DEV Community

Cover image for AWS Best Practices & Tips
Anurag Vishwakarma
Anurag Vishwakarma

Posted on

AWS Best Practices & Tips

✅ Subscribe to Newsletter 👨🏻‍💻


Operations

  • Disable SSH access to all servers
  • Treat servers like cattle, not pets - automate everything and don't rely on custom configurations
  • Don't assign static or elastic IPs to servers
  • Automate all possible processes with scripts and infrastructure-as-code
  • Require IAM accounts for all users instead of using root credentials
  • Keep application state off of servers as much as possible

Security

  • Prefer EC2 roles over assigning IAM users to servers
  • Assign IAM permissions to groups, not individual users
  • Set up automated security auditing across all services
  • Use CloudTrail to keep an API audit log of all activity

S3

  • Use "-" instead of "." in bucket names for SSL certificate compatibility
  • Avoid filesystem mounts and direct EC2 access to S3
  • Putting CloudFront CDN in front of S3 can improve performance
  • Add random strings to the beginning of object keys for anonymity
  • Restrict public access to buckets and objects

EC2/VPC

  • Tag all resources for identification and organization
  • Use termination protection for non-auto-scaling instances
  • Launch instances within a VPC for network control
  • Use reserved instances to save money for steady-state workloads
  • Lock down security groups to only necessary ports and sources
  • Don't keep unassociated Elastic IPs which incur charges

Monitoring

  • Use CloudWatch for metrics and CloudTrail for API logs
  • Leverage the free metrics provided by AWS services
  • Send custom application logs and metrics to CloudWatch
  • Enable detailed monitoring for granular CloudWatch data

Auto Scaling

  • Scale down on insufficient data, not just on alarms
  • Use ELB health checks over EC2 checks for accurate auto-scaling
  • Only use the same AZs that the attached ELBs are configured with
  • Avoid multiple scaling triggers in the same group

ELB

  • Terminate SSL on the ELB, not on instances
  • Pre-warm ELBs before big traffic spikes when possible

RDS

  • Set up event subscriptions to respond to RDS events

Billing

  • Set up granular billing alerts to avoid unexpected costs

Route 53

  • Use alias records to route to AWS resources

EMR

  • Specify an S3 location for Hive query results

General

  • Horizontally scale systems when possible
  • Be aware of service limits before deploying
  • Decide on a resource naming convention early
  • Validate if AWS is appropriate for a workload
  • Distribute resources across AZs for high-availability
  • Delete unused resources to minimize costs
  • Decide on key management from the start

AWS Best Practices

Source & Credit: roadmap.sh

✅ Subscribe to Newsletter 👨🏻‍💻

Top comments (0)