AWS Cross-Account Roles and Consolidated Billing
Amazon Web Service recently introduced support for cross-account ro
Getting started in AWS is easy. Anyone can do it! That said, when IT departments set up their own AWS cloud environments, they almost always miss something.
Getting started in AWS is easy. Anyone can do it! That said, when IT departments set up their own AWS cloud environments, they almost always miss something. Some of the things mean they have to spend more time maintaining things, while others can cause significant security or financial risks.
As an AWS consultancy with years of experience under our belts, we’ve seen it all. Here are the top 10 things that IT departments miss when setting up their cloud environments - and the steps to take in mitigating them:
The number one biggest mistake that IT departments make when setting up AWS environments is missing key security requirements. Chief among these is improper Security Group setup and leaving and IAM roles open. This is a big deal because it leaves your AWS environment vulnerable, and if you have sensitive information (PII, passwords, etc.) all of those things can be compromised. Paying too much is one thing, getting hacked is a whole other realm of pain.
If you are concerned you may have missed things here are a few recommendations:
Improper VPN design may sound like a minor issue, but the real danger here is putting databases or other ‘sensitive’ resources on public IP addresses. When first starting with AWS just getting resources talking to one another can be a real challenge and in the process of trial and error is very common for a Virtual Private Network (VPN) to end up configured without any sort of security, in the worst cases, sensitive databases can be on publicly available IP addresses.
If you are concerned that you might have made your database publicly available on AWS by mistake, here are some steps you can take to check:
By taking these steps, you can identify if your database is publicly available and take appropriate actions to secure it. If you find that your database is publicly accessible, you should immediately take steps to restrict access and secure it from unauthorized access. If you have to do this in your production environment, get help right away as that can help mitigate unplanned downtime.
Now that we’ve addressed the most important security concerns, let’s talk about financial risk. AWS likes to talk about practically limitless scalability, and that is very true. But remember this: with great scaling comes great responsibility paying the bill. If you are new to AWS and haven’t accidentally spent a thousand dollars you didn’t mean to, it’s likely only a matter of time.
Thankfully, AWS does have billing alerts built into their platform, you just need to know how to set them up. You can set up billing alerts on AWS by following these steps:
Once your billing alarm is set up, you will receive notifications when your AWS charges exceed the threshold you have set. You can also view your current billing status and history from the Billing and Cost Management dashboard. If you need help setting up your billing alerts, this is part of the Metal Toad 6-point AWS inspection.
Poor cost optimization is by far the most common issue with self-set up in AWS environments. If you are new to AWS, I can guarantee you are overpaying. If you are an AWS expert, I can guarantee you are still overpaying. Paying for a cost audit (part of the Metal Toad 6-point AWS inspection) almost all the time has a 100% or more return on investment.
If you’d like to troubleshoot costs yourself there are several indicators that can help you determine if your AWS environment is poorly optimized from a cost standpoint. Here are some common signs to look out for:
To optimize your AWS environment from a cost standpoint, you can perform a cost optimization analysis, implement cost management best practices, and use AWS cost management tools such as AWS Cost Explorer, AWS Trusted Advisor - or get professional help. By regularly monitoring your usage and costs and implementing best practices for cost management, you can ensure that your AWS environment is optimized for cost efficiency.
One of the drivers of overpaying is inefficient architecture, which can sometimes come from using the wrong AWS for the job you need done. An example of this is putting everything on EC2 (Compute) instead of using specific services like RDS (database). This will work, but you are going to pay a lot more AND you are going to miss really great functionality. In the case of using RDS for databases, with a few extra clicks not only can you see improved performance but you can also easily distribute your database across multiple geographies using RDS Multi AZ Deployments.
Choosing the right AWS services for your workloads is crucial for achieving optimal performance and cost-efficiency. Here are some indicators that can help you determine if you are using the right AWS services for your workloads:
By speaking with a professional and evaluating your AWS services based on the indicators above, you can ensure that you are using the right AWS services for your workloads.
That’s it for the top 5 things IT departments miss when setting up AWS themselves! I’ll be filling in the rest of the top 10 in a future blog post. Remember: you can always get help, and it may cost a lot less than you think.
Amazon Web Service recently introduced support for cross-account ro
Explore the different meanings of managed services in the context of AWS. From AWS Managed Services to consulting partners and product offerings,...
Be the first to know about new B2B SaaS Marketing insights to build or refine your marketing function with the tools and knowledge of today’s industry.