|10 steps to AWSomeness|
In my earlier post titled, "The War Of Cloud Adoption / Migration", I had shared my observations of how badly under-prepared the enterprises big and small were for cloud adoption. This post is a follow up on that one to help them in their cloud journey.
IMPORTANT : I would like to state that this post is by no means a substitute to professional guidance of cloud experts but should serve you as a good starting point in your cloud journey before you get the experts on-boarded.
The checklist with 10 key items that you should tick to mitigate 80% of unpleasant surprises and experience AWSomeness :
- You have deleted the access keys for your root account.
- Think and plan for some budget cost and set alarms when the cost breaches a defined threshold within the budgeted cost. See AWS Budgets.
- From the very beginning leverage AWS Config for auditing and compliance of AWS resources. For instance, you can add one of the managed rule in AWS Config to monitor for compliance to restrict SSH ports in your EC2 instances
- AWS Trusted Advisor is your good friend when it comes to guidance on contemporary best practices in AWS environment. Benefit from its advises on cost optimisation, security, performance and fault tolerance.
- Remember to tag every resource you create. You can leverage AWS Config for compliance. You can make use of AWS Service Catalog or AWS CloudFormation templates to create some default tags.
- If you are using EC2 instances, then you should make use of the AWS Inspector services for enhanced security.
- Keep striving to reduce your AWS surface area of exposure to internet. For instance, not all EC2 instances need to be exposed to internet; create public and private subnets in your VPC and place your EC2 instances in one of those subnets based on its requirement to be exposed to the outside world.
- Are you using AWS Organisations service? If not, start using it, to leverage Service Control Policies for fine-grained permission controls.
- You should have strong reasons to not encrypt your data. Leverage encryption services to encrypt your data at rest and transit.
- Where possible use AWS managed or serverless services. You should have strong reasons to not use it where possible.
And as always, your feedback is welcome anytime.
Wishing you more AWSomeness!