AWS DevOops stories and how to become more confident with the cloud - Anca Ghenade - anca.ghenade@localstack.cloud @tinyg210 localstack.cloud

About a year ago I was new to AWS… localstack.cloud

No content

No content

No content

No content

No content

No content

So I decided to ask the Internet what other Oops practices are out there…

No content

● Setting up an AWS developer sandbox. https://www.keepsecure.ca/blog/no-san dbox-needed-cloud/ ● You might only be granted access to certain services or have to share accounts. https://www.reddit.com/r/aws/comment s/1bz5ti6/aws_account_per_developer_ or_qa/ Special environments Will you get it right?

Failure to Set Up Backups and Snapshots ● Not regularly backing up critical data or creating snapshots of instances. ● Data loss and inability to recover quickly from failures.

https://www.bleepingcomputer.com/news/technology/amazon-aws-outage-shows-data-in-the-cloud-is-not-always-safe/

Misconfigured S3 Bucket Permissions ● Leaving S3 buckets public when they should be private. ● Data breaches, unauthorized access, and potential compliance violations.

https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1

● https://aws.amazon.com/blogs/networking-and-content-delivery/amazon- s3-amazon-cloudfront-a-match-made-in-the-cloud/

Committing your API key/credentials to a public repo ● Potential data breaches, unauthorized usage, and even account takeover.

● Use a pre-commit hook. ● Use .gitignore files to exclude files containing sensitive information from being tracked by Git. ● Use AWS Secrets Manager. ● Use environment variables.

Choosing the wrong resources ● You need to combine: ○ business requirements ○ budget ○ maintainability ● Learning curve and keeping up with updates. https://www.reddit.com/r/aws/comments/11bh5ml/ho w_to_decide_the_right_aws_service_and/ https://www.reddit.com/r/aws/comments/oe2don/a_st oryi_did_a_mistake_in_our_aws_account_that/ https://www.reddit.com/r/aws/comments/nlgvbz/some one_accidentally_provisioned_a_gigantic_ec2/ https://www.reddit.com/r/aws/comments/cifi2c/am_i_ using_aws_wrong_or_is_it_really/

And a few more no-nos ● Insufficient IAM Policy Restrictions - Using overly permissive IAM policies, such as using * for actions and resources. ● Lack of Proper Security Group Configurations -Opening unnecessary ports. ● Improper Configuration of Auto Scaling Groups - Incorrectly configuring scaling policies, resulting in over-provisioning or under-provisioning → Increased costs or degraded application performance.

No content

Minor inconveniences…

5 mins later… More minor inconveniences…

This one’s on you…

What can you do ● Follow the principle of least privilege. ● Implement regular backup policies using AWS Backup or custom scripts. ● Thoroughly test scaling policies. ● Use https://github.com/rebuy-de/aws-nuke. ● Use LocalStack - increased parity, test IaC, comprehensive service integration.

No content

LocalStack Developer Hub

“Your application won’t even know the difference”

The true meaning of DEV - OPS is shifting. “You build it, you run it.”

Thank You!