AWS Best Practices
"Migrating applications to AWS, even without significant changes (an approach known as “lift and shift”), provides organizations the benefits of a secured and cost-efficient infrastructure. However, to make the most of the elasticity and agility possible with cloud computing, engineers will have to evolve their architectures to take advantage of the AWS capabilities."
Global, Available, and Unlimited Capacity
Higher Level Managed Services
Security Built In
Disposable Resources Instead of Fixed Servers
Services, Not Servers
Removing Single Points of Failure
Optimize for Cost
UA AWS Sandbox
Welcome to the UA AWS Sandbox. This is a free service provided to you by OIT for learning and experimenting. Resources available are EC2 (Compute), S3 (Storage), RDS (Database), and VPC (Networking). As this project progresses and evolves, more services will be made available. Our goal is to make this a collaborative environment, where users are able to discuss and contribute to the current state of the sandbox in addition to providing a safe environment for our users to be innovative. A project website, currently under development expected to be published in the near future, will provide much more detail and roadmap information for UA AWS as a whole.
To begin using the UA AWS Sandbox, click the following URL: https://idp.alaska.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=urn%3Aamazon%3Awebservices
Enter your UA username and password. While all services will be presented to you in the Amazon Management Console, you will only be able to access the previously mentioned services. Again, this is just the initial rollout of the sandbox, and as the reaper script is expanded, more services will become available to use.
- Be courteous and respectful to peers in the sandbox
- Do not spin up excessive resources (example: 100 compute nodes)
- To keep cost low, the reaper service has been deployed to terminate/delete created objects every day at 4:00 am; therefore, please do not deploy services that require a persistent state, and assume zero data retention in the sandbox
- By default, resources are limited in quantity; use only what you need to allow as many users as possible the opportunity to explore AWS services
- Make a practice of terminating and deleting objects when no longer in use
- Logins are done through a federated authentication service; sessions are limited to 1 hour intervals regardless of activity
https://github.alaska.edu/OIT-CSS/aws-sandbox-cleanup This script is run as a lambda function to wipe all resources at 4am every day. To make services available in the sandbox, we need to be able to properly clean them up during the 4am cleanup window. We will be continuing to add support for all existing AWS services and new services as they come out. If there is a particular service that is important to you, feel free to submit a pull request adding support if you are able to get to it before we do.
API Key Provisioning for SAML Authentication
https://github.alaska.edu/OIT-CSS/aws-saml-api This script is used to generate API keys on your local workstation using SAML credentials. These API keys can be used to interface with AWS services via the AWS SDK, Terraform, or other automation tools. The credentials timeout after an hour, as they have the same expiration as the SAML web login. Again, feel free to raise any issues or submit pull requests if you have suggestions for this script.
Learning and Community Resources
AWS Webinar Series
Slack channel at UA for Amazon discussions
Getting Started with AWS
Getting Started with Amazon EC2 Linux Instances
Getting Started with Amazon EC2 Windows Instances
Best Practices for Amazon EC2
We here at OIT are excited about introducing this new service to UA and look forward to future innovations and collaboration. Feel free to send us feedback, or ask questions to make this service even better!