REVVOPS | Cloud Infrastructure Automation

Using EL2 EC2 Instance Launch Block Safety

EL2 launch block safety optimises AWS costs in the often overlooked area of EC2 instance count mistakes, whether using EL2 as a handy interactive EC2 Linux launcher or as a Terraform module that's part of a large IaC (infrastructure as code) definition.

Typically these instance count mistakes occur during the infrastructure development phase rather than production infrastructure launches, but in either case this simple extra layer of protection helps avoid such accidents and eliminates this portion of unnecessary costs inherent in the process of creating any non trivial AWS solution implementation.

EL2's launch block safety feature is controlled by the two variables understand_costs and instances_safety_threshold, which are declared and explained in the file vars.tf, an excerpt of which is shown below:


.
.
.

variable "understand_costs" {

  # With the default value of false, EL2 assumes that setting instances to a
  # value greater than the value of instances_safety_threshold is a mistake and
  # prevents the launch - of any instances. Setting this value to true will
  # confirm the number of instances you've requested to launch is correct
  # and intentional, so will allow the launch, even though instances is greater
  # than instances_safety_threshold. Use understand_costs and
  # instances_safety_threshold together to set the right level of risk
  # protection against launch accidents for your project.

  description = "User costs understanding confirmation safety flag"
  default = false
}


variable "instances_safety_threshold" {

  # The number of instances above which understand_costs must be set to true
  # to allow launch. For HPC and 'serious' instance types especially, this
  # becomes useful to prevent costly launch accidents. Once a mistake is made
  # the only way out of it is to make a grovelling apology to AWS billing
  # support on the phone. If everyone ran 'terraform plan' all the time and
  # checked the output or actually saved the plan for a subsequent 'terraform
  # apply', mistakes would be less common, but in the heat of real DevOps things
  # are not always done that way.

  description = "Number of instances launch mistake prevention threshold"
  default = 3
}

.
.
.

So for example, if specifying -var 'instances=4' on the command line and the values of instances_safety_threshold and understand_costs were left at their defaults of 3 and false respectively, no instances would be launched as understand_costs would have to be set to true to allow it to happen.

If however instances_safety_threshold had a value of say 6, then specifying -var 'instances=4' on the command line, would result in all 4 requested instances being launched as understand_costs would not need to be set to true. To permit a launch with instances_safety_threshold set to 6 understand_costs only needs to be set to true if the number of requested instances given by the instances variable is 7 or more.

EL2 offers protection against EC2 instance count blunders every time the terraform apply command is run, but if you wish to bypass it completely just set the understand_costs variable to true in vars.tf (and of course don't override it via the other variable setting mechanisms Terraform provides).