EC2 tips 'n' tricks

When you create a new instance, segment your security groups. E.g. don’t put the SSH port in the main applications security group

For each security group decide whether the group should have a public IP (back end servers won’t need a public IP)

Decide on the subnet (IP range for the EC2 instances within that security group)