10 things they don't teach you about AWS

Some things that I've picked up over the years that may not be obvious when starting out with a new AWS service.

1. Create SSL certificates in us-east-1. CloudFront's provisioning infrastructure is based there, so is only compatible with us-east-1 certificates.
2. IAM. May not be obvious to the newcomer: permissions are granted via statements in Policies, which are assigned to either Identities or Resources.
3. CloudFormation vs Terraform. CloudFormation features oddly sometimes lag behind Terraform, which uses AWS's API under the hood (not CloudFormation's).
4. Lambda deployment too big. Consider AWS Lambda Layers when your deployment package size has exceeded Lambda limits.
5. AWS Lambdas suffer from cold starts. Tackle it by reducing your package size. Also, you get at least the same amount of CPU in the init phase as in the handler. You get the init phase for very close to free, so move as much application code as possible outside of your handler function. Subsequent invocations can also reuse resources outside the handler.
6. SQS deliverability: Standard queues guarantee at least one delivery, FIFO queues attempt one delivery. Make sure your application code makes the correct assumptions/de-dupe as necessary.
7. AWS KMS is your friend. Use it to encrypt your keys. Think twice about what goes into environment variables or Parameter Store.
8. AWS RedShift performance. RedShift queries perform a lot better with Distribution Keys. Set them up early.
9. AWS Cognito customisation. You can't customise AWS Cognito verification emails. As suggested in the comments, you can now customise verification email with code. (See docs.)
10. AWS Credits. Most accelerator programmes offer you AWS Credits. Join one and ask for them.

Edit: Helpful resource, in case you haven't come across it — Open Guide to Amazon Web Services (GitHub).

Cover: "AWS - Amazon Web Services Office in Houston, Texas" by Tony Webster is licensed with CC BY 2.0. To view a copy of this license, visit https://creativecommons.org/licenses/by/2.0/

Comments

[Ibrahim Cesar]

First I had to say that posts like "don't teach", "you don't know" etc, I'm strongly biased. Said that I think the item 9 is not accurate. If you don't want a plain text in "Manage customizations" of a User Pool, you can add HTM tags: "You can customize the message above and include HTML tags, but it must include the "{####}" placeholder, which will be replaced with the code.", you can find about on this feature doc page.

[Mario Hayashi]

Thanks re item 9: will edit in a note. Back when I was attempting to customise verification emails a year or so ago, I didn't find a way but it may be that this is resolved now! 🙂

[Aleix Morgadas]

Totally worth to read!