Amazon Elastic Compute Cloud (EC2) provides our virtual machines as a service. In this chapter, we will learn how to secure EC2 instances. We will learn how to launch EC2 instances into custom VPCs. We learned about VPCs in Chapter 5, Network Security with VPC, so we will carry on from where we left off. We will also learn how to configure inbound and outbound access rules with security groups. We will compare security groups against network access control lists (NACLs), which we learned about in Chapter 5, Network Security with VPC. We will use the Systems Manager Parameter Store to store and retrieve data. Then, we will learn how to bootstrap an EC2 instance with commands such as installing patches. Keeping our operating system updated with the latest patches is essential for securing our EC2 instances. We will also learn how we can encrypt data in an Elastic Block Store (EBS) attached to an EC2 instance.

In this chapter, we will cover the following recipes:

• Creating and configuring security groups
• Launching an EC2 instance into a VPC
• Setting up and configuring NAT instances
• Creating and attaching an IAM role to an EC2 instance
• Using our own private and public keys with EC2
• Using EC2 user data to launch an instance with a web server
• Storing sensitive data with the Systems Manager Parameter Store
• Using KMS to encrypt data in EBS