AWSARE.com
awsare checklist awsare checklist details
         ** Operations Checklist **
We use AWS Identity and Access Management (IAM) to provide user-specific, rather than shared credentials for making AWS infrastructure requests
We understand which of our instances is Amazon Elastic Block Store (Amazon EBS)backed versus instance store-backed, have intentionally chosen the most appropriate type of storage, and understand the implications to data persistence, backup and recovery
We understand AWS dynamic IP addressing and have ensured that our application will function when application components are restarted (e.g., using 3rd-party or Elastic Load Balancing, Amazon Virtual Private Cloud (Amazon VPC) static address assignments, elastic IP addresses, or dynamic DNS).
     
We use separate Amazon EBS volumes for the operating system and application/database data where appropriate.  
     
We regularly back up our Amazon Elastic Compute Cloud (Amazon EC2) instances using Amazon EBS snapshots or another 3rd-party backup tool.  
     
We regularly test our process of recovering our Amazon EC2 instances or Amazon EBS volumes when they fail, either through customized8 ”golden” Amazon Machine Images (AMIs), Amazon EBS snapshots, bootstrapping, or using our own backup and recovery tools.  
     
We have deployed critical components of our applications across multiple availability zones, are appropriately replicating data between zones, and have tested how failure within these components affects application availability.  
     
We understand how failover will occur across application components deployed in multiple availability zones and are using 3rd-party or Elastic Load Balancing and elastic IP addresses where appropriate.  
     
We regularly test our process for patching, updating, and securing our Amazon EC2 operating system, applications, and customized AMIs.  
     
We use appropriate operating system user account access credentials and are not sharing the AWS instance key pair private key with all systems administrators.  
     
We have implemented secure Security Group rules and nested Security Groups to create a hierarchical network topology where appropriate.  
     
We use “CNAME” records to map our DNS name to our Elastic Load Balancing or Amazon Simple Storage Service (Amazon S3) buckets and NOT “A” records.  
     
Before sharing our customized Amazon Machine Images with others, we removed all confidential or sensitive information including embedded public/private instance key pairs and reviewed all SSH authorized_keys files.  
     
We have fully tested our AWS-hosted application, including performance testing, prior to going live.  
     
We have signed our production AWS accounts up for business or enterprise support and have a plan for incorporating AWS Trusted Advisor reports into our ongoing operational reviews.  
     
  ** Enterprise Checklist  **                    go to checklist details
Has your organization developed an approach for billing and account management? Has your organization determined whether or not multiple accounts will be used and how billing will be handled?
Billing & Acct Governance
     
Has your organization developed a strategy for managing AWS API, console, operating system, network, and data access?
Security & Access Management
     
Doesyour organization have a strategy for identifying and tracking AWS provisioned resources?
Asset Management
     
Does the implemented AWS solution meet or exceed the application’s high availability and resilience requirements?
Application HA/Resilience
     
Does the implemented AWS solution meet or exceed the application’s disaster recovery (DR) and backup requirements?
Application DR/Backup
     
Has your organization instrumented appropriate monitoring tools and integrated your AWS resources into its incident management processes?
Monitoring & Incident Management
     
Does your organization have a configuration and change management strategy for its AWS resources?
Configuration & Change Management
     
Has your organization determined how it will integrate application releases and deployments with its configuration and change management strategy?
Release & Deployment Management
     

 

AWSARE