Sunday, January 18, 2015

Great AWS Tips

Came across some great AWS tips (care of Devops Weekly)

The list is below - go to this website for the full details: 

  • Application Development
    • Store no application state on your servers.
    • Store extra information in your logs.
    • If you need to interact with AWS, use the SDK for your language.
    • Have tools to view application logs.
  • Operations
    • Disable SSH access to all servers.
    • Servers are ephemeral, you don't care about them. You only care about the service as a whole.
    • Don't give servers static/elastic IPs.
    • Automate everything.
    • Everyone gets an IAM account. Never login to the master.
    • Get your alerts to become notifications.
  • Billing
    • Set up granular billing alerts.
  • Security
    • Use EC2 roles, do not give applications an IAM account.
    • Assign permissions to groups, not users.
    • Set up automated security auditing.
    • Use CloudTrail to keep an audit log.
  • S3
    • Use "-" instead of "." in bucket names for SSL.
    • Avoid filesystem mounts (FUSE, etc).
    • You don't have to use CloudFront in front of S3 (but it can help).
    • Use random strings at the start of your keys.
  • EC2/VPC
    • Use tags!
    • Use termination protection for non-auto-scaling instances. Thank me later.
    • Use a VPC.
    • Use reserved instances to save big $$$.
    • Lock down your security groups.
    • Don't keep unassociated Elastic IPs.
  • ELB
    • Terminate SSL on the load balancer.
    • Pre-warm your ELBs if you're expecting heavy traffic.
  • ElastiCache
    • Use the configuration endpoints, instead of individual node endpoints.
  • RDS
    • Set up event subscriptions for failover.
  • CloudWatch
    • Use the CLI tools.
    • Use the free metrics.
    • Use custom metrics.
    • Use detailed monitoring.
  • Auto-Scaling
    • Scale down on INSUFFICIENT_DATA as well as ALARM.
    • Use ELB health check instead of EC2 health checks.
    • Only use the availability zones (AZs) your ELB is configured for.
    • Don't use multiple scaling triggers on the same group.
  • IAM
    • Use IAM roles.
    • Users can have multiple API keys.
    • IAM users can have multi-factor authentication, use it!
  • Route53
    • Use ALIAS records.



  • Elastic MapReduce
    • Specify a directory on S3 for Hive results.
  • Miscellaneous Tips
    • Scale horizontally.
    • Your application may require changes to work on AWS.
    • Always be redundant across availability zones (AZs).
    • Be aware of AWS service limits before you deploy.
    • Decide on a naming convention early, and stick to it.
    • Decide on a key-management strategy from the start.
    • Make sure AWS is right for your workload.

Posted by on