Cloud Guidelines

This document provides a set of guidelines for cloud environment usage. Aim of these guidelines is to ease the management and billing review of our internal cloud accounts.

Resource Creation

Regardless of the cloud environment you are working on, we strongly suggest you to create resources using terragrunt/terraform.

AWS

Region

We use Irland as default region. Of course, services that require specific region are exonerated.

S3

We follow AWS guidelines for bucket naming convention, therefore buckets should be named with this pattern: <prefix>-<region>-<accountId>

Tags

Each resource must include tags. Here the list that must be provided

scope: project-name
alwaysOn: true|false (Only true or false are allowed. If false, an automated or manual process could stop it outside office hours)
ownedBy: name.surname@agile.it
createdBy: name.surname@agilelab.it

A service control policy is attached to aws account, allowing tags enforcement. So, if a tag is missing then a Not Authorized error occurs.

Using tags, resource and cost tracking is easier. For example, users can find their own tagged resources by "Resource Groups & Tag Editor" console or AWS CLI.

EC2

Whenever possible, use spot ec2.

IAM Role

All users are assigned the same role. This role allows the use of AWS without any particular restrictions. In this way, we try to make the use of AWS more effective by removing slowdowns due to the lack of adequate privileges. Each user is responsible for maintaining their own resources, removing or stopping them when they are no longer needed, paying attention to budget consumption.

Users Access

Every user is provided console and programmatic access.

@AgileLab https://www.agilelab.it/

Found an error in the handbook? The source code can be found here. Please feel free to edit and contribute a merge request, powered by Gitbook
Modified at: 2021-10-12 16:34:31

results matching ""

    No results matching ""