Cost Optimization --------- 1) Shutdown or Delete the unused EC2 instance. 2) Downgrade the EC2 & RDS instance if it is cpu, memory and disk is not being fully utilized. 3) Release the unsed Elastic IP. 4) If possible shutdown the Instance during the non-business hours. 5) EC2 EBS & RDS, Keep only 30-40 % free space (Monitoring required). 6) Cleanup of unnecessary data of EC2 EBS, RDS, S3 and Glacier. 7) S3 - Segrigate the frequent and non frequent data. 8) Glacier - Move the archival data into Glacier. 9) Using of RI (Reserve) EC2 & RDS Instances. 10) Use the spot instance market 11) Snapshots, AMI and Backup Retention. 12) Need to cut down the Data Transfer Costs. 13) Configure Cost allocation tags so that we can segregate the monthly utilization based on Department/Business division. 14) Setup Life cycle on Versioned items on S3 as versioning is prerequisites for replicated buckets. 15) Automation to cut down AWS resource cost, like monitoring, start/stop script etc. 16) Logging of each AWS incident and service request to track down the history and documentation. 17) CAB Approval before proceeding any changes in AWS Infra which involved cost. Security ----------- 1) Secure AWS network rules onto Subnet Level (VPC Level). 2) Secure AWS instance rules onto security group level (EC2 level). 3) Do not un-ncecessarly allocate EIP/Public IP to the EC2 instance. 4) Keep only the public facing ec2 instance in Public Subnet rest to be in the Private Subnet 5) Keep the highly sensitive business data into the Encyrpted EBS volumes and RDS. 6) Provide required AWS resource access only to the users through IAM and Use resource based IAM policy using tags to allocate access to specific environment. 7) Use AWS config Rules for alerting on any no compliant instance i.e. untagged, Instance size change, World open ports in SG. 8) Define Read only, Read-Write access onto the AWS resource for IAM user as per requirments. 9) Password Policy and Rotate AWS Access/Secrete keys. 10) MFA enabled for all AWS users. 11) Immediately remove the EX Employee AWS Access. 12) Logging of each AWS incident and service request to track down the history and documentation. 13) enable cloud trail logs and also do the periodic auditing. 14) CAB Approval before proceeding any changes in AWS Infra which involved security. 15) Close watch onto SSL expire/renewal of ELB (Elastic Load Balancing) or CloudFront (CDN) 16) Refine your S3 bucket policy, Use roles for EC2 instances.
