15 AWS Best Practices for 2019
There are a ton of great blogs that cover AWS best practices and use cases. To provide a little more insight into the latest practices offered by AWS, we put together 15 of the best practices since the beginning of 2019, consisting of tips and quotes from different experts.
1. Take Advantage of AWS Free Online Training Resources
“There’s no shortage of good information on the internet on how to use Amazon Web Services (AWS). Whether you’re looking for ways to supplement your certification study efforts or just want to know what the heck it’s all about, check out this compilation of free training and resources on all things AWS.”
- Ed Tittel, Kim Lindros, and Mary Kyle, Free AWS Online Training Resources for IT Pros, Business News Daily, Business News Daily — January 31, 2019
2. Keep Up With Instance Updates So You Can Periodically Make Changes to Costs and Uses
“AWS expands its choices regularly, so you need to dynamically re-evaluate as your business evolves. The cloud presents many arbitrage opportunities including instance families, generations, types, and regions — but trying to do this manually is a recipe for time-consuming frustration. Don’t fall victim to Instance Inertia: even though the process of making a change is simple enough, it can be difficult to accomplish without having any conclusive evidence of either cost gains or performance improvements.”
- Badrinath Venkatachari, 10 Common AWS Mistakes & How to Avoid Them, CloudAcademy — February 1, 2019
3. Limit Access by Assigning User Permissions
“Your configuration of IAM, like any user permission system, should comply with the principle of “least privilege.” That means any user or group should only have the permissions required to perform their job, and no more.”
- John Martinez, 8 AWS Security Best Practices to Mitigate Risk, Palo Alto Networks — February 7, 2019
4. Visibility Across Multiple Accounts in One Frame Helps Make More Informed Decisions
“Use a cloud security solution that provides visibility into the volume and types of resources (virtual machines, load balancers, security groups, users, etc.) across multiple cloud accounts and regions in a single pane of glass. Having visibility and an understanding of your environment enables you to implement more granular policies and reduce risk.”
- John Martinez, 8 AWS Security Best Practices to Mitigate Risk, Palo Alto Networks — February 7, 2019
5. Tag IAM Entities to Help Manage Access Granted to Resources Based on an Attribute
“AWS has now added the ability to tag IAM users and roles, which eases management of IAM entities by enabling the delegation of tagging rights and enforcement of tagging schemes.”
“A primary use case for the new feature is to grant IAM principals access to AWS resources dynamically based on attributes. This can now be achieved by matching AWS resource tags with principal tags in a condition”
- Steffen Opel, AWS Identity and Access Management Gains Tags and Attribute-Based Access Control, InfoQ — February 8, 2019
“As cloud deployments grow, teams deal with an increasing amount of resources that are constantly moving, growing, and changing. Projects may be shared between teams or customers and can rely on different regions and platforms. This makes it easy to lose track of what’s being used until the bill comes due. For tags to be actionable at scale, most teams require visibility of exactly which resources are at play at any given time, who is using them, and what they are being used for, and who is responsible for them. Essentially, the more high-quality information associated with a resource, the easier it becomes to manage.”
“Within each of these categories, you can then define your own tags that are specific to your organization for standardization”
- Stuart Scott, What Are Best Practices for Tagging AWS Resources?, CloudAcademy — October 2, 2018
6. Creating a Start/Stop Schedule With an Instance Scheduler Will Help You Optimize Costs
“EC2 is a main compute service on AWS, they’re your (Windows and Linux) virtual machines. Running compute resources costs money, simple as that….”
“Paying only for the resources you actually need and use can save you a LOT of money.”
- Bas van Kaam, THIRTY AWS Pro TIPS on how to use the Cloud more efficiently and save some money — Tip 12, basvankaam.com — January 16, 2019
7. Decrease Errors and Streamline Your Deployments With An Automation Tool
“Whether you choose to use AWS CodeDeploy or a different tool, automating your software deployments helps you more consistently deploy an application across development, test, and production environments. The importance of automation in deployment in order to decrease errors and increase speed cannot be overstated.”
“Automate your deployment. This saves you from potentially costly and damaging human error. With the automation services available today, you have many options to customize every part of your deployment without letting automation fully take over if you prefer.”
- Angela Karl, AWS deployment: these best practices and tools will make it go smoothly, TechGenix — January 7, 2019
8. Have a Reserved Instances Strategy
“Purchasing an RI is only the beginning; you should have a process in place to continuously monitor RI utilization and modify unused RIs (split/join or exchange convertible RIs) to maximize their usage. A common AWS billing model is a centralized account with consolidated billing, linked to autonomous accounts so individual accounts can purchase RIs based on their individual usage patterns.”
