Expert AWS Cheat Sheet

The Expert’s AWS Cheat Sheet

Learn from the AWS Experts The way to AWS expertise is paved with details, and you’ll find the best of them right here! Follow just one of these cheats, and you'll save yourself time, money, and heartache. Work methodically, and your AWS application stack will be optimized to a whole new level. Any expert will tell you one of the most frustrating things about AWS is how easy it is to get away with ignoring the very tools Amazon gives you, along with expert advice accumulated over years of experience. So to make it just as easy to follow the way of the experts, here is our AWS cheat sheet based on years of experience developing and deploying AWS applications.

© CloudEndure 2014

2

Tip 1: Pick The Best EC2 Instance Based on 9 Parameters

Picking the best EC2 instance for your application stack is not always as easy as it might seem, especially when you consider not every instance is always available in different regions. AWS categorizes EC2 instances into six “families” – Micro, General Purpose, Compute Optimized, Memory Optimized, Storage Optimized, and GPU. While this categorization can be useful as a rule of thumb, every EC2 instance is defined by 9 parameters, the three most important being number of Virtual CPUs, ECU (Elastic Compute Units), and RAM. Reviewing the Periodic Table of the Elastic Compute Cloud, you can see every EC2 instance based on these defining parameters. As an example, r3.8xlarge and i2.8xlarge are categorized as memory vs. storage optimized “families” respectively by AWS, but they are virtually identical when looking at the three parameters (32 virtual processors, 104 elastic compute units, and 244 gigs of RAM). The only difference is in ephemeral SSD Storage (2X320 for r3.8xlarge and 8X800 for i2.8xlarge). While some applications might require significantly more SSD storage, most others probably do not. As expected, i2.8xlarge costs more than double the price of an r3.8xlarge. So by switching around just one instance type, you could potentially slash your EC2 bill in two!

© CloudEndure 2014

3

Tip 2: Manage AWS Application Cost at the Planning Stage As you make more extensive use of AWS, cost becomes increasingly important. Here are four considerations to help you plan and forecast your cost in advance: 1. On-demand vs. reserved - The cloud's promise is "pay-as-you-go", so naturally most opt for the ondemand pricing model. This is fine if you're just testing things out, but for long-term use, reserved pricing will help you save on your AWS bill significantly. If you're in this for the long haul, definitely go for reserved pricing once your cloud usage forms a predictable pattern. 2. Reserved instance marketplace – just in case you actually did over-commit, don't beat yourself up. The AWS Reserved Instance Marketplace lets you resell those reservations, or even buy reservations from other AWS users at reduced rates. 3. Spot instances – If you can store an application's state and results separately, spot instances are a great way to make use of excess EC2 capacity. So long as your bid price is higher than the current spot price, your application will keep running. If you don't bid high enough, you will run the risk of terminating your application without notice. 4. Cost Monitoring & Optimization – If you'd like to get serious about reducing cost in a complex environment, consider using a solution such as Amazon Trusted Advisor. You could also work with any number of 3rd party cost monitoring services - Cloudyn and Cloudability are both great alternatives.

© CloudEndure 2014

4

Tip 3: Develop Secure Applications, But not at the Expense of Automation Security in the public cloud is arguably the most significant challenge to mass enterprise adoption. Here are two security tips for AWS that are sure to put your CIO at ease:  Enable multi-factor authentication – An extra layer of authentication, this is simply a way to increase security by combining both a secret piece of information (e.g. a password), and a unique marker such as a hardware (or virtual) token. If either of these is comprised, the other acts as a double layer of security. Read more about Multi-Factor Authentication on AWS.  Consider disabling SSH – There has been quite a bit of controversy in the AWS community lately about using SSH when accessing a particular instance. While it's a good security practice, many on the ops side argue it can get in the way of automation.  Set up VPC peering connections – This will enable you to create separate environments so you can test automation tools without affecting applications running in production.

© CloudEndure 2014

5

Tip 4: Set up Granular Billing Alerts Getting your AWS bill shouldn't be a surprise. You can easily keep track of your AWS spend without having to wait 30 days by turning on Granular Billing Alerts. You can do this as often as you like, and then tweak your application if you see your usage go over budget. If you combine these alerts with CloudWatch, getting to the bottom of the cause for the spike in usage becomes straightforward.

© CloudEndure 2014

6

Tip 5: Develop Your Application in a VPC Environment, not EC2 Classic The AWS virtual private cloud (VPC) is simply the newer generation of compute instances. The VPC enables you to define your own logical network, which has a variety of benefits. Your AWS account may launch any instance as EC2classic or EC2-VPC. Depending on how long you've been using AWS, your settings could vary – new customers typically launch EC2-VPC instances by default.

© CloudEndure 2014

7

Tip 6: Get Some Sleep! Turn Alerts into Notifications with CloudWatch AWS CloudWatch enables you to monitor cloud resources and optimize them accordingly. It's also a great tool to help you get in the habit of automating your operations. As CloudWatch alerts form a pattern, you'll be able to tweak your application to the point where alerts simply become an organic part of the application (e.g. spawning new instances automatically to replace terminated ones).

© CloudEndure 2014

8

Tip 7: Become the AWS Security Chief Don't wait for the security officer to audit your application – anticipate security needs in advance and integrate them into your application:  Use EC2 Roles – rather than give each application its own AWS credential, assign a role to each EC2 instance. This way, applications don't wind up accessing data they shouldn't.  Define group permissions – this way individual users are less likely to access an application they shouldn't.  Automate your security auditing – Use security auditor role script, especially useful for intrusion detection and prevention.  Use CloudTrail – this will enable you to record AWS API calls complete with log files. Use it for security analysis, resource change tracking, and compliance auditing.

© CloudEndure 2014

9

Tip 8: Don't Stress Over a Single Instance Remember, AWS will consistently terminate instances. This is beyond your control. Designing your application to work in the AWS ecosystem is up to you. Assuming you've designed a stable application, one terminated instance shouldn't even show up on your radar. Upon termination, it's easy to spin up an identical (or near-identical) instance to take its place. Autoscaling is a great way to do this. Servers will always fail – how your application will react is up to you.

© CloudEndure 2014

10

Tip 9: Build Autoscale into Your AWS Application AWS Autoscaling was designed to enable you to scale up or down in the cloud. You can automate the process of spinning up and terminating instances. It's also an extremely useful tool to manage service availability. Whether an instance arbitrarily terminated, or a spike in traffic simply requires more capacity, auto scaling can keep your application running no matter how dire the circumstances.

© CloudEndure 2014

11

About CloudEndure Business as Usual. Always.

CloudEndure is responsible for making sure customers can always focus on their business, without worrying about downtime. With CloudEndure they can always count on continuous operations in the cloud, so that their business is up and running nonstop. Wherever they are, whatever happens, it’s always business as usual with CloudEndure. Overview

Established in 2012, CloudEndure is the brain-child of a team of successful serial entrepreneurs: Ofer Gadish, Ofir Ehrlich, Gil Shai, and Leonid Feinberg. This dynamic team combines proven technical and business skills accumulated over more than a decade at Israeli and international IT companies, including both startups and established corporations. Their combined experience in building solutions tailored to all types of customers enables the CloudEndure team to provide an enterprise-grade product that is suited to the needs of businesses of all sizes and varieties.

© CloudEndure 2014

12