如何识别公司中未使用的EC2服务器并停止使用它们。

huangapple go评论111阅读模式
英文:

how to identify unused EC2 servers in the company and stop using them

问题

抱歉,但我只能翻译代码部分。以下是您提供的代码的翻译:

[![在此输入图片描述][1]][1]我是初创后端开发者。我于去年十二月加入了公司,负责整体基础设施和后端开发。

我们希望将公司二月份的AWS运营成本与预估金额相比减少约20%(预计收费1600美元),并将基础设施使用成本每月减少约1300美元。

为此,我想通过识别未使用的服务来停止使用EC2。问题在于我们没有收到上一个开发者的pem密钥,因此我们无法访问正在使用的AWS EC2。

另外,我了解到可以在没有pem密钥的情况下访问Web控制台。然而,这种方法也只会出现“连接失败”的提示。

[问题]

有没有办法在没有之前颁发的pem密钥的情况下访问EC2?
有没有办法在无法访问的情况下确定它是否未被使用?

请注意,我只能翻译文本内容,代码部分将保持原样。

英文:

如何识别公司中未使用的EC2服务器并停止使用它们。I'm the start-up backend developer. I joined the company last December and am in charge of overall infrastructure and back-end development.

We want to reduce our company's February AWS operating costs by about 20% (expected to be charged $1600) compared to the estimated amount, and reduce our infrastructure usage costs by about $1300 per month.

To this end, I would like to stop using EC2 by identifying unused services that are not in use. The problem is that we have not received the pem key from the previous developer, so we do not have access to AWS EC2 in service.

Also, I understand that you can access the web console without the pem key. However, the method is also a situation in which only the phrase "connection failed" appears.

[Question]

Is there a way to access EC2 without the previously issued pem key?
Is there a way to figure out if it's not in use without access?

答案1

得分: 2

我认为可以肯定地说,如果无法访问这些机器,你将无法知道它们上面运行了什么,因此也无法确定它们是否必要。你可以检查EC2的指标,特别是网络IO,如果没有活动,它们可能没有被使用。但另一方面,可能有一些按周/月/年执行一次的计划任务...(这可能不是最好的主意 - 但拥有唯一的开发人员拥有唯一的密钥也不是最好的主意;-))此外,它们可能完全闲置,但包含重要内容,例如你可能希望或需要保留的日志(例如法律要求)。

如果在实例上安装了SSM代理程序,你可以通过SSM会话连接,或者使用AWSSupport-ResetAccess文档来替换密钥:https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-ec2reset.html

如果无法通过SSH或SSM访问机器,你可以使用串行控制台

另一个想法是从实例创建一个快照,然后使用新的EC2密钥对从该快照启动新实例。然后你可以访问该克隆并检查内容,而无需访问原始机器。但根据工作负载的不同,这可能会对你的业务造成损害,因为一切可能都在并行运行。

一个典型的启动方法,我自己也犯过的错误,是停止它并查看是否有人抱怨。;-) 你可以暂停而不是终止(!)实例,以便稍后可以重新启动它们。但这可能是一种危险的方法。服务可能不会自动启动,这意味着你需要手动修复问题。而不知道需要修复什么,这并不会让事情变得更容易。

英文:

I think it's safe to say, without access to the machines, you won't be able to tell what's running on them and therefore if they're required. You could check the ec2 metrics, specifically the network IO, if there is nothing going on, they might be ununsed. But then again there might be something scheduled only once per week/month/year... (wouldn't be the best idea - but neither is having a single developer owning the only key 如何识别公司中未使用的EC2服务器并停止使用它们。 ) Also, they might be completely idle, but contain important content such as logs that you might want or need to keep (e.g. legal requirements)

If the SSM agent is installed on the instances, you could connect via SSM session or use the AWSSupport-ResetAccess document to replace the key: https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-ec2reset.html

If you cannot access the machine via ssh or ssm, you could use the serial console.

Another idea would be to create a snapshot from the instance(s), then start a new instance from that snapshot with a new EC2 key pair. Then you can access that clone and inspect the content without having access to the original machine(s). Though, depending on the workload, this might be harmfull to your business, since everything might be running in parallel.

A typical startup approach, I've been guilty of myself, is to stop it and see if someone complains. 如何识别公司中未使用的EC2服务器并停止使用它们。 You could just suspend, not terminate(!), the instances, so you later can start them again. Though this might be a dangerous approach. Services might not automatically start, which means you would need access to manually fix things. And not knowing what needs fixing, doesn't make this easier.

huangapple
  • 本文由 发表于 2023年2月6日 10:17:40
  • 转载请务必保留本文链接:https://go.coder-hub.com/75356813.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定