Top 10 AWS Mistakes

Common Mistakes Made By AWS Customers 
A Cloud Guru has a great resource that helps you understand mistakes that you might be making in AWS. We’ll provide an outline of it, but read more about the Top 10 Mistakes Companies Make Managing AWS Resources here.

  1. Too Many Powerful Users
  2. Not Prioritizing Training and Certification
  3. Running Anything as Root
  4. Not Using AWS CloudTrail
  5. Leaving Connections Wide Open
  6. Not Taking Advantage of CloudWatch Alarms
  7. Overestimating AWS Responsibility and Support
  8. Not Using Auto Scaling
  9. Ignoring Trusted Advisor 
  10. Not Using Spot Instances

Are you making these mistakes? Let’s create a strategy to start fixing them today! 

Transcription
Recently, I saw a post from A Cloud Guru. They are a well-known training organization that helps people prepare for AWS certifications, among lots of other things, and this post was about the top ten mistakes AWS users make in managing their environment. Number one was too many users with permissions they don’t need. This is a perennial issue whenever we create a new user and give them access that really isn’t justified or necessary. We open ourselves up to security events that aren’t necessary if we just limited the permission to begin with. Number two was not prioritizing training. So many of our clients have implemented new cloud infrastructure and they’ve taken on new capabilities, but they haven’t invested the time and resources into preparing their staff for understanding how to use all these new capabilities. Training is certainly very important. Running anything as “root” – you should never use the “root” account except in emergency break glass situations. Not using AWS CloudTrail was number four. Leaving connections wide open was number five. We find this a lot. There will be security groups set up where access is allowed from 0.0.0.0 and anyone can get access to this service across this port from anywhere in the world, rather than thinking about how to restrict that traffic to people that should be whitelisted to have access. Not taking advantage of CloudWatch alarms; this is always a very difficult thing to set up. You have to think through what types of alarms you want to get, the reason behind that, and configure your system accordingly. So it takes a lot of time and effort, but it’s definitely a mistake when we don’t take the time to set up those CloudWatch alarms. Overestimating AWS responsibility and support. This is a typical response that we get from a lot of clients. We ask about different security capabilities and configurations and the response that we get is, “Oh, AWS handles that.” When the answer is, if you look at the Shared Responsibility Model and the configuration standards that they publish, it is not their responsibility. It’s yours. Taking responsibility of that and understanding who is responsible is very important. Not using Auto Scaling was on their list, ignoring Trusted Advisor, and not using Spot Instances (which is a cost containment method to use there). A great list from A Cloud Guru and I would ask you to think about this list and ask yourself, “Are we doing any of these top mistakes that they’ve identified?” We’d love to answer any questions that you may have about any of these on the list. Contact us here at KirkpatrickPrice today. 

Related Videos