Best Practices

Route 53 Best Practices

Use very short TTLs on SOA records (E.g. 60 seconds or less) Delegate Zones to every organization or use dedicated zones per organization (e.g. cloudposse.com, cloudposse.net, cloudposse.org) Use ALIAS records to map zone apex record to ELBs

Secrets Management Best Practices

Security by Design Never Share Secrets Between Stages Rotate Secrets Frequently Automate Key Rotation Audit Trails Encrypted at Rest TLS Everywhere MFA Everywhere Password-based security is not sufficient. Too many passwords have been compromised over the years and aggregated as part of massive rainbow tables which make password cracking much more effective. Othertimes, users simply share passwords with eachother and forget to change them. The best wat to mitigate the usefulness of a credential (e.

Terraform Best Practices

Use Git Workflow Infrastructure as Code Infrastructure as Code is essential for managing change control and as a system of record for disaster recovery. Configuration is a form of Intellectual Property. Without the code, you don’t own the IP. Feature Branches Recommend using a consistent naming convention for branch names by all developers. Using a convention will help developers to navigate branches. Pull Requests Pull Requests should express ## what changed and ## why it changed (e.