As part of a security evaluation we've been asked if we can set affinity so that two EC2 instances in the same AZ are not hosted on the same physical machine. Obviously it's very unlikely that two of our instances would end up on the same hardware (in fact I believe AWS tries very hard to make sure it doesn't), but is there any way to guarantee that?
Please note:
- I'm not asking if we should do this, I understand EC2 hypervisor security and feel this should not be necessary, just wondering if we can.
- I'm not including dedicated host options, obviously if we pinned the EC2 instances to two different dedicated hosts they'd have to be on different physical machines. I'm talking "normal" VMs here.
- This is within the same AZ. Two different AZs would have to be different hardware.
A spread placement group will probably meet your needs.
When you launch a new EC2 instance, the EC2 service attempts to place the instance in such a way that all of your instances are spread out across underlying hardware to minimize correlated failures. You can use placement groups to influence the placement of a group of interdependent instances to meet the needs of your workload. Depending on the type of workload, you can create a placement group using one of the following placement strategies:
There is no charge for creating a placement group.