This document provides a set of guidelines for cloud environment usage. Aim of these guidelines is to ease the management and billing review of our internal cloud accounts.
Regardless of the cloud environment you are working on, we strongly suggest you to create resources using terragrunt/terraform.
We use Irland as default region. Of course, services that require specific region are exonerated.
We follow AWS guidelines for bucket naming convention, therefore buckets should be named with this pattern:
Each resource must include tags. Here the list that must be provided
scope: project-name alwaysOn: true|false (Only true or false are allowed. If false, an automated or manual process could stop it outside office hours) ownedBy: email@example.com createdBy: firstname.lastname@example.org
A service control policy is attached to aws account, allowing tags enforcement. So, if a tag is missing then a Not Authorized error occurs.
Using tags, resource and cost tracking is easier. For example, users can find their own tagged resources by "Resource Groups & Tag Editor" console or AWS CLI.
Whenever possible, use spot ec2.
All users are assigned the same role. This role allows the use of AWS without any particular restrictions. In this way, we try to make the use of AWS more effective by removing slowdowns due to the lack of adequate privileges. Each user is responsible for maintaining their own resources, removing or stopping them when they are no longer needed, paying attention to budget consumption.
Every user is provided console and programmatic access.