Some things that I've picked up over the years that may not be obvious when starting out with a new AWS service.
Create SSL certificates in
us-east-1. CloudFront's provisioning infrastructure is based there, so is only compatible with
- IAM. May not be obvious to the newcomer: permissions are granted via statements in Policies, which are assigned to either Identities or Resources.
- CloudFormation vs Terraform. CloudFormation features oddly sometimes lag behind Terraform, which uses AWS's API under the hood (not CloudFormation's).
- Lambda deployment too big. Consider AWS Lambda Layers when your deployment package size has exceeded Lambda limits.
- AWS Lambdas suffer from cold starts. Tackle it by reducing your package size. Also, you get at least the same amount of CPU in the init phase as in the handler. You get the init phase for very close to free, so move as much application code as possible outside of your handler function. Subsequent invocations can also reuse resources outside the handler.
- SQS deliverability: Standard queues guarantee at least one delivery, FIFO queues attempt one delivery. Make sure your application code makes the correct assumptions/de-dupe as necessary.
- AWS KMS is your friend. Use it to encrypt your keys. Think twice about what goes into environment variables or Parameter Store.
- AWS RedShift performance. RedShift queries perform a lot better with Distribution Keys. Set them up early.
AWS Cognito customisation.
You can't customise AWS Cognito verification emails.As suggested in the comments, you can now customise verification email with code. (See docs.)
- AWS Credits. Most accelerator programmes offer you AWS Credits. Join one and ask for them.
Edit: Helpful resource, in case you haven't come across it — Open Guide to Amazon Web Services (GitHub).
Cover: "AWS - Amazon Web Services Office in Houston, Texas" by Tony Webster is licensed with CC BY 2.0. To view a copy of this license, visit https://creativecommons.org/licenses/by/2.0/