This post highlights tips to help startups make use of AWS as they grow. These are things that startups should do from day 1 that will eliminate some early hiccups.
From the get go, it’s highly recommended that you have separate AWS account’s for your Development and Production environments. This significantly reduces blast radius when something goes wrong and at the same time enhances your security. This way only those who absolutely need access to the production infrastructure have the credentials. Meanwhile, all other developers can run tests using the development account without accidentally deleting an important AMI, changing a security group, or taking down a set of core servers.
Ensure that both environments are setup in exactly the same way making sure that the infrastructure deployed on AWS is identical. Everything from VPCs, security groups, network ACLs should be the same. This will allow your development workflow to be almost identical. The easiest way to achieve this is to deploy your infrastructure as code (IaC) using tools like Terraform or AWS CloudFormation.
MFA, IAM Access controls and permissions
A lot of startups don’t treat security as a priority and end up paying for it later as they scale and grow. Create a set of IAM groups that restrict access and assign permissions to users. Business users who need access to AWS should be provided with read-only access and no user should be allowed to login with the root keys. Update the default password policy that comes standard on AWS and ensure that all IAM users have MFA (Multi-factor Authentication) enabled and configured.
Databases - RDS
When deploying a database for your application on AWS, ensure your database is multi-AZ, has automated backups and DB snapshots enabled. It’s also good practice to save a copy of your database to S3 nightly. It’s also important that only the application has write access to the database, this ensures that no human user can drop or overwrite tables.
Images - EC2
Don’t rely on golden images (AMI). These get stale quickly and have an adverse effect on the development of your application if they don’t for example have the required dependencies.
There’re a few ways to solve this problem;
- Use configuration management tools (CMT) to automate server configuration making the OS always up to date.
- Integrate the creation of AMIs into your delivery pipeline and deploy your application using rolling updates.
We hope you found our tips helpful!
If you need help with architecture, deploying and managing your website, web application, SaaS application etc on AWS at your company, feel free to reach out to us at OSO DevOps.
At OSO DevOps, our experts can maintain your DevOps platform and be responsible for day-to-day operational issues, allowing you to develop and ship your product without the need for internal DevOps hires.