Back to Details

launching-ec2-instance-with-best-practices

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Launching EC2 Instances with Best Practices

遵循最佳实践启动EC2实例

Overview

概述

Domain expertise for launching EC2 instances with sensible defaults optimized for security, cost-efficiency, and operational best practices. Covers AMI selection, instance type recommendation, network configuration, IAM role creation, security group hardening, storage configuration, tagging strategy, and post-launch verification.
领域专业知识,用于以针对安全性、成本效益和运营最佳实践优化的合理默认配置启动EC2实例。涵盖AMI选择、实例类型推荐、网络配置、IAM角色创建、安全组强化、存储配置、标签策略以及启动后验证。

Launch an EC2 instance

启动EC2实例

To launch a fully configured EC2 instance with best-practice defaults, follow the procedure exactly. See EC2 instance launch procedure.
The procedure handles:
  • Intelligent defaults based on workload type and environment
  • Network validation (VPC, subnet, public/private placement)
  • AMI selection with architecture compatibility checks
  • Least-privilege IAM roles for required AWS service access
  • Hardened security groups with minimal port exposure
  • Encrypted gp3 storage with environment-appropriate retention
  • Comprehensive tagging for cost tracking and organization
  • Post-launch verification and connection instructions
要以最佳实践默认配置启动完全配置好的EC2实例,请严格遵循以下步骤。查看EC2实例启动步骤
该步骤包含以下内容:
  • 基于工作负载类型和环境的智能默认配置
  • 网络验证(VPC、子网、公网/私网部署位置)
  • 具备架构兼容性检查的AMI选择
  • 用于所需AWS服务访问的最小权限IAM角色
  • 最小端口暴露的强化安全组
  • 符合环境保留要求的加密gp3存储
  • 用于成本追踪和组织管理的全面标签设置
  • 启动后验证和连接说明

Troubleshooting

故障排除

Insufficient instance capacity

实例容量不足

Try a different availability zone or instance type (e.g., t3a instead of t3). See the full troubleshooting guide in the launch procedure.
尝试更换可用区或实例类型(例如,用t3a替代t3)。请查看启动步骤中的完整故障排除指南。

Instance immediately terminates

实例立即终止

Check console output with 
aws ec2 get-console-output
. Verify EBS volume size is sufficient and AMI is compatible with the instance type.
使用
aws ec2 get-console-output
查看控制台输出。验证EBS卷大小是否足够,以及AMI是否与实例类型兼容。

Cannot connect via SSH

无法通过SSH连接

Verify the security group allows SSH from your IP, key file permissions are 
400
, and the instance is running. Consider AWS Systems Manager Session Manager as an alternative.
验证安全组是否允许来自您IP的SSH访问,密钥文件权限是否为
400
,以及实例是否正在运行。可以考虑使用AWS Systems Manager Session Manager作为替代方案。