5 Crucial Tips for a Startup Cloud Infrastructure

5 Crucial Tips for a Startup Cloud Infrastructure

Working at a startup has been a whirlwind of learning. When you're the first creator and owner of a critical part of the infrastructure, there's a lot to pick up.

In my two years with a fast-paced startup's platform engineering team, I've created, deleted, divided, and then recreated many parts of our infrastructure.

Here are five key lessons I'll keep in mind if I ever have to build an infrastructure again. Some might seem obvious, while others might not.

I had to learn some the hard way—through recreating and migrating to fix issues.

  1. Keep RDS Instances Private: If your RDS is public, do a risk analysis immediately. AWS makes it tricky to change a public RDS to private. If it involves production workloads, good luck getting business team approval!
  2. Access Tokens: In the early stages, team members might use personal access tokens for speed. But as you grow, these become a security risk and are hard to replace without breaking things. Check what tokens your Jenkins, Argo, and bastions are using.
  3. Bastions: If you don't have a bastion host, set one up quickly. As your company grows, so should restrictions on accessing critical databases and servers. Without a bastion, your PEM files and database credentials might be everywhere, which is a security nightmare. Set up a bastion and manage access to it for better security.
  4. S3 Public Access: S3 is convenient for storage, and you might use a CDN to serve content from it. However, leaving public access to S3 unchecked is risky. Even with a CDN, public S3 buckets aren't safe. Whitelist your CDNs and restrict S3 bucket access to those whitelisted CDNs only.
  5. Default Security Groups: If you're using default VPC security groups anywhere, stop. Replace them with newly created groups with the same rules. Default security groups should be empty and unused since AWS adds them to any resource without a specified SG, quickly becoming a security risk. It's best to keep them empty.

By keeping these points in mind, you can avoid some of the challenges I've faced and build a more secure, efficient infrastructure from the start.

Checkout devopscopilot.in for more such content.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics