First Things First, on AWS

Posted on Fri 07 August 2015 in android

I was chatting with a buddy who was moving his web sites from dedicated hosting to AWS. Let's just say the FTUE isn't great. That triggered a quick brain-dump of what you should do when you first get started with AWS.

  • understand pets v cattle. In aws all resources should be "cattle", not pets. Periodically terminate instances to test this.
  • activate cloudtrail (in all regions). Use Loggly to index cloudtrail (free or ~$20/mo)
  • create restricted IAM users. Never use your root acct. Activate MFA.
  • Use IAM ec2-instance roles instead of stored credentials whenever possible.
  • Get familiar with IAM management ( use managed policies, groups & the policy tool) .
  • Start using opsworks. Avoid launching EC2 instances directly through the console--quickly becomes a management nightmare.
  • activate trusted advisor (and pay for the $100/mo upgrade)
  • start creating cloudwatch alerts.
  • Activate librato ($30/mo) and send cloudwatch to librato
  • use loggly or cloudwatch logs
  • get familiar VPC & security groups . Use POLP when creating Security groups
  • understand regions & AZs -- get familiar with cross-region latency.
  • use multi-AZ RDS and extend the backup retention
  • use the AWS forums -- activate your forum account