Skip to content

Latest commit

 

History

History
172 lines (140 loc) · 5.8 KB

README.md

File metadata and controls

172 lines (140 loc) · 5.8 KB
Raw

Detailed AWS Architecture Review Audit Checklist

1. Reliability

Design for Failure:

  • Auto Scaling: 
    aws autoscaling describe-auto-scaling-groups
aws autoscaling create-auto-scaling-group --auto-scaling-group-name my-asg --launch-configuration-name my-lc --min-size 1 --max-size 10 --desired-capacity 2 --vpc-zone-identifier subnet-12345678,subnet-87654321

Backup and Restore:

  • AWS Backup: 
    aws backup list-backup-plans
aws backup create-backup-plan --backup-plan '{"BackupPlanName": "MyBackupPlan","Rules": [{"RuleName": "DailyBackups","TargetBackupVaultName": "Default","ScheduleExpression": "cron(0 12 * * ? *)","StartWindowMinutes": 60,"CompletionWindowMinutes": 180,"Lifecycle": {"DeleteAfterDays": 30}}]}'

Monitoring:

  • CloudWatch Alarms: 
    aws cloudwatch describe-alarms
aws cloudwatch put-metric-alarm --alarm-name "HighCPUUsage" --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average --period 300 --threshold 80 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 2 --alarm-actions arn:aws:sns:us-east-1:123456789012:my-sns-topic

Disaster Recovery:

  • Route 53 Failover: 
    aws route53 list-health-checks
aws route53 create-health-check --caller-reference 2021-01-01T12:00:00Z --health-check-config '{"IPAddress":"192.0.2.44","Port":80,"Type":"HTTP","ResourcePath":"/","RequestInterval":30,"FailureThreshold":3}'

2. Security

Identity and Access Management:

  • IAM Policies: 
    aws iam list-policies
aws iam create-policy --policy-name MySecurityPolicy --policy-document file://policy.json

Data Encryption:

  • KMS Keys and S3 Bucket Encryption: 
    aws kms list-keys
aws kms create-key --description "My KMS key"
aws s3api put-bucket-encryption --bucket my-bucket --server-side-encryption-configuration '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "aws:kms"}}]}'

Network Security:

  • VPC Security Groups: 
    aws ec2 describe-security-groups
aws ec2 create-security-group --group-name my-sg --description "My security group"
aws ec2 authorize-security-group-ingress --group-name my-sg --protocol tcp --port 22 --cidr 0.0.0.0/0

Logging and Monitoring:

  • CloudTrail: 
    aws cloudtrail describe-trails
aws cloudtrail create-trail --name my-trail --s3-bucket-name my-bucket
aws cloudtrail start-logging --name my-trail

3. Cost Optimization

Resource Management:

  • AWS Cost Explorer: 
    aws ce get-cost-and-usage --time-period Start=2023-07-01,End=2023-07-31 --granularity MONTHLY --metrics "UnblendedCost" "UsageQuantity"

Reserved Instances:

  • Purchase Reserved Instances: 
    aws ec2 describe-reserved-instances
aws ec2 purchase-scheduled-instances --instance-count 1 --purchase-request '{"InstanceCount": 1, "PurchaseToken": "token"}'

Right-Sizing:

  • Modify Instance Types: 
    aws ec2 describe-instances
aws ec2 modify-instance-attribute --instance-id i-1234567890abcdef0 --instance-type t2.medium

Cost Allocation Tags:

  • Tagging Resources: 
    aws resourcegroupstaggingapi get-resources
aws ec2 create-tags --resources i-1234567890abcdef0 --tags Key=Environment,Value=Production

4. Operational Excellence

Infrastructure as Code:

  • AWS CloudFormation: 
    aws cloudformation describe-stacks
aws cloudformation create-stack --stack-name my-stack --template-body file://template.json

Automation:

  • AWS Systems Manager: 
    aws ssm list-commands
aws ssm send-command --document-name "AWS-RunShellScript" --targets '[{"Key":"instanceIds","Values":["i-1234567890abcdef0"]}]' --parameters '{"commands":["sudo yum update -y"]}'

Incident Response:

  • Config Rules: 
    aws configservice describe-config-rules
aws configservice put-config-rule --config-rule '{"ConfigRuleName": "s3-bucket-policy-check","Source": {"Owner": "AWS","SourceIdentifier": "S3_BUCKET_POLICY"}}'

Runbooks:

  • Automation Documents: 
    aws ssm list-documents --document-filter-list key=Owner,value=Self
aws ssm create-document --content file://my-automation-document.json --name MyAutomationDocument --document-type Automation

5. Performance Efficiency

Scalable Architectures:

  • Elastic Load Balancing: 
    aws elbv2 describe-load-balancers
aws elbv2 create-load-balancer --name my-load-balancer --subnets subnet-12345678 subnet-87654321 --security-groups sg-12345678

Caching:

  • Amazon ElastiCache: 
    aws elasticache describe-cache-clusters
aws elasticache create-cache-cluster --cache-cluster-id my-cluster --cache-node-type cache.m4.large --engine redis --num-cache-nodes 3

Performance Monitoring:

  • AWS X-Ray: 
    aws xray get-service-graph --start-time 1625097600 --end-time 1625184000
aws xray put-telemetry-records --telemetry-records file://records.json

Database Performance:

  • Amazon RDS: 
    aws rds describe-db-instances
aws rds create-db-instance --db-instance-identifier mydbinstance --db-instance-class db.m4.large --engine mysql --allocated-storage 20 --master-username masteruser --master-user-password masterpassword

Content Delivery:

  • Amazon CloudFront: 
    aws cloudfront list-distributions
aws cloudfront create-distribution --origin-domain-name mybucket.s3.amazonaws.com

This detailed checklist provides specific commands and configurations to ensure that your AWS environment maintains high standards of reliability, security, cost optimization, operational excellence, and performance efficiency. Regularly reviewing and updating your architecture with this checklist will help keep your AWS infrastructure robust and efficient.