Jedi's questions

I have 2 VPCs (default and special) each hosting 1 EC2 instance.

Both instances have the same security group (say name = internal). The security group allows All Traffic from internal (a circular reference for inbound traffic).

Also, I have VPC peering enabled, however I am unable to change the following settings:

• Allow outbound communication from ClassicLink instances to accepter VPC
• Allow outbound communication to ClassicLink instances in accepter VPC
• Allow outbound communication from ClassicLink instances to requester VPC
• Allow outbound communication to ClassicLink instances in requester VPC

These are all disabled.

I am unable to ping from one instance to the other (in both directions). I can ping both instances from my laptop.

If I explicitly allow all inbound traffic from [Instance A's IP] then I can ping Instance B from Instance A.

In short, this fails:

but this works (in one direction, assuming Instance A has a public IP 1.2.3.4):

How can I enable my instances to communicate adding each IP address explicitly to the security group?

Can I modify an EC2 instance to support dual-/multi-boot (any 2 or more OSes)?

If yes, how?

If no, why not / what needs to change?

Would this be easier on one of the other large IaaS platforms (Azure /GCP)?

Before this gets shut down, I should mention that this is not something that I plan to do. I just want to understand the technical restrictions / challenges.

Is there a way to filter public AMIs that contain a particular string (say abcd)?

The command:

aws ec2 describe-images --filters Name=name,Values=abcd

returns only those AMIs that exactly match Name=abcd

We have a educational system (federated microservices that are running mostly on AWS EC2, RDS MySQL and a message queue) that is already distributed across regions, primarily for latency hiding, though it has been useful for failovers. We're now considering adding HA within each region, by adding active-passive failovers in using multiple AZs in each region. However, we received an attractive offer from another large IaaS provider to host the failover on their infrastructure at a very competitive price point.

What could be the downside of having a deployment that uses multiple IaaS service providers? There isn't much literature out there from real-world deployments.

We have a team of 20+ interns that join and leave us every 3-6 months. They each have individual SSH logins setup on 10-15 shared AWS instances, some of which have been running for years, others run for a few days or weeks. Each time, we need the admin to create the instance and authorize the users and their keys, as well as set up their roles. When they leave, the admin manually deletes all users or in some cases only blocks the authorized keys to prevent SSH.

What is the best practice to be able to automate this user and SSH management for running instances? How can we audit our instances to ensure that a user does not bypass our SSH restrictions?