Thousands of applications running on online retailer Amazon’s AWS EC2 cloud server have a security issue, most likely related to the hypervisor, wrote cloud consultant Randy Bias on his blog Cloudscaling. Bias is also co-founder and CTO of Cloudscaling.
As per this blog post, Bias was anonymously informed about AWS scheduling reboots across hundreds or even thousands of AWS EC2 instances. This is to “receive some patch updates”, according to the consultant.
“As some in the twitterverse have speculated, this is likely a security issue and most likely related to the hypervisor,” Bias said in his blog.
Also, posted on this blog was a copy of one of the emails that was sent out by AWS. It read, “One or more of your Amazon EC2 instances have been scheduled for a reboot in order to receive some patch updates. Most reboots complete within minutes, depending on your instance configuration.” A list of instance(s) that would be rebooted with scheduled reboot time(s) was provided by AWS .
According to Bias, based on a source, “They are running 100s of instances and about 80 percent are affected. Also, wrote Bias, “Speculation is that the reboot involves security patches to the underlying servers hosting the Amazon applications.”
Meanwhile, a report filed by Business Insider reporter Julie Bort shows that the company is downplaying the situation. Based on a report by GigaOm, the company said that the customers were simply being informed of scheduled maintenance, wrote Bort. The online retailer also said that the company gives customers the option of doing their own reboots.
Concurrently, on Amazon's discussion forum, many EC2 users are reporting issues with the reboot, ranging from instances not stopping or getting stuck to instances becoming unreachable after the reboot.