Starting With AWS: What You Need to Know
The journey into the Cloud is a fun and exciting one. But without proper planning you may find yourself with chaotic infrastructure and escalating costs.
Let’s say your new startup is developing an application and you want to put it on the AWS Cloud. It’s as easy as simply hosting the application on a server and leaving it to do its thing, right?
Wrong. That’s a recipe for disaster.
I’ve been working with Amazon Web Services for several years and I’ve learned a lot of things that I wish I knew before I began. But in this post I’m going to share some of those top pieces of advice with you. Very soon you will get past the “host it on a server” mindset and build something great!
Design your system architecture
Take time to do this, and do it well. Ask from advice from other people, or consult a certified AWS Solutions Architect. Doing this part properly is the key to building a solid cloud-based application.
Think about what your application is going to do: get some paper or use a whiteboard and draw it out. Where is your front-end? What does it need to communicate with the back-end? What kind of database do you need to use? What language is your code going to be written in?
Sure, it’s possible to stick everything on a server and hope for the best. But what happens when that server crashes? AWS provide a huge — and ever-growing — number of services available to you. Spend some time to learn about these and what they can do.
A well-designed system will enhance your availability to customers and reduce the cost to your wallet.
For example, instead of running your code on an “always on” server, think about running it on-demand using Lambda instead:
- You only pay for the duration your code runs
- You don’t need to manage an underlying server
- Lambda has extremely high availability, meaning your application can handle vast amounts of traffic
Some popular services you should look at include: Lambda for on-demand computing, S3 for storage, API Gateway for easy API deployment, and RDS and DynamoDB for database solutions.
Do not skimp on security
Before you even write your first line of code, you must consider security.
Do not even think about embedding keys or credentials into your code.
Instead of using credentials to access different services in AWS, use IAM roles where you can. IAM roles allow you to write security policies where you can permit one specific resource to access another, and only do certain things. When you do this, you no longer have to worry about your keys being accidentally exposed and your application being compromised.
If you must use keys, make sure you use Key Management Service (KMS) to allow you to securely store your keys, and allow only authorized resources to access them. This also allows you to then easily rotate keys to maintain high levels of security.
Services such as Inspector, GuardDuty, and Macie allow you to scan your infrastructure for vulnerabilities and weaknesses. These are vital tools for security in the AWS Cloud and by automating the security work you can spend more time building your business.
Do you plan to use production and development versions of your application? Think about deploying them into two different accounts. That way, if one gets compromised, the other is still safe. You might even think about breaking off individual services of your application into their own accounts to reduce the blast radius of a security incident.
I cannot stress how important good security is. If you don’t do it well, you risk being hacked, confidential data being stolen, and your business going bankrupt. Check out another one of my other articles in The Startup to learn how you can improve security and respond to an incident.
Managing your costs
Believe it or not, AWS actually encourage you to spend less money with them. Providing a lower-cost cloud solution means a happier customer, and AWS heavily use a pay-per-use model, so there are usually no up-front costs for the main services.
Let’s say you use EC2 to run a server. You can run one on-demand for as long as you want. However, you can commit to paying for, say, one year, and get a big reduction on the cost of running that server. With Lambda, mentioned above, you pay only for the invocation of your code and for time it runs. With S3, an AWS storage service, you can choose to transition infrequently accessed objects to a different, and cheaper, class.
For many services, AWS provide a free tier so you can experiment without breaking the bank.
Two services — AWS Budgets and Cost Explorer — allow you to monitor, control, and forecast your expenditure. You can view breakdowns of where your money is going and you can set alarms to notify you if you are expected to exceed what you you budgeted.
Remember, a well-designed system will work out cheaper for your finances, but make sure you use these services in AWS to govern and audit your expenditure.
Build a cloud culture in your organisation
Last — but not least — is to build a good, healthy cloud culture. Encourage your team to read up on the latest cloud technologies, send them to the regular AWS Summits, and think about becoming certified.
When you grow your application, think about the Five Pillars of the AWS Well-Architected Framework:
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
Read about these on the AWS website and on their whitepapers and get a feel for how to design, build, and run a good cloud-based system.
Make sure you “kick the tyres” of any new development idea: get some people together over a pizza or coffee to talk about the idea and how the Five Pillars can work with it. Trust me, you will soon realize that nothing should be developed without doing this: the before and after of a new idea can be two different things, but the after will always be a much more refined, cost-effective, and secure solution.
So, with all that in mind, go back to your new product and think about it in a cloud-based mindset. Free yourself from the “host it on a server” way of thinking and you’ll soon find yourself being more creative and building better things.
