Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevOops Stories in AWS (San Francisco, June 2024)

Anca Ghenade
June 25, 2024
Programming
0
37

DevOops Stories in AWS (San Francisco, June 2024)

Slides for the DevOops Meetup, San Francisco, June 22nd

Anca Ghenade

June 25, 2024
Tweet

More Decks by Anca Ghenade

See All by Anca Ghenade
Waldemar Hummer - LocalStack Snowflake Emulator Intro
ancaghenade
1
76
Seamless AWS Development and Testing Locally
ancaghenade
2
22
[Ignite] Taming and Testing Your Cloud Infrastructure Locally, with Confidence
ancaghenade
1
60
Cloud Integration Testing Made easy with LocalStack and Testcontainers (Ghent)
ancaghenade
1
49
Taming and Testing the Cloud Environment for your Java apps with LocalStack & Testcontainers (Java Vienna 2024)
ancaghenade
2
52
CNCF Linz meetup - Taming and Testing the Cloud Environment from localhost to CI
ancaghenade
1
69
DevFestVienna - Cloud Integration Testing Made easy with LocalStack and Testcontainers
ancaghenade
1
84
Linz-Cloud Integration Testing Made Easy with LocalStack and Testcontainers
ancaghenade
1
88
Lightning-fast feedback loops for developing and testing cloud apps
ancaghenade
0
62

Other Decks in Programming

See All in Programming
CSC509 Lecture 12
javiergs
PRO
0
160
WebフロントエンドにおけるGraphQL(あるいはバックエンドのAPI)との向き合い方 / #241106_plk_frontend
izumin5210
4
1.4k
Webの技術スタックで マルチプラットフォームアプリ開発を可能にするElixirDesktopの紹介
thehaigo
2
1k
subpath importsで始めるモック生活
10tera
0
300
Snowflake x dbtで作るセキュアでアジャイルなデータ基盤
tsoshiro
2
520
2024/11/8 関西Kaggler会 2024 #3 / Kaggle Kernel で Gemma 2 × vLLM を動かす。
kohecchi
5
920
シールドクラスをはじめよう / Getting Started with Sealed Classes
mackey0225
4
640
ActiveSupport::Notifications supporting instrumentation of Rails apps with OpenTelemetry
ymtdzzz
1
230
Jakarta EE meets AI
ivargrimstad
0
610
【Kaigi on Rails 2024】YOUTRUST スポンサーLT
krpk1900
1
330
Macとオーディオ再生 2024/11/02
yusukeito
0
370
エンジニアとして関わる要件と仕様(公開用)
murabayashi
0
290

Featured

See All Featured
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
GitHub's CSS Performance
jonrohan
1030
460k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Navigating Team Friction
lara
183
14k
Unsuck your backbone
ammeep
668
57k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.5k
Building Applications with DynamoDB
mza
90
6.1k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
The World Runs on Bad Software
bkeepers
PRO
65
11k
A better future with KSS
kneath
238
17k
Being A Developer After 40
akosma
86
590k

Transcript

  1. AWS DevOops stories and how to become more confident with

    the cloud - Anca Ghenade - [email protected] @tinyg210 localstack.cloud

  2. About a year ago I was new to AWS… localstack.cloud

  3. None
  4. None
  5. None
  6. None
  7. None
  8. None

  9. So I decided to ask the Internet what other Oops

    practices are out there…
  10. None

  11. • Setting up an AWS developer sandbox. https://www.keepsecure.ca/blog/no-san dbox-needed-cloud/ •

    You might only be granted access to certain services or have to share accounts. https://www.reddit.com/r/aws/comment s/1bz5ti6/aws_account_per_developer_ or_qa/ Special environments Will you get it right?

  12. Failure to Set Up Backups and Snapshots • Not regularly

    backing up critical data or creating snapshots of instances. • Data loss and inability to recover quickly from failures.

  13. https://www.bleepingcomputer.com/news/technology/amazon-aws-outage-shows-data-in-the-cloud-is-not-always-safe/

  14. Misconfigured S3 Bucket Permissions • Leaving S3 buckets public when

    they should be private. • Data breaches, unauthorized access, and potential compliance violations.

  15. https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1

  16. • https://aws.amazon.com/blogs/networking-and-content-delivery/amazon- s3-amazon-cloudfront-a-match-made-in-the-cloud/

  17. Committing your API key/credentials to a public repo • Potential

    data breaches, unauthorized usage, and even account takeover.

  18. • Use a pre-commit hook. • Use .gitignore files to

    exclude files containing sensitive information from being tracked by Git. • Use AWS Secrets Manager. • Use environment variables.

  19. Choosing the wrong resources • You need to combine: ◦

    business requirements ◦ budget ◦ maintainability • Learning curve and keeping up with updates. https://www.reddit.com/r/aws/comments/11bh5ml/ho w_to_decide_the_right_aws_service_and/ https://www.reddit.com/r/aws/comments/oe2don/a_st oryi_did_a_mistake_in_our_aws_account_that/ https://www.reddit.com/r/aws/comments/nlgvbz/some one_accidentally_provisioned_a_gigantic_ec2/ https://www.reddit.com/r/aws/comments/cifi2c/am_i_ using_aws_wrong_or_is_it_really/

  20. And a few more no-nos • Insufficient IAM Policy Restrictions

    - Using overly permissive IAM policies, such as using * for actions and resources. • Lack of Proper Security Group Configurations -Opening unnecessary ports. • Improper Configuration of Auto Scaling Groups - Incorrectly configuring scaling policies, resulting in over-provisioning or under-provisioning → Increased costs or degraded application performance.
  21. None

  22. Minor inconveniences…

  23. 5 mins later… More minor inconveniences…

  24. This one’s on you…

  25. What can you do • Follow the principle of least

    privilege. • Implement regular backup policies using AWS Backup or custom scripts. • Thoroughly test scaling policies. • Use https://github.com/rebuy-de/aws-nuke. • Use LocalStack - increased parity, test IaC, comprehensive service integration.
  26. None

  27. LocalStack Developer Hub

  28. “Your application won’t even know the difference”

  29. The true meaning of DEV - OPS is shifting. “You

    build it, you run it.”

  30. Thank You!