7. Focusing on ...
- AWS Key Management
- AWS IAM Management
- AWS AMI Management
- AWS Security Groups
- Server Monitoring
- Alert Notification
- Art of Monitoring
11. AWS IAM
3rd Party Providers
- Make sure you don’t give full permission to execute unauthorized API Calls.
- Make sure to evaluate permission every quarter
- Use it dedicatedly
User
- Control resource access permission (ACL)
- Utilize ReadOnly/Full policy
- Don’t enable “password” (stick with access-key/secret-key)
12. AWS IAM
Group
- Group users properly
- Best practice is to group it via Department/Team
- Developer Support - QA Engineer
- Developer Release - Business Groups
- System Admin I - Project Managers
- System Admin II
Roles
- Utilize creating IAM Roles (enabling resource triggers from one or more
services). Better than getting passwords all over the place.
13. AWS AMI
- Evaluate preferred Distro
- Evaluate AMI format/type
- Evaluate AMI builds (components)
- Evaluate defaults (libraries to be added)
- Evaluate base softwares (pre-installed)
- Initiate a snapshot of the server
- Use the snapshot to spawn additional machines
14.
15. AWS Security Groups
Things to be aware:
- If instance is created via classic mode (default), once it’s fired up, there is no
way for you to add more security groups to it.
*BETTER UTILIZE VPC -- SEGREGATE THE NETWORK*
- Always create a “spare-tire” Security-Group. Remote IP Whitelisting