We've recently made the move from running virtual dedicated servers with smaller hosting companies like Server Intellect over to Amazon's Elastic Compute Cloud (EC2) offering.  I ran into a few hiccups while configuring a nice machine image that can be used to run some of our client sites.  Since we are now up and running smoothly (knock on wood) I figured it would be a good time to outline some of the steps we took to get everything in nice working order.

Initial Setup

1) Which Amazon Machine Image (AMI) do you use?

The Amazon Machine Image (AMI) that we started with as a base was the SQL Server Express (ami-42bf582b / ec2-public-windows-images/SqlSvrExp2003r2-i386-Win-v1.04.manifest.xml) instance.  One thing we noticed, is if you don't start with this image, and instead decide to use the base Windows 2003 AMI, it is a bit tricky to get IIS configured correctly.

2) Which ports need to be open for Remote Desktop, SSL (HTTPS), HTTP, SQL (Remote Access), SMTP (Sending E-mail), and FileZilla FTP Server?

You are going to want to create a Security Group with the following ports open.

• Remote Desktop - 3389
  
• HTTP - This one is easy.  port 80.
• HTTPS - Again, an easy one.  port 443.
• SQL -  1433 if you want to access this server remotely through Management Studio or if you want another server/application to be able to access your SQL Server instance.
• SMTP - Port 587 if you are using Google Apps / G-mail to send e-mail.  If you use some other e-mail service, change this port accordingly.
  
• FTP - 1024 --> 1048 and 21 (you also need to configure FileZilla Server to use Passive mode and specify the 1024-1048 port range)

SSL & Multiple Websites / Multiple Domains

This wasn't as difficult as I thought it was going to be.  There are only a few items you will need to get SSL working for multiple domains hosted on the same EC2 Windows 2003 server.  They are as follows:

1. UCC SSL Certificate (Multi-Domain SSL Certificate)
   • You can get these from a number of providers, but I recommend Go Daddy simply for price.
   • You can also get an SSL certificate that allows wildcards if you are securing multiple sites of the same root domain (i.e. - mail.yourdomain.com, service.yourdomain.com, payments.yourdomain.com)
2. Read this blog post on configuring multiple ssl sites on port 443 in IIS 6.0.
3. If the post in #2 doesn't work for you, try this one.
4. Common Gotcha - Sysprep & SSL Private Keys
   • I was bit by this one as well.  I had to re-launch an instance based on a machine image I had created, only to find out that my SSL certificate no longer accepted the private key.  Read this forum post for more information and a workaround.

AspDotNetStoreFront (what is this?)

Getting ASPDNSF up and running on the EC2 instance really isn't all that difficult.  The only thing you need to remember to do is give Write/Modify permissions to the NETWORK SERVICE account so that users can upload product images and documents to their e-com site.  I only mention this because I missed this one on the first setup pass. 

What about E-mail?

Most web hosting companies offer you some kind of "e-mail management" services.  If you've ever hosted your site somewhere, you know what I'm talking about.  When you make the move to the cloud, you are going to have to find some other way to send and receive e-mail for your domains.  We opted to use Google Apps.  Since we are < 50 employees, the Standard (free) version is more than suitable for the time being.

Miscellaneous Tips

1. Use the Elastic Block Store (EBS) to store all of your website files, databases and any other data you don't want to lose.  When an Amazon EC2 instance goes down, there is no getting back the data that was on your C:\ + D:\.
2. Once you have your server configured just how you want, and you feel that all is right in the world, BUNDLE your instance.  If something ever does happen, you can spin up a new instance from the bundle.
3. If you don't need Windows Authentication Services, then make sure you aren't running the Windows Authentication Services instance as it costs 2X the price as a normal win2k3 instance.
4. The AWS Forums are a great place to find answers to common questions.