First Things First, on AWS
Posted on Fri 07 August 2015 in android
I was chatting with a buddy who was moving his web sites from dedicated hosting to AWS. Let's just say the FTUE isn't great. That triggered a quick brain-dump of what you should do when you first get started with AWS.
- understand pets v cattle. In aws all resources should be "cattle", not pets. Periodically terminate instances to test this.
- activate cloudtrail (in all regions). Use Loggly to index cloudtrail (free or ~$20/mo)
- create restricted IAM users. Never use your root acct. Activate MFA.
- Use IAM ec2-instance roles instead of stored credentials whenever possible.
- Get familiar with IAM management ( use managed policies, groups & the policy tool) .
- Start using opsworks. Avoid launching EC2 instances directly through the console--quickly becomes a management nightmare.
- activate trusted advisor (and pay for the $100/mo upgrade)
- start creating cloudwatch alerts.
- Activate librato ($30/mo) and send cloudwatch to librato
- use loggly or cloudwatch logs
- get familiar VPC & security groups . Use POLP when creating Security groups
- understand regions & AZs -- get familiar with cross-region latency.
- use multi-AZ RDS and extend the backup retention
- use the AWS forums -- activate your forum account