AWS is the best cloud platform. But it is very essential to use AWS in a proper way to avoid high billing and better control
1. Create a billing alarm
AWS has pay-per-use pricing model for all of its services. For example, if you launch an EC2 instance, you have to pay for it per hour.
Unwanted costs may occur if you forget to terminate unused instances or delete data from S3 that you no longer needed.
To avoid an unexpected billing amount on your AWS monthly invoice you should create a billing alarm. A billing alert will send you a notification if the costs for the current month exceed your limit.
2. Enable CloudTrail to track every API call from AWS
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. This means you can use CloudTrail to track every call to the AWS API. Whenever you or one of your team members changes your cloud infrastructure a log event is stored.
You can use CloudTrail to detect unusual activity in your AWS accounts.
3. Enable MFA for root user and always use IAM user
Use of Multi Factor Authentication adds another security layer on your AWS account.
Since your root user has all the access to every part of your AWS account from launching virtual machines to deleting databases.
In other words, your root user is an easy target for all kinds of attack.
The very first thing you must do is enable MultiFactor-Authentication (MFA) for your root user. You can use a virtual device (like Google Authenticator App on your mobile) or a hardware token.
4. Always allow limited permissions to an IAM user
As you already know, the root user of AWS has all the access so it is recommended that you never use root user for any project.
Then you should create IAM user for performing any task on AWS account. But if you allow all the access to IAM user then it make no sense to create IAM user.
It is highly recommended that you give limited permission For example, if you wants a user to read files from your S3 bucket then only provide read only access Never give full S3 access to your IAM user You can later add any other permission as required
5. Always try to automate repetitive
One of the biggest advantages of using AWS is that the it's API allows you to automate almost every part of your AWS infrastructure
Automation not only just saves your time but also makes you more productive and stress-free.
You should aim for automation to get the most out of AWS (try AWS CloudFormation).
š Enjoyed this article? Reach out in the comments below or on Twitter to let me know what you think of it.