Slide 1

Slide 1 text

AWS DevOops stories and how to become more confident with the cloud - Anca Ghenade - [email protected] @tinyg210 localstack.cloud

Slide 2

Slide 2 text

About a year ago I was new to AWS… localstack.cloud

Slide 3

Slide 3 text

No content

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

So I decided to ask the Internet what other Oops practices are out there…

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

● Setting up an AWS developer sandbox. https://www.keepsecure.ca/blog/no-san dbox-needed-cloud/ ● You might only be granted access to certain services or have to share accounts. https://www.reddit.com/r/aws/comment s/1bz5ti6/aws_account_per_developer_ or_qa/ Special environments Will you get it right?

Slide 12

Slide 12 text

Failure to Set Up Backups and Snapshots ● Not regularly backing up critical data or creating snapshots of instances. ● Data loss and inability to recover quickly from failures.

Slide 13

Slide 13 text

https://www.bleepingcomputer.com/news/technology/amazon-aws-outage-shows-data-in-the-cloud-is-not-always-safe/

Slide 14

Slide 14 text

Misconfigured S3 Bucket Permissions ● Leaving S3 buckets public when they should be private. ● Data breaches, unauthorized access, and potential compliance violations.

Slide 15

Slide 15 text

https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1

Slide 16

Slide 16 text

● https://aws.amazon.com/blogs/networking-and-content-delivery/amazon- s3-amazon-cloudfront-a-match-made-in-the-cloud/

Slide 17

Slide 17 text

Committing your API key/credentials to a public repo ● Potential data breaches, unauthorized usage, and even account takeover.

Slide 18

Slide 18 text

● Use a pre-commit hook. ● Use .gitignore files to exclude files containing sensitive information from being tracked by Git. ● Use AWS Secrets Manager. ● Use environment variables.

Slide 19

Slide 19 text

Choosing the wrong resources ● You need to combine: ○ business requirements ○ budget ○ maintainability ● Learning curve and keeping up with updates. https://www.reddit.com/r/aws/comments/11bh5ml/ho w_to_decide_the_right_aws_service_and/ https://www.reddit.com/r/aws/comments/oe2don/a_st oryi_did_a_mistake_in_our_aws_account_that/ https://www.reddit.com/r/aws/comments/nlgvbz/some one_accidentally_provisioned_a_gigantic_ec2/ https://www.reddit.com/r/aws/comments/cifi2c/am_i_ using_aws_wrong_or_is_it_really/

Slide 20

Slide 20 text

And a few more no-nos ● Insufficient IAM Policy Restrictions - Using overly permissive IAM policies, such as using * for actions and resources. ● Lack of Proper Security Group Configurations -Opening unnecessary ports. ● Improper Configuration of Auto Scaling Groups - Incorrectly configuring scaling policies, resulting in over-provisioning or under-provisioning → Increased costs or degraded application performance.

Slide 21

Slide 21 text

No content

Slide 22

Slide 22 text

Minor inconveniences…

Slide 23

Slide 23 text

5 mins later… More minor inconveniences…

Slide 24

Slide 24 text

This one’s on you…

Slide 25

Slide 25 text

What can you do ● Follow the principle of least privilege. ● Implement regular backup policies using AWS Backup or custom scripts. ● Thoroughly test scaling policies. ● Use https://github.com/rebuy-de/aws-nuke. ● Use LocalStack - increased parity, test IaC, comprehensive service integration.

Slide 26

Slide 26 text

No content

Slide 27

Slide 27 text

LocalStack Developer Hub

Slide 28

Slide 28 text

“Your application won’t even know the difference”

Slide 29

Slide 29 text

The true meaning of DEV - OPS is shifting. “You build it, you run it.”

Slide 30

Slide 30 text

Thank You!