Laying out foundations

Laying foundations for your AWS journey is very crucial. If you are architecting your organization application framework on AWS, then just spinning up EC2 or RDS for moving your on-premise applications and databases are not enough. You should understand the frameworks and tools provided by AWS to lay the foundations. Overall there are four areas that you can focus on:

• Accounts: Some organizations might want to create a single AWS root account and host different types of environments in different VPCs or some might think that having different accounts for different environments is a right thing to do. You should think about the account structure that will make sense in your organization. Nothing wrong or right, but it would help you to segregate environments appropriately. Hence, understanding where development, testing, and production should be hosted would help you in the longer run.
• Billing: It may not be your core activity, but understanding how the billing structure is organized or required in your organization will help you to structure your practices. When organizations have multiple accounts on AWS, then consolidated billing will give a total cost picture.
• Access keys: It is very important to decide upon a key management strategy. You may not want to end up managing keys for each server that you will access. Some cloud module demands access key and secret access key, which is not considered to be best practice, but that is how it is designed by many vendors. In such cases, understand deeply how to integrate vendor applications/modules with your AWS account. Also secure the AWS root account access key and secret key.
• Groups and roles: Use IAM groups to manage console users and API access. If you want RDS, SNS, S3, and Glacier services to interact with your EC2 instance, then think about having a role created for EC2 and assign it to each EC2 instance at the launch stage itself.