How much will my AWS costs be?
AWS charge based on usage, but it's possible to model what your pricing would be under different scenarios using the AWS simple cost calculator.
It's possible to reduce AWS pricing by as much as 70% if you are willing to pay in advance for a dedicated instance
How many sites can I host on Idealstack?
All Idealstack plans support unlimited sites. By using enough stacks and large enough instances and enough of them you can host as many as you want, including a mix of large and small sites.
There are some fundamental limitations on the AWS load balancer that limits how many sites can be run per stack:
- A maximum of 25 SSL certificates per load balancer. This limits you to 25 sites with SSL certificates.
- One way around this however is to use Cloudfront in front of Idealstack and host the SSL certificates on that instead of Idealstack
- A max of 100 'rules' for the ALB. If you use SSL for a site each domain will consume 2 rules, if you don't it will consume 1. This means a max of 100 domains per stack (100 sites if they each have one domain, but less if they have more)
As a general guide - we find that on a t2.micro instance (ie the AWS free tier) you'll get about 3 moderate traffic sites. Using two t2.medium instances with autoscale (our 'recomended' stack, see above) you can reach the ALB limits for low traffic sites. By adding more instances (automatically using autoscale or manually) you can handle higher traffic sites
The Professional plan supports having more than one stack, possibly in different regions
Will I have to change my code to use Idealstack?
Generally no, Idealstack maps AWS concepts to standard PHP so you don't have to worry about a lot of the 'hard problems' like shared sessions, shared filesystems or mail delivery.
Sometimes for more 'fancy' frameworks though you may need to work around the framework's own attempts to implement things sessions. In these cases there are generally modules you can use to implement native sessions (which is generally the best option - Idealstack uses DynamoDB for sessions which is in our experience the fastest, cheap and most scalable choice), or you can use one of the frameworks session handlers based on Redis/DynamoDB/Memcached or database sessions. We have documentation on the workarounds we recomend for different systems in the help section (if you use a framework that's not listed, get in touch and we'll figure it out for you)
What about Security?
It's worth delineating what level of access the Idealstack system has:
- Idealstack is a piece of software that connects to your AWS account through API's, particularly AWS cloudformation, to deploy your code
- Idealstack is providing the software images for the hosting containers, and also the configuration script for the server instancesnt
What we don't have:
- Direct access, eg via SSH, to your systems.
- The ability to see or modify your code
- The ability to see or modify your databases and other data storage
- Idealstack deploys the AWS ECS-Optimised AMI without any modifications as it's base, so there's no opportunity for us to install 'root kits' or other low-level "hidden" compromises of the system
The main way you can have confidence in what our system does is that it does it transparently
- Firstly, because AWS operates through AWS Cloudformation, by viewing the cloudformation template you can see exactly what is being done
- You can also record and audit any of Idealstack's usage of AWS API's using https://aws.amazon.com/cloudtrail/ (to identifiy if, for example, someone took the AWS key and did something else with it
- You can audit the hosting containers and server instance configurations because they are all running on your servers and you have full root-level access to them.
And of course we take security pretty seriously in our own development process:
- Critical information like your AWS access keys are stored encrypted using AWS KMS
- We use secure development practices like code reviews, external vulnerability scans etc
- One of the main features of Idealstack is that we're handling security like OS Updates, AWS security rules etc in a better 'best practice' way than might be feasible for your own team to manage