Author: Andreas Wittig
Diving into a new technology is exciting. The following tips and tricks will accelerate your start with AWS and help you to avoid common pitfalls. You’ll learn about best practices for security in the cloud as well as possibilities to control costs of your AWS account.
1. Enable MFA for root user
Your root user grants access to every part of your AWS account from launching virtual machines to deleting databases. In other words, your root user is a valuable target for all kinds of bad people. The first thing you should do after creating your AWS account is enable MultiFactor-Authentication (MFA) for your root user. You can use a virtual device (mobile application on your smartphone) or a hardware token. After enabling MFA, you have to enter your email, password and a one-time password from your MFA device to log in.
2. Create a billing alarm
AWS uses the pay-per-use pricing model for its services. For example, if you launch a virtual machine, you have to pay for it per hour – or you’re billed for every GB of data stored in the object store. Unwanted costs may occur if you forget to terminate unused virtual machines or delete data that you no longer need from S3. To avoid an unexpected billing amount on your monthly invoice from AWS you should create a billing alarm. A billing alert will send you an email if the costs for the current month exceed your limit.
3. Get familiar with Identity and Access Management
The Identity and Access Management (IAM) service is authenticates and authorizes their requests to the AWS API. IAM is a fundamental part of security in the cloud. It allows you to restrict access to all AWS services. Some examples:
- Is Bob allowed to launch a new virtual server?
- Is the application permitted to store data on the object store?
- Is Mary authorized to access customer information stored in the NoSQL database?
It’s important to understand the concepts of IAM and follow best practices. So do yourself a big favor and get familiar with the Identity and Access Management service right from the start.
4. Make use of the Free Tier
AWS offers a Free Tier for many of its services. Launch a virtual machine for 750 hours per month during your first year on AWS for free. Store up to 5 GB on the object store for free during your first year on AWS. Use the NoSQL database to store up to 25 GB for free.
Go ahead and use the Free Tier to discover these services and more.
5. Choose a region
AWS operates data centers all over the world and groups them into regions. Before using an AWS service, you should think about selecting the best region for your use case. Things to consider when choosing a region:
- Availability of services: Are all the services you want to use available in the region?
- Latency: Which region is closest to your customers?
- Compliance: Are you allowed to store and process data in the jurisdiction of the region?
- Costs: What are the costs for running your workload in the region?
6. Enable CloudTrail
Use CloudTrail to track every call to the AWS API. Whenever you or one of your team members changes your cloud infrastructure (for example, adjusting your firewall configuration) a log event is stored. Doing so allows you to debug failures or investigate security incidences.
Enable CloudTrail now and you’ll have the option to go through the log files when needed later.
7. Learn about essential services
AWS offers more than 50 different services. Start your journey by learning about the most popular:
- Amazon Elastic Compute Cloud (EC2)
- Amazon Virtual Private Cloud (VPC)
- Amazon Simple Storage Service (S3)
- Amazon Relational Database Service (RDS)
- AWS Identity and Access Management (IAM)
8. Install and configure the AWS Command Line Interface (CLI)
The AWS Management Console allows you to manage AWS services by clicking through a web interface. The AWS Command Line Interface (CLI) allows you to access AWS services from your command line. This is a valuable alternative if you’re a command line ninja.
Get started by installing and configuring the CLI on your machine.
9. Aim for automation
One of the biggest advantages of using AWS is that the API allows you to automate every part of your cloud infrastructure; from launching and provisioning virtual machines to creating the whole networking infrastructure. My experience with it confirms that using automation increases the quality of your infrastructure and greatly reduces administration efforts. You should aim for automation to get the most out of AWS (try AWS CloudFormation).
10. Consult the Trusted Advisor
I strongly recommend hiring a consultant to review your AWS architecture and security regularly. Another option is to take advantage of the AWS Trusted Advisor; this is an automated specialist for your AWS account. You’ll find valuable advice to optimize your AWS account from the following categories within the AWS Trusted Advisor:
- Cost Optimization
- Fault Tolerance
Be sure to check out the findings of the Trusted Advisor regularly.
Want to learn more? My Pluralsight course will boost your start with Amazon’s cloud computing platform. This includes how to create and configure an AWS account, an overview of all AWS services, how to navigate the AWS Management Console and practical examples like launching a virtual machine.
Watch the course: Navigating the AWS Management Console