β Subscribe to Newsletter π¨π»βπ»
Operations
- Disable SSH access to all servers
- Treat servers like cattle, not pets - automate everything and don't rely on custom configurations
- Don't assign static or elastic IPs to servers
- Automate all possible processes with scripts and infrastructure-as-code
- Require IAM accounts for all users instead of using root credentials
- Keep application state off of servers as much as possible
Security
- Prefer EC2 roles over assigning IAM users to servers
- Assign IAM permissions to groups, not individual users
- Set up automated security auditing across all services
- Use CloudTrail to keep an API audit log of all activity
S3
- Use "-" instead of "." in bucket names for SSL certificate compatibility
- Avoid filesystem mounts and direct EC2 access to S3
- Putting CloudFront CDN in front of S3 can improve performance
- Add random strings to the beginning of object keys for anonymity
- Restrict public access to buckets and objects
EC2/VPC
- Tag all resources for identification and organization
- Use termination protection for non-auto-scaling instances
- Launch instances within a VPC for network control
- Use reserved instances to save money for steady-state workloads
- Lock down security groups to only necessary ports and sources
- Don't keep unassociated Elastic IPs which incur charges
Monitoring
- Use CloudWatch for metrics and CloudTrail for API logs
- Leverage the free metrics provided by AWS services
- Send custom application logs and metrics to CloudWatch
- Enable detailed monitoring for granular CloudWatch data
Auto Scaling
- Scale down on insufficient data, not just on alarms
- Use ELB health checks over EC2 checks for accurate auto-scaling
- Only use the same AZs that the attached ELBs are configured with
- Avoid multiple scaling triggers in the same group
ELB
- Terminate SSL on the ELB, not on instances
- Pre-warm ELBs before big traffic spikes when possible
RDS
- Set up event subscriptions to respond to RDS events
Billing
- Set up granular billing alerts to avoid unexpected costs
Route 53
- Use alias records to route to AWS resources
EMR
- Specify an S3 location for Hive query results
General
- Horizontally scale systems when possible
- Be aware of service limits before deploying
- Decide on a resource naming convention early
- Validate if AWS is appropriate for a workload
- Distribute resources across AZs for high-availability
- Delete unused resources to minimize costs
- Decide on key management from the start
Source & Credit: roadmap.sh
Top comments (0)