordering some part from Dell. Hell, I don’t even care about the underlying hardware. I have an SLA, I have frequent backups, if your hardware decides to blow up tomorrow night, I’m going to simply fire up another instance in a different database.
When I talk to someone who is ordering physical hardware to run in a datacenter, I question their sanity. In 2011, why? I mean unless you are required to maintain physical hardware by some government regulation, or unless you are dealing with national intelligence data. Why would anyone take on the risk of maintaining physical hardware?
Back to Amazon AWS: As easy as it is to spin up new instances in hardware, it is even easier to terminate them, and this is one of the things that has bothered me about Amazon EC2 for years. I can spin up a bunch of critical infrastructure, and if I’m not absolutely careful I can click the wrong button on the AWS Console and terminate an instance.
…and I’ve done this. I’ve fumble fingered the terminate option at 3 AM working on a deadline, stared blankly at the screen as the AWS dashboard tells me an instance is terminating, and unleashed a tidal wave of expletives at the screen. EC2 is great but Amazon should make you do something special to destroy these instances.
Well they fixed it…. finally.
As of who knows when I can now flip a bit on my instances that will prevent me from ever suffering through another “one-click, screw up”. If you activate this bit and you try to terminate the instance, the UI will tell you that the “Termination Protection” status is Enabled.
As with almost everything that happens in EC2, I just discovered this feature by using the EC2 console. Amazon does this to me all the time, a new feature… the exact feature I wanted… it just shows up one day.
Now, this is a step in the right direction, but I’d like Amazon to take this feature one step further. I’d like them to make it impossible to terminate an instance unless you and a colleague are sitting at two terminals separated by at least 20 feet in an underground bunker exchange a series of alphanumeric identifiers that authorize destruction. In other words, I’d like Amazon to make it as difficult to terminate an instance as it is to launch a missile.