AWS Best Practices: Five Key Approaches to Get You Started

There’s a whole mountain of official documentation on AWS best practices.

Most new users will probably have a great deal of trouble working through all that material (not that you shouldn’t try). So I’m going to try to provide you with a bit of a short cut and present what I think are the top five AWS Best Practices you absolutely must know right now.

1. AWS Best Practices: protect your AWS credentials

Your AWS account represents a business relationship between you and AWS. Since you use your root AWS account to manage your AWS resources and services, it will need full access, which requires root permissions. But with great power comes great risk.

Do not use root account credentials for day-to-day interactions with AWS!

One of the very best of AWS best practices is to avoid creating an access key for your root account. Unless, for some strange reason, you absolutely must have a root access key, it is best not to generate one. Instead, create one or more AWS Identity and Access Management (IAM) users, give them the necessary permissions and use those users for everyday interaction with AWS.

2. AWS Best Practices: secure your Applications

Sometimes it is better to explain a concept with a picture or diagram rather than with words.

The diagram below could be a small scale deployment on AWS. You have a Web Server, an App Server, and a DB server. You should allow access from the outside world only where necessary. So a security group should be created for the web server that only allows traffic through ports 80 (HTTP) and 443 (HTTPS). Another security group could restrict traffic into the App Server to port 22 (SSH), and even then only to sessions originating from a defined range of IP addresses. All other Internet traffic should be denied.

Further security configuration could control access between the servers themselves.
Amazon EC2 Security Group Firewall

3. AWS Best Practices: backup a lot and test your recovery resources before you need them

With all your AWS credentials protected and your applications secured you should be sleeping better at night. Now it’s time to start thinking about a backup and recovery plan. Here are some things that should be part of any robust backup plan.

  • Regularly back up your instance using Amazon EBS snapshots or a backup tool.
  • Deploy critical components of your application across multiple Availability Zones, and replicate your data appropriately.
  • Design your applications to handle dynamic IP addressing when your instance restarts.
  • Monitor and respond to events.
  • Ensure that you are prepared to handle failover. For a basic solution, you can manually attach a network interface or Elastic IP address to a replacement instance.
  • Regularly test the process of recovering your instances and Amazon EBS volumes if they fail.

4. AWS Best Practices: use the Trusted Advisor

I’ve written about Trusted Advisor before.  As it turns out, so has the Amazon documentation team. They characterized their Trusted Advisor as

…Your customized cloud expert! It helps you to observe best practices for the use of AWS by inspecting your AWS environment with an eye toward saving money, improving system performance and reliability, and closing security gaps.

The good news is that there are four Trusted Advisor services available at no charge:

  • Service Limits Check
  • Security Groups – Specific Ports Unrestricted Check
  • IAM Use Check
  • MFA on Root Account Check

This is a must-use tool. All you need to do is click on the Trusted Advisor icon in your AWS console under Administration & Security and the screen will appear and give you an instantaneous snapshot of the current status of the four items listed above. This is the easiest of all the AWS Best Practices listed here, so there is really no excuse for not using it. To dive into the AWS Trusted Advisor service and how you can use it to benefit your AWS account, take a look at Cloud Academy’s Overview of AWS Trusted Advisor course.

5. AWS Best Practices: understand the AWS Shared Responsibility Model

You must know what you are responsible for and what lies under Amazon Web Services’ control. Once again rather than bore you with a long explanation, when a diagram will be more effective, see if this doesn’t make things clear.
AWS Shared Responsibility Model

Conclusion

AWS Best Practices exist because they work best. And their significance increases exponentially as the size of your deployment grows. However, figuring out what to focus on can be very confusing at first. Hopefully, this article will give you some idea of where you should begin.

Here’s a list of just some of the best practice documents currently available if you wish to continue reading on AWS best practices:

Avatar

Written by

Michael Sheehy

I have been UNIX/Linux System Administrator for the past 15 years and am slowly moving those skills into the AWS Cloud arena. I am passionate about AWS and Cloud Technologies and the exciting future that it promises to bring.


Related Posts

Vijayakumar Athithan
Vijayakumar Athithan
— March 27, 2020

What is Cognito in AWS?

Web applications usually allow a valid username and password combination for successful sign in to the application. Modern authentication flows incorporate more approaches to ensure user authentication. When using AWS, this is no exception, thanks to the abilities and features offered b...

Read more
  • AWS
  • AWS Cognito
  • Solutions Architect
Connie Benton
Connie Benton
— March 25, 2020

How To Build a Career with AWS Certifications

From Iaas and PaaS solutions to digital marketing, cloud computing reshapes the world of technology. As the influence of this technology grows, so does investment. Tens of billions of dollars are being spent on cloud computing-related services each year. This influx is continuing to inc...

Read more
  • AWS
  • Certifications
Avatar
Andrew Larkin
— March 20, 2020

The 12 AWS Certifications: Which is Right for You and Your Team?

