Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevOops Stories in AWS (San Francisco, June 2024)

Anca Ghenade
June 25, 2024
Programming
0
8

DevOops Stories in AWS (San Francisco, June 2024)

Slides for the DevOops Meetup, San Francisco, June 22nd

Anca Ghenade

June 25, 2024
Tweet

More Decks by Anca Ghenade

See All by Anca Ghenade
Waldemar Hummer - LocalStack Snowflake Emulator Intro
ancaghenade
1
22
Seamless AWS Development and Testing Locally
ancaghenade
2
14
[Ignite] Taming and Testing Your Cloud Infrastructure Locally, with Confidence
ancaghenade
1
35
Cloud Integration Testing Made easy with LocalStack and Testcontainers (Ghent)
ancaghenade
1
30
Taming and Testing the Cloud Environment for your Java apps with LocalStack & Testcontainers (Java Vienna 2024)
ancaghenade
1
28
CNCF Linz meetup - Taming and Testing the Cloud Environment from localhost to CI
ancaghenade
1
40
DevFestVienna - Cloud Integration Testing Made easy with LocalStack and Testcontainers
ancaghenade
1
62
Linz-Cloud Integration Testing Made Easy with LocalStack and Testcontainers
ancaghenade
1
61
Lightning-fast feedback loops for developing and testing cloud apps
ancaghenade
0
41

Other Decks in Programming

See All in Programming
エンジニアが開発生産性を上げるためにやる最初の一歩
ktchiroyah
0
130
奥が深いメールのシステム / The depth of Email system
linyows
3
160
Enhancing Ansible Development with SOLID Principles
kksat
0
130
SPLから始める「データ構造」入門
o0h
PRO
6
780
Kotlin Collection関数をマスター
masayukisuda
0
2.7k
良いテストコードのために悪いテストコードを理解する - 不安定なテスト編: iOSアプリ開発ユニットテストの場合
yimajo
19
4.3k
2024年版 Kotlin サーバーサイドプログラミング実践開発
n_takehata
3
930
チームの成長を促すためのスプリントレトロスペクティブの活用法 / How to use sprint retrospectives to promote team growth
mackey0225
4
550
あらゆるアプリをCompose Multiplatformで書きたい! -ネイティブアプリの「あの機能」を私たちはどう作るか-
subroh0508
1
820
iOS 開発で便利なツールたち
mitsuharu
0
140
技術カンファレンスをより楽しむためにやるべき N 個のこと / N Things You Should Do to Enjoy Tech Conferences More
mackey0225
3
270
ゼロから始める型安全なGraphQL開発
shachi_daikon55
0
150

Featured

See All Featured
Side Projects
sachag
451
41k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
23
1.5k
For a Future-Friendly Web
brad_frost
173
9.1k
The Invisible Side of Design
smashingmag
294
50k
Building a Scalable Design System with Sketch
lauravandoore
457
32k
How GitHub (no longer) Works
holman
305
140k
A Philosophy of Restraint
colly
198
16k
The Cost Of JavaScript in 2023
addyosmani
25
4.1k
Into the Great Unknown - MozCon
thekraken
16
1.2k
Facilitating Awesome Meetings
lara
44
5.7k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
247
20k
Documentation Writing (for coders)
carmenintech
61
4.1k

Transcript

  1. AWS DevOops stories and how to become more confident with

    the cloud - Anca Ghenade - [email protected] @tinyg210 localstack.cloud

  2. About a year ago I was new to AWS… localstack.cloud

  3. None
  4. None
  5. None
  6. None
  7. None
  8. None

  9. So I decided to ask the Internet what other Oops

    practices are out there…
  10. None

  11. • Setting up an AWS developer sandbox. https://www.keepsecure.ca/blog/no-san dbox-needed-cloud/ •

    You might only be granted access to certain services or have to share accounts. https://www.reddit.com/r/aws/comment s/1bz5ti6/aws_account_per_developer_ or_qa/ Special environments Will you get it right?

  12. Failure to Set Up Backups and Snapshots • Not regularly

    backing up critical data or creating snapshots of instances. • Data loss and inability to recover quickly from failures.

  13. https://www.bleepingcomputer.com/news/technology/amazon-aws-outage-shows-data-in-the-cloud-is-not-always-safe/

  14. Misconfigured S3 Bucket Permissions • Leaving S3 buckets public when

    they should be private. • Data breaches, unauthorized access, and potential compliance violations.

  15. https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1

  16. • https://aws.amazon.com/blogs/networking-and-content-delivery/amazon- s3-amazon-cloudfront-a-match-made-in-the-cloud/

  17. Committing your API key/credentials to a public repo • Potential

    data breaches, unauthorized usage, and even account takeover.

  18. • Use a pre-commit hook. • Use .gitignore files to

    exclude files containing sensitive information from being tracked by Git. • Use AWS Secrets Manager. • Use environment variables.

  19. Choosing the wrong resources • You need to combine: ◦

    business requirements ◦ budget ◦ maintainability • Learning curve and keeping up with updates. https://www.reddit.com/r/aws/comments/11bh5ml/ho w_to_decide_the_right_aws_service_and/ https://www.reddit.com/r/aws/comments/oe2don/a_st oryi_did_a_mistake_in_our_aws_account_that/ https://www.reddit.com/r/aws/comments/nlgvbz/some one_accidentally_provisioned_a_gigantic_ec2/ https://www.reddit.com/r/aws/comments/cifi2c/am_i_ using_aws_wrong_or_is_it_really/

  20. And a few more no-nos • Insufficient IAM Policy Restrictions

    - Using overly permissive IAM policies, such as using * for actions and resources. • Lack of Proper Security Group Configurations -Opening unnecessary ports. • Improper Configuration of Auto Scaling Groups - Incorrectly configuring scaling policies, resulting in over-provisioning or under-provisioning → Increased costs or degraded application performance.
  21. None

  22. Minor inconveniences…

  23. 5 mins later… More minor inconveniences…

  24. This one’s on you…

  25. What can you do • Follow the principle of least

    privilege. • Implement regular backup policies using AWS Backup or custom scripts. • Thoroughly test scaling policies. • Use https://github.com/rebuy-de/aws-nuke. • Use LocalStack - increased parity, test IaC, comprehensive service integration.
  26. None

  27. LocalStack Developer Hub

  28. “Your application won’t even know the difference”

  29. The true meaning of DEV - OPS is shifting. “You

    build it, you run it.”

  30. Thank You!