The Experts AWS Cheat Sheet

Learn from the AWS Experts

The way to AWS expertise is paved with details, and youll find the best of them right here! Follow just one of these
cheats, and you'll save yourself time, money, and heartache. Work methodically, and your AWS application stack will
be optimized to a whole new level. Any expert will tell you one of the most frustrating things about AWS is how easy
it is to get away with ignoring the very tools Amazon gives you, along with expert advice accumulated over years of
experience. So to make it just as easy to follow the way of the experts, here is our AWS cheat sheet based on years of
experience developing and deploying AWS applications.

CloudEndure 2014

Tip 1: Pick The Best EC2 Instance Based on 9 Parameters

Picking the best EC2 instance for your application stack is not always as easy as it might seem, especially when you
consider not every instance is always available in different regions. AWS categorizes EC2 instances into six
families Micro, General Purpose, Compute Optimized, Memory Optimized, Storage Optimized, and GPU. While
this categorization can be useful as a rule of thumb, every EC2 instance is defined by 9 parameters, the three most
important being number of Virtual CPUs, ECU (Elastic Compute Units), and RAM. Reviewing the Periodic Table of
the Elastic Compute Cloud, you can see every EC2 instance based on these defining parameters.
As an example, r3.8xlarge and i2.8xlarge are categorized as memory vs. storage optimized families respectively
by AWS, but they are virtually identical when looking at the three parameters (32 virtual processors, 104 elastic
compute units, and 244 gigs of RAM). The only difference is in ephemeral SSD Storage (2X320 for r3.8xlarge and
8X800 for i2.8xlarge). While some applications might require significantly more SSD storage, most others probably
do not. As expected, i2.8xlarge costs more than double the price of an r3.8xlarge. So by switching around just one
instance type, you could potentially slash your EC2 bill in two!

CloudEndure 2014

Tip 2: Manage AWS Application Cost at the Planning Stage

As you make more extensive use of AWS, cost becomes increasingly important. Here are four considerations to
help you plan and forecast your cost in advance:
1. On-demand vs. reserved - The cloud's promise is "pay-as-you-go", so naturally most opt for the ondemand pricing model. This is fine if you're just testing things out, but for long-term use, reserved
pricing will help you save on your AWS bill significantly. If you're in this for the long haul, definitely go
for reserved pricing once your cloud usage forms a predictable pattern.
2. Reserved instance marketplace just in case you actually did over-commit, don't beat yourself up.
The AWS Reserved Instance Marketplace lets you resell those reservations, or even buy reservations
from other AWS users at reduced rates.
3. Spot instances If you can store an application's state and results separately, spot instances are a
great way to make use of excess EC2 capacity. So long as your bid price is higher than the current spot
price, your application will keep running. If you don't bid high enough, you will run the risk of
terminating your application without notice.
4. Cost Monitoring & Optimization If you'd like to get serious about reducing cost in a complex
environment, consider using a solution such as Amazon Trusted Advisor. You could also work with any
number of 3rd party cost monitoring services - Cloudyn and Cloudability are both great alternatives.

CloudEndure 2014

Tip 3: Develop Secure Applications, But not at the Expense of Automation

Security in the public cloud is arguably the most significant challenge to mass enterprise adoption. Here are two
security tips for AWS that are sure to put your CIO at ease:
Enable multi-factor authentication An extra layer of authentication, this is simply a way to increase
security by combining both a secret piece of information (e.g. a password), and a unique marker such as
a hardware (or virtual) token. If either of these is comprised, the other acts as a double layer of security.
Read more about Multi-Factor Authentication on AWS.
Consider disabling SSH There has been quite a bit of controversy in the AWS community lately about
using SSH when accessing a particular instance. While it's a good security practice, many on the ops side
argue it can get in the way of automation.
Set up VPC peering connections This will enable you to create separate environments so you can test
automation tools without affecting applications running in production.

CloudEndure 2014

Tip 4: Set up Granular Billing Alerts

Getting your AWS bill shouldn't be a surprise. You can easily keep track of your AWS spend without having to wait
30 days by turning on Granular Billing Alerts. You can do this as often as you like, and then tweak your application if
you see your usage go over budget. If you combine these alerts with CloudWatch, getting to the bottom of the cause
for the spike in usage becomes straightforward.

CloudEndure 2014

Tip 5: Develop Your Application in a VPC Environment, not EC2 Classic

The AWS virtual private cloud (VPC) is simply the newer generation of compute instances. The VPC enables you to
define your own logical network, which has a variety of benefits. Your AWS account may launch any instance as EC2classic or EC2-VPC. Depending on how long you've been using AWS, your settings could vary new customers
typically launch EC2-VPC instances by default.

CloudEndure 2014

Tip 6: Get Some Sleep! Turn Alerts into Notifications with CloudWatch
AWS CloudWatch enables you to monitor cloud resources and optimize them accordingly. It's also a great tool to
help you get in the habit of automating your operations. As CloudWatch alerts form a pattern, you'll be able to tweak
your application to the point where alerts simply become an organic part of the application (e.g. spawning new
instances automatically to replace terminated ones).

CloudEndure 2014

Tip 7: Become the AWS Security Chief

Don't wait for the security officer to audit your application anticipate security needs in advance and integrate them
into your application:
Use EC2 Roles rather than give each application its own AWS credential, assign a role to each EC2
instance. This way, applications don't wind up accessing data they shouldn't.
Define group permissions this way individual users are less likely to access an application they
shouldn't.
Automate your security auditing Use security auditor role script, especially useful for intrusion
detection and prevention.
Use CloudTrail this will enable you to record AWS API calls complete with log files. Use it for security
analysis, resource change tracking, and compliance auditing.

CloudEndure 2014

Tip 8: Don't Stress Over a Single Instance

Remember, AWS will consistently terminate instances. This is beyond your control. Designing your application to
work in the AWS ecosystem is up to you. Assuming you've designed a stable application, one terminated instance
shouldn't even show up on your radar. Upon termination, it's easy to spin up an identical (or near-identical) instance
to take its place. Autoscaling is a great way to do this. Servers will always fail how your application will react is up
to you.

CloudEndure 2014

10

Tip 9: Build Autoscale into Your AWS Application

AWS Autoscaling was designed to enable you to scale up or down in the cloud. You can automate the process of
spinning up and terminating instances. It's also an extremely useful tool to manage service availability. Whether an
instance arbitrarily terminated, or a spike in traffic simply requires more capacity, auto scaling can keep your
application running no matter how dire the circumstances.

CloudEndure 2014

11

About CloudEndure
Business as Usual. Always.

CloudEndure is responsible for making sure customers can always focus

on their business, without worrying about downtime.
With CloudEndure they can always count on continuous operations in the
cloud, so that their business is up and running nonstop. Wherever they
are, whatever happens, its always business as usual with CloudEndure.
Overview

Established in 2012, CloudEndure is the brain-child of a team of

successful serial entrepreneurs: Ofer Gadish, Ofir Ehrlich, Gil Shai, and
Leonid Feinberg. This dynamic team combines proven technical and
business skills accumulated over more than a decade at Israeli and
international IT companies, including both startups and established
corporations. Their combined experience in building solutions tailored to
all types of customers enables the CloudEndure team to provide an
enterprise-grade product that is suited to the needs of businesses of all
sizes and varieties.

CloudEndure 2014

12