EC2 tips 'n' tricks
Security groups
When you create a new instance, segment your security groups. E.g. don’t put the SSH port in the main applications security group
For each security group decide whether the group should have a public IP (back end servers won’t need a public IP)
Decide on the subnet (IP range for the EC2 instances within that security group)