Skip to content

Instantly share code, notes, and snippets.

@eldondevcg

eldondevcg/THOUGHTS.md

Last active January 24, 2017 18:01
Show Gist options
  • Save eldondevcg/4dac59654fdb3a624723cd7db04d944b to your computer and use it in GitHub Desktop.
Save eldondevcg/4dac59654fdb3a624723cd7db04d944b to your computer and use it in GitHub Desktop.
Download ZIP
Amazon Best Practices ideas
Raw
THOUGHTS.md

Ideas on amazon best practices

  • All instances should have IAM roles
  • All non-ephemeral instances should have elastic IP addresses
    • Ephemeral instances are instances in autoscaling groups and spot instances
  • All buckets should have bucket logging enabled.
  • All destinations for bucket logs should only store bucket logs.
  • All destinations for bucket logs should have bucket lifecycles enabled
  • Netflix ICE should be running.
  • All instances should be running in VPC.
  • All queues should have DLQ's. All DLQ's should have some sort of monitoring enabled which results in SNS alerts.
  • All security groups should have specifically provisioned egress rules.
  • All launchconfigs should have accessible amis. If an ami is taken private, that launch config must be updated
  • All lambda function logs should have alerts monitoring for timeout that deliver to sns topics
  • All CloudWatch logs should regularly be exported to s3. The cloudwatch interface falls over fast when searching a lot of streams.
  • All CloudWatch logs should have a limited lifetime. This should be longer than the frequency with which all logs are exported to s3 so that no logs are lost.

Extra Credit

  • All VPC should have vpc flow logs enabled
  • All VPC should have outbound security groups set up
  • Tag all on-demand, reserverd, and scheduled instances with an expected price per hour.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment