Basic data classification should be in place. Organize and classify data in segments such as publicly available, available to certain members, etc.
You should implement a least privilege access system so people can only access what they need
You should encrypte everything wherever possible
Priviledge Management
Ensure only authorized and authenticated users can access your resources
Access Control Lists
Role Based Access Control
Password Management
Infrastructure Protection
How you protect your VPC from the world
Detective Controls
Use detective controls to identify security breach
CloudTrail, CloudWatch, S3, Glacier
Key Services
ELB, EBS, S3, RDS for data protection
IAM w/ MFA for priviledge management
VPC for infrastructure protection
CloudTrail, CloudWatch, Config for detective controls
Reliability
Covers the ability of the system to recover from either service or infrastructure outage, as well as dynamically scale
Design Principles
Test your recovery procedures (think Netflix Simian Army)
Automatically recover from failure. Automate a system for KPIs and track failures, then automate recovery
Scale horizontally to increase aggregate system availability
Stop guessing capacity
Definitions
Reliability in the cloud consists of the following:
Foundations - ensure your foundation are in place before you “lay the first brick”. Understand the pre-requisite infrastructure is in place before jumping into code!
AWS handles a lot of this for you, but they do setup service limits to stop customers from accidentally over-provisioning
Change Management - be aware how change effects a system. Use monitoring to detect changes and react.
Use CloudWatch to monitor and auto-scaling to react to those changes
Failure Management - you should always architect your system with the assumption that failure will occur
Key Services
IAM and VPC for foundations
CloudTrail for change management
CloudFormation for failure management
Performance Efficiency
Focuses on how to use compute resources efficiency to meet business needs, and how to change as demand evolves
Design Principals
Democratize advanced technologies, rather than having to learn how to manage advanced services use hosted services in the cloud
Go global in minutes
Use serverless architectures
Experiment more often
Definition
Compute
Choose the right kind of server
With AWS you can change the type of server with a click of the button almost, or go serverless with Lambda
Storage
Understand the access needs of your system before selecting a storage solution
Database
Understand how to select the proper type of database need based upon application access needs, consistency requirements, etc.
Space/Time Tradeoff
Add read replicas to RDS to reduce load on databases by creating multiple copies
Use Direct Connect to provide predictable latency between your on premis and AWS
Key Services
Compute: Autoscaling
Storage: EBS, S3, Glacier
Database: RDS, DynamoDB, Redshift
Space/Time: CloudFront, Elasticache, etc.
Cost Optimization
Reduce your costs to a minimum and use those savings for other parts of your business
Design Principals
Transparently attribute expenditure - identify ROI on investment and convert to incentives to save cost
Use managed services to reduce cost of ownership and maintenance
Trade capital expense for operating expense - instead of purchasing expensive equipment and data centers
Benefit from economies of scale
Stop spending money on data center operations
Definition
Matched supply and demand
Try to optimially align supply with demand
Don’t over-provision your resources, auto scale instead
Or use Lambda/Serverless
Cost effective resources
Using the correct instance type is key to cost savings
Understand that sometimes the cheapest instance type isn’t the right answer. A t2micro running for 10 hours to complete a task is more expensive than an xlarge instance which does it in minutes
Expenditure Awareness
You no longer have to get quotes on physical servers anymore
Use tags and the like to allow tracking to a business unit where costs are going, as well as billing alerts
Optimize over time
AWS moves incredibly fast. Hundreds of new services per year.