[djb_hackernews]

In general, if you are using ELBs you should have at least 2 instances per AZ or cross zone load balancing enabled. I've seen this get teams several times.

The other thing to consider when deploying to the cloud with load balancers is to use an immutable architecture. Taking hosts out of service, updating them, and putting them back in service is a bit cumbersome at best and leaves you vulnerable to service outages.

[faceplanter]

While I agree with having an immutable arch is preferable but in some cases it's not viable. In one of our projects we re-use the instances like in the article since we deploy multiple times an hour. In AWS you are billed for each started hour which in this case would mean that we would pay a lot extra if we created new instances for each deploy.

[djb_hackernews]

I do wish AWS had more granular EC2 billing, and I expect that to come soon since GCE offers it. But 2 things:

1) If you are at the scale of deploying several times an hour, the instance hour cost would probably look like a rounding error for your entire AWS spend, I'd imagine.

2) At that cadence you'll definitely benefit from using containers and a container scheduler (Kube, ECS, etc). Reuse the infrastructure but redeploy your apps to your hearts content.

[MBCook]

Is Elastic Beanstalk not an option? It doesn't replace hosts on redeploy so you wouldn't end up cycling through unnecessary instance.

[martin_]

Genuine question: Why is it okay to reuse instances because it's controlled via an abstraction layer, as opposed to doing it yourself?

[MBCook]

I agree, that doesn't make a difference.

I only mentioned EB because it does that kind of thing for you and if you don't have a highly complicated setup it makes rolling updates without changing instances very easy.

[itaifrenkel]

I've heard that cross zone load balancing means the vpc encryption does not cover traffic between zones (the traffic is isolated like in ec2 classic). Is that substantiated?

[otterley]

Network communication between instances in a VPC is not encrypted, and never has been, to my knowledge. Perhaps you're thinking of VPN?