Eldon Stegall eldondevcg

Ideas on amazon best practices

All instances should have IAM roles
All non-ephemeral instances should have elastic IP addresses
- Ephemeral instances are instances in autoscaling groups and spot instances
All buckets should have bucket logging enabled.
All destinations for bucket logs should only store bucket logs.
All destinations for bucket logs should have bucket lifecycles enabled
Netflix ICE should be running.
All instances should be running in VPC.

~~Cloud watch should have alerts for the total number of instances running in an Autoscaling group~~ Available when you enable "group metrics"
You should be able to get an SNS alert when an ec2 instance is terminated, and the reason (price for spot requests, ASG, etc)
Spot instance requests have a frustrating filter interface. There isn't reasonable faceting like there is in the instances console.
It should be possible to edit launch configurations
It should be possible to view the per-hour price of an on-demand, reserved, or scheduled instance you launch in the reservation

This is a little tricky, because it requires several different moving parts, specifically,

the lambda task that you want to execute the copy must have IAM access to the bucket in the other account. This is not something that was obvious to me to begin with, although my use case was more complicated.
the bucket policy on the destination account must be set to permit your lambda function to write to that bucket. For my special use cases, I have to upload a new bucket policy daily to the receiving buckets. Alternatively, the destination accounts could probably give your a cross-account IAM role to upload the bucket policy yourself.
You will likely want to write your objects with the bucket-owner-full-control acl, http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html otherwise, the bucket owner may not be able to download them.

	Vagrant.configure(2) do \|config\|
	config.vm.box = "hashicorp/precise64"
	config.vm.provider "virtualbox" do \|v\|
	v.memory = 4096
	v.cpus = 2
	end
	config.vm.provision "shell", inline: <<-SHELL
	set -e
	sudo apt-get install -y dkms wget linux-headers-`uname -r`
	wget http://dlc-cdn.sun.com/virtualbox/4.3.28/VBoxGuestAdditions_4.3.28.iso

	# -- mode: ruby --
	# vi: set ft=ruby :
	Vagrant.configure(2) do \|config\|
	config.vm.box = "ubuntu/trusty64"
	config.vm.provider "virtualbox" do \|v\|
	v.memory = 4096
	v.cpus = 2
	end
	config.vm.provision "shell", privileged: false, inline: <<-SHELL
	sudo apt-get update

	# IF YOU INCUR HUGE COSTS WITH THIS OR IT BREAKS DON'T BLAME ME License

	# This is a throw-away script I wrote to pull the json events for all of the streams from a cloudwatch log
	# For some reason, the naive way to do vpc network logging does logging to different streams in a cloudwatch
	# log based on interface.
	# Great for diagnosing lots of things, and generating verbose logs, but for the broad-stroke analysis I was doing,
	# all I really wanted was the basic data. This would have been easier if I had logged to s3, but I did not see a
	# way to do that in 2 clicks.

	group_name = 'CHANGEME'

	CREATE EXTERNAL TABLE default.bucket_logs (
	`bucketowner` string,
	`bucket` string,
	`datetime` string,
	`sourceip` string,
	`requestor_id` string,
	`request_id` string,
	`operation` string,
	`key` string,
	`http_line` string,

	version: '2'

	services:
	db:
	image: mysql:5.7
	volumes:
	- db_data:/var/lib/mysql
	restart: always
	environment:
	MYSQL_ROOT_PASSWORD: somewordpress