- Badrinath Venkatachari, 10 Common AWS Mistakes & How to Avoid Them, CloudAcademy — February 1, 2019
9. Account For the Capacity You Will Need So You Have a Size That Fits Your Environment
“We know that AWS EC2 instance types are sized and priced exponentially. With millions of sizing options and pricing points, choosing the wrong instance type can mean a major pricing premium — or worse, a substantial performance penalty! We see many organizations choose an instance type based on generic guidelines that do not take their specific requirements into account.”
- Badrinath Venkatachari, 10 Common AWS Mistakes & How to Avoid Them, CloudAcademy, February 1, 2019
“AWS offers a variety of types and sizes of EC2 instances. That means that it’s perfectly possible to select an instance type that’s too large for your actual needs, which means you’ll be paying more than necessary. In fact, the data shows that this is happening most of the time. ”
- Chris Parlette, Review of the AWS Right Sizing Tool: Helpful or Clunky?, ParkMyCloud — February 21, 2019
10. Save Your Team Time and Money with Serverless Management
“AWS data is housed in different regions all over the world. Its cloud-based system means you’re able to access your data in just a matter of minutes.”
“No more having to set up and maintain your own servers. That’s just more stress and money out of your pocket. Instead, you can leave it to the experts at AWS who will ensure the infrastructure your business is running efficiently.”
- Gil Artmoore, Why AWS Is Useful for your Business, Youngstown Business Incubator — February 15, 2019
“The AWS Serverless Application Repository allows developers to deploy, publish, and share common serverless components among their teams and organizations. Its public library contains community-built, open-source, serverless components that are instantly searchable and deployable with customizable parameters and predefined licensing. They are built and published using the AWS Serverless Application Model (AWS SAM), the infrastructure as code, YAML language, used for templating AWS resources.”
- Aleksandar Simovic, Building serverless apps with components from the AWS Serverless Application Repository, AWS — March 4, 2019
11. Set up a Secure Multi-Account with AWS Landing Zone
“With the large number of design choices, setting up a multi-account environment can take a significant amount of time, involve the configuration of multiple accounts and services, and require a deep understanding of AWS services.
This solution can help save time by automating the set-up of an environment for running secure and scalable workloads while implementing an initial security baseline through the creation of core accounts and resources.”
- AWS Landing Zone, AWS
12. Ensure Consistency in your Environment with Containers
“Containers offer a lightweight way to consistently port software environments for applications. This makes them a great resource for developers looking to improve infrastructure efficiency, becoming the new normal over virtual machines (VMs).”
- Fernando Battistella, Understanding Container Services on AWS, Onica — February 26, 2019
“Containers share an operating system installed on the server and run as resource-isolated processes, ensuring quick, reliable, and consistent deployments, regardless of environment.”
- What is a Container?, AWS
13. Auto Scaling Groups
“Auto Scaling Groups can be used to control backend resources behind an ELB, provide self-replication (when the instance crashes, Auto Scaling Group will immediately provision a new one to maintain the desired capacity), simplify deployments (regular releases, blue/green deployments, etc.), and for many other use cases…..
The unnecessary spending on EC2 instances is usually caused by unused, or underused, compute resources, that increase your monthly bill. This is an age-old problem where you provision more than you need, to make sure you have enough to handle the expected, but also unexpected traffic. An Auto Scaling Group solves this issue by handling the scalability requirements for you.”
- AWS Cost-Saving Tips Part 3: Auto Scaling Groups, N2WS — January 22, 2019
14. Automatically Backup Tasks
“AWS Backup performs automated backup tasks across an organization’s various assets stored in the AWS cloud, as well as on-premises. It provides a centralized environment, accessible through the AWS Management Console, for organizations to manage their overall backup strategies.
AWS Backup eliminates the need for organizations to custom-create their own backup scripts for individual AWS services, the company contends.”
- Gladys Rama, AWS Launches Managed Backup Service, AWSInsider.net — January 17, 2019
15. Use API Gateway to Manage APIs at Scale
“Capable of accepting and processing hundreds of thousands of concurrent API calls, API Gateway can manage such related tasks as: API version management; authorization and access control; traffic management and monitoring.”
Have any AWS best practices you’ve learned recently? Let us know in the comments below!
Originally published at www.parkmycloud.com on March 12, 2019.
