This post is going to be a “growing” post since best practices in general are things that evolve / grow as time goes by. Additionally, these best practices are in my experience, so it might differ from your version of a best practice.
That said, it is a post that I would regularly review and add as required. You could also add some comments as to what you deem best practice for yourself.
Note: This isn’t intended to replace AWS’s best practice guides, it it a practical version thereof that would make sense to me and maybe to you. This list will grow and get rather long, but it will well worth your time to read it.
So let’s get into it:
- Always enable MFA on the AWS root account, and ensure your password is strong. by strong I mean, 20+ characters with upper, lower case, special characters with numeric and alpha numerical characters.
- If possible subscribe to the basic support plan. It’s about $100 per month.
- If you are an enterprise, enable or investigate to enable Control Tower. This will create a good separation between technical and financial side of the AWS account structures.
- Set your default data centre as you can get lost as to where you are when navigating the tons of AWS services and then suddenly see you have no EC2 instance, just to discover, yes, you don’t have EC2 instance in the US data centre because they are all in your Asia data centre!
- Use your labels/tags for each service that you use and the description as well. This will hep better identifying it later.
- Only allow firewall ports to be open for the needed applications and make it also from a source to the destination. Don’t use a “ALL ALL” scenario where you open all ports from the internet to your AWS service or EC2 instance. Even when its your internal AWS networks, only allow specific ports.
- Do weekly audits of your AWS running services to ensure you don’t spend money unnecessarily. That test EC2 instance, needs to be deleted else you are going to a bill at the end of the month.
- With the above mentioned in mind, and if possible, use the “free” EC2 instances for testing purposes, unless your test instance needs more resources, but then be aware that you need to switch it off later.
- Always check the Cost Explorer and suggestion in reducing your monthly expenditure.
- Similarly, do the same in terms of security. Check the suggestions and apply them if it suites your environment.