As companies increasingly shift workloads to the public cloud, cloud computing has moved from a nice-to-have to a core competency in the enterprise. This shift requires a new set of skills to design, deploy, and manage applications in cloud computing. As the market leader and most ma...

Read more
  • AWS
  • AWS Certifications
Alisha Reyes
Alisha Reyes
— March 17, 2020

Cloud Academy’s Blog Digest: How Do AWS Certifications Increase Your Employability, How to Become a Microsoft Certified Azure Data Engineer, and more

With everything going on right now, it's likely that the only thing you've been reading lately is related to the coronavirus pandemic. It's important to stay informed during these times, but it's also good to jump into something that can take your mind off of the current situation for j...

Read more
  • AWS
  • Azure
  • blog digest
  • Certifications
  • Cloud Academy
  • programming
  • Security
Avatar
Cloud Academy Team
— March 13, 2020

Which Certifications Should I Get?

As we mentioned in an earlier post, the old AWS slogan, “Cloud is the new normal” is indeed a reality today. Really, cloud has been the new normal for a while now and getting credentials has become an increasingly effective way to quickly showcase your abilities to recruiters and compan...

Read more
  • AWS
  • Azure
  • Certifications
  • Cloud Computing
  • Google Cloud Platform
Alisha Reyes
Alisha Reyes
— March 7, 2020

New on Cloud Academy: Intro to GitOps; AWS Courses; Java, Python, Amazon Linux 2, Ubuntu, & Docker Playgrounds; and much more

New Lab Playgrounds This month, our Content Team released six new "playground labs." Our playground labs provide a safe and secure sandbox environment for you to explore your own ideas, follow along with Cloud Academy courses, or answer your own questions — all without having to instal...

Read more
  • AWS
  • Azure
  • gitops
  • Google Cloud Platform
  • lab playground
  • programming
Alisha Reyes
Alisha Reyes
— March 6, 2020

New on Cloud Academy: Intro to GitOps; AWS Courses; Java, Python, Amazon Linux 2, Ubuntu, & Docker Playgrounds; and much more

New Lab Playgrounds This month, our Content Team released six new "playground labs." Our playground labs provide a safe and secure sandbox environment for you to explore your own ideas, follow along with Cloud Academy courses, or answer your own questions — all without having to instal...

Read more
  • AWS
  • Azure
  • gitops
  • Google Cloud Platform
  • lab playground
  • programming
Patrick Navarro
Patrick Navarro
— March 4, 2020

AWS Certifications: How Do They Increase Your Employability and Progress Your Career?

AWS certifications are no walk in the park. They’re designed to validate in-depth, specialist knowledge and comprehensive experience, often requiring months of dedicated studying to earn even for those already working with the cloud platform. But the rewards that AWS professionals ca...

Read more
  • AWS
  • AWS certification
  • certification
Avatar
Chandan Patra
— February 21, 2020

Elasticsearch vs. CloudSearch: AWS Cloud Search Choices

Elasticsearch vs. CloudSearch: What's the main difference? Let's compare AWS-based cloud tools: Elasticsearch vs. CloudSearch. While both services use proven technologies, Elasticsearch is more popular, open source, and has a flexible API to use for customization; in comparison, CloudS...

Read more
  • AWS
  • Azure
  • cloudsearch
  • elasticsearch
Avatar
Andrew Larkin
— February 13, 2020

Cloud Academy Content Roadmap Updates

Welcome to our Q1 2020 roadmap. This is the content we plan to build over the next three months, between February 1 - and April 30, 2020. Let's look at some of our roadmap highlights. Atlassian Bamboo for CI/CD We had a lot of requests for practical guides on how to apply DevOps tool...

Read more
  • Artificial Intelligence
  • AWS
  • Azure
  • Docker
  • Google Cloud Platform
  • Kubernetes
  • Machine Learning
Alisha Reyes
Alisha Reyes
— February 7, 2020

New on Cloud Academy: Git Labs, CKA and CKAD Lab Challenges, AWS and Azure Learning Paths, AGILE, and Much More

We just kicked off our first Free Weekend of 2020. This means we've unlocked our Training Library for just 72 hours. Until Sunday at 11:59 pm (PST), you can get unlimited access to our industry-leading learning paths, courses, certification prep exams, and our most popular hands-on labs...

Read more
  • agile
  • AWS
  • Azure
  • Google Cloud Platform
  • Linux
  • OWASP
  • programming
  • red hat
  • scrum
Avatar
Stuart Scott
— February 6, 2020

How to Encrypt an EBS Volume

Keeping data and applications safe in the cloud is one of the most visible challenges facing cloud teams in 2020. Cloud storage services where data resides are frequently a target for hackers, not because the services are inherently weak but because they are often improperly configured....

Read more
  • AWS
  • EBS
  • Encryption