Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

General

  • Where possible we recommend Cloud accounts be integrated with the central billing and management offered by the University.  Some benefits include integration with Active Directory for managing access, billing discounts, and improved visibility to our Office of Information Assurance (IT security).
  • Most Cloud services and resources can be accessed and managed programmatically.  As you gain proficiency consider how treating "architecture as code" could be beneficial.

Security

  • If you have access to the root user for your Cloud account you should not make it a regular practice to use it.  That account should be protected by a complex password and multi-factor authentication.
  • Use the principle of least privilege so that users can access only the resources they need.  Roles can be used to control which services users can access.

Cost Avoidance

  • Cloud costs are typically based on usage so shut down services when not in use and delete data that is no longer needed.
  • Unless there is an architectural reason to do otherwise, deploy services and resources to a single geographic region. It can be easy to forget where services have been spun up and get an unexpected bill.
  • Costs may vary depending on geographic region.  Consider a balance of cost and distance when selecting a geographic region to deploy resources.
  • Create budget alerts to notify you when expenses exceed projections.

References


  • use AD groups for provisioning access
  • build off of ITS Security recommendations?
  • Claire wants very basic topics
  • 4-5 sections, with 4-5 bullets per section
  • Rick suggests listing external references
    • SANS, CIS, ServerFault, etc
  • Have a section about how cloud is different from on-premise computing
  • Goal is 1 page
  • typical UCSD DNS tasks
  • No labels