# freebsd on AWS



## azathoth (Jan 10, 2018)

experiences?
good stuff?
gotchas?


----------



## obsigna (Jan 11, 2018)

I manage three EC2 instances on AWS, running FreeBSD 11.1 RELEASE-p6 for my clients. Despite of the so called _vendor recommendation_ to use FreeBSD on the m4.large instance type, I installed FreeBSD on t2.micro instances, and of course, I have to live with the memory restrictions (1 GB of RAM, 10 GB of disk space, no SWAP), however, this turned out to work fine and the advantage is that the instances may operate at no cost for 1 year.

The instances are running in Brazil and Germany. Half a year ago I did also a test installation of FreeBSD in the Google Cloud, and at that time the Google servers were only available in the U.S. Already for this reason I saw a big performance difference between EC2-AWS and Google Cloud Computing - I can move the AWS near to my customers. Besides this, the AWS seemed to be more snappier when it came to building ports from sources, despite the instance on the Google Cloud offered more memory.


Because of said memory limitations, I use UFS - if you want ZFS, then choose a more powerful instance, and pay for it 


One of my clients uses his instance for WordPress and the gotcha is that modern MySQL servers default to the InnoDB database engine and its requirements do definitely exceed the available memory of 1 GB, and therefore, MySQL-InnoDB kept the system crashing every minute. So, I switched this installation to the classic MyISAM DB engine, which is simply fine for a WordPress application, and I also switched to off the performance_schema.


Another instance is used by my client for a custom non-public web application with a PostgreSQL DB backend. PostgreSQL is happily working out of the box with said small amount of memory.


The third instance runs online process simulations by solving sets of ordinary differential equations and visualizes the results by the way of a tiny web frontend. The provided single core of a Core i7 does a good job and the results are computed in a satisfactory time -- 50000 evaluations of 48 ODE´s in far less than a second.


On all instances I run ipfw(8) as the firewall, and set the instance firewall to all open. By this way I employ IP based Geo-blocking using the sysutils/ipdbtools. Already by this the attack surface for brute-forcing the services is largely reduced.


On all instances I installed L2TP/IPsec services employing the combo of net/mpd5 and security/strogswan.


One of my customers additionally utilizes his instance as a DNS server for his small company. On said instance I activated Unbound as a recursive caching resolver and with that employed the dns/void-zones-tools for DNS based malware and ad-blocking.
I am quite happy with EC2-AWS, and at least outside the U.S., I recommend EC2-AWS over Google Cloud Computing.


----------



## SirDice (Jan 11, 2018)

Works like a charm indeed. For a client I've set up a disaster recovery site on AWS. Some useful packages:

devel/awscli
sysutils/firstboot-growfs
sysutils/firstboot-freebsd-update
sysutils/firstboot-pkgs

The firstboot scripts trigger on the existence of the /firstboot file. If that file exists those firstboot-* services are run, allowing you to automatically grow the filesystem (UFS), run freebsd-update(8) and install a list of packages. Very useful for dynamically spinning up images.


----------

