

Ask HN: Best practices for small web app in the cloud - aquark

I am looking to release a small side-project web app hosted on EC2, initially using the new micro instances.  This will be a mono based web app with a MySQL backend.  I know this won't handle much load, but I'd like to encounter that problem before throwing more resources at it!<p>I am looking at running two instances to separate the db and the web server.  Is it critical to set up some kind of VPN/tunnel for them to talk, or just set the security settings based on IP address?<p>In general, any recommendations or best practices for backups and security in this configuration.  Daily snapshots are great for the regular backups, but how should I achieve more timely backups for the database?
======
imp
> I am looking at running two instances to separate the db and the web server.
> Is it critical to set up some kind of VPN/tunnel for them to talk, or just
> set the security settings based on IP address?

From my experience, you don't need a VPN. Something like what this article
mentions should work just fine: [http://www.cyberciti.biz/tips/how-do-i-
enable-remote-access-...](http://www.cyberciti.biz/tips/how-do-i-enable-
remote-access-to-mysql-database-server.html)

For backups, you should set up your database on an EBS volume and you can then
run a cron script to take snapshots on a regular basis. Could be hourly even,
because it freezes the database instantly and allows it to continue operating
with minimal delay. I have a 2 GB database that I snapshot in under a second.
This is the ultimate article on using MySQL on EC2:
[http://developer.amazonwebservices.com/connect/entry.jspa?ex...](http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1663)

I did a two server setup on Amazon, and it was nice because you can scale up
the web and db servers separately, depending on where the load is. It's also a
lot easier to debug system related issues because you've already narrowed down
half the possible search space. Make sure CloudWatch is enabled, because
that's invaluable. I scaled up to an extra large web server and extra large
high-cpu database server, and that handled up to roughly 600 req/sec for my
PHP app.

For security, I'm not an expert so I can't give much advice here, but EC2 at
least does a good job of restricting access on all ports by default. When you
set up your servers, make sure to punch a hole in your security group for port
3306 so that MySQL can connect between the two.

------
aeden
I'd recommend you don't start with EC2, it's too expensive for what you get.
Go to Linode or even a VPS provider. Look for the least expensive thing you
can use while still operating.

Second, use something like Chef to define your operational environments so
that later if you do need to move to something else you've already got the
automation to do it with as little effort as possible.

~~~
aquark
I can see EC2 gets expensive for larger instances, but the micro instances
make the economics more favourable. FWIW this is a low bandwidth app as well.

For testing I can spin the server up and down as I need and literally pay per-
hour (+ the storage cost). As far as I can tell providers like Linode don't
provide that level of flexibility.

Thanks for the suggestions about Chef
(<http://wiki.opscode.com/display/chef/Home>) I hadn't come across it before.

------
jlintz
If you are using EC2, expect your instances to randomly disappear and possibly
not come back. I'd have a warm standby for your database and definitely have
backups using either s3 or EBS. As someone else mentioned, you may be better
off starting with linode or <insert favorite VPS company> and as you grow
start planning on moving to ec2 if needed

------
paulsingh
I run a similar setup on the Rackspace Cloud (1 DB + 1 Web) for multiple
sites. I use iptables to lock down all non-essential ports, I setup MySQL to
accept connections over the _private_ IP and, frankly, that's it. (FWIW, I use
Moonshine on my Rails app to keep the config easy/repeatable.)

