Skip to main content

16 AWS Gotchas

16 AWS Gotchas

In January I launched the MVP for my own startup, Proximistyle, which helps you find what you’re looking for nearby. On advice from friends and industry contacts I chose AWS as my cloud provider. Having never had to set up my own cloud infrastructure before, the learning curve to get from no experience to a stable VPC system I was happy with was significantly steeper than expected, and had its fair share of surprises.

#1 Take advantage of the free resources offered

AWS offers a free tier for new accounts. If you have recently bought a domain and set up a company you qualify for the free tier for a year. Additionally, if you are a bootstrapped startup you can apply for the Startup Builders package and get $1000 in AWS credits.

After doing the above, you’re now ready to get started with setting up the AWS infrastructure for your startup.

#2 Set up billing budgets and alerting

The very first thing you should do after setting up billing, is enabling a budget and billing threshold notifications. This is incredibly useful in case you have happened to enable a service that is NOT covered by the free tier. It is always good practice to stay on top of your finances.

#3 Never use your billing user for development

Now that you have set up billing, create a new IAM admin user and set up two factor auth. Do all further work through this admin user. This separates your billing from your dev, and is an extremely important security consideration.

#4 Save time with wizards and automated workflows

If you are new to AWS I would recommend using one of the quick setup wizards to get started. I did not do this, and I wish I had. It is one of the first things you see when you log into your console as your new IAM user:

I did however use one of their wizards when setting up my VPC wit ha public+private subnet. It was easy to follow and is the VPC architecture solution recommended by Amazon.

There are however a few gotchas here:

#5 The NAT gateway is NOT covered by the free tier!

You need a NAT gateway if you want your private VPC components to talk to the internet. This is where the billing thresholds you just set up in #2 will come in handy. I discovered this after getting a billing alert email the morning after setting it up. As a rough estimate leaving your NAT gateway up will cost you around $30/month. This is because you get charged both for the uptime and for the data transfer. There were a lot of unhappy people on the internet complaining about it not being covered under the free tier when I googled that. My recommendation for keeping costs low here is to only create the NAT gateway when something in your private VPC needs access to the internet and immediately deleting it after.

#6 Unused Elastic IPs are charged by the hour

When you delete your NAT gateway, remember to also delete the elastic IP it used.

#7 The NAT gateway goes in the public subnet

When you create your NAT gateway, remember that it goes in the public and not the private subnet. This will save you some confusing debugging time.

#8 Lambdas go in the private subnet

Any lambdas talking to your private subnet also need to be in the private subnet. This means that you need to set up a NAT gateway with an elastic IP if you want your lambdas to talk to the internet.

#9 Configure your security groups so components can talk to each other

If your lambda wants to talk to your private subnet database, the database needs to allow the lamba’s security group access into its security group. This is a silent network error with dropped packages otherwise.

#10 Use API Gateway to call your lambdas

For security and convenience reasons you probably want to use API Gateway to communicate with your Lambdas from your S3 hosted website / mobile app.

#11 Timeouts do not propagate

API Gateway calls time out after 29 seconds, but the timeout for the lambda it calls is whatever is set in the lambda. This means that the API call can fail on timeout, but the lambda can still happily finish.

#12 You have to enable CORS headers if you call your API with JavaScript

If you are creating a website that uses javascript to call an API Gateway API, you have to ensure that you enable CORS headers. If you don’t, you get 403 errors because of cross-domain calling. If you are not using a proxy API, all you need to do is to enable CORS for your chosen API. If your API gateway is using proxy and calling a lambda function, the lambda function has to return CORS headers. You manually have to add this in the return method of your lambda function. This is because proxy API Gateway calls can’t transform the return to add a header.

#13 Serve your S3 bucket from CloudFront and SSL

Now that you’re all set up, you probably want to cache your S3 bucket website behind CloudFront and SSL. CloudFront caches your website in edge locations around the world. You should absolutely use SSL (https) for security! This is very easy to set up and there is extensive AWS documentation on it.

#14 When you move your DNS name servers to AWS, you also have to move your MX records

I bought my domain through Google domains and set up G-Suite emailing through that. When I moved my name servers to AWS the email stopped working. I could still send emails, I just couldn’t receive any. When I later looked on my Google domains page there was a clear warning saying why it no longer worked, but you had to go to the webpage to see this. Thankfully, moving your mail records (MX) to AWS takes all of 5 minutes, and then mail slowly starts ticking in again.

#15 Default CloudFront cache time is 24h.

This means that it might be 24h before updates with the same file name are propagated to edge locations! There are ways to work around this. You can either invalidate your cache, or better yet, use object name versioning.

#16 SSL and http links are not friends

If your website is served on SSL(https) from CloudFront, any http links for images will most likely not show up. I often have issues with having to refresh twice for any such images. Images on https links do not have this issue. On mobile they don’t load at all.

Hope you found these tips useful and that they saved you some time. Feel free to add your own gotchas as a reply below Comments.

Comments

Post a Comment

Thank You.

Popular Posts

How to recover data of your Android KeyStore?

These methods can save you by recovering Key Alias and Key Password and KeyStore Password. This dialog becomes trouble to you? You should always keep the keystore file safe as you will not be able to update your previously uploaded APKs on PlayStore. It always need same keystore file for every version releases. But it’s even worse when you have KeyStore file and you forget any credentials shown in above box. But Good thing is you can recover them with certain tricks [Yes, there are always ways]. So let’s get straight to those ways. 1. Check your log files → For  windows  users, Go to windows file explorer C://Users/your PC name/.AndroidStudio1.4 ( your android studio version )\system\log\idea.log.1 ( or any old log number ) Open your log file in Notepad++ or Any text editor, and search for: android.injected.signing and if you are lucky enough then you will start seeing these. Pandroid.injected.signing.store.file = This is  file path where t...
Post a Comment
Read more

React Native - Text Input

In this chapter, we will show you how to work with  TextInput  elements in React Native. The Home component will import and render inputs. App.js import React from 'react' ; import Inputs from './inputs.js' const App = () => { return ( < Inputs /> ) } export default App Inputs We will define the initial state. After defining the initial state, we will create the  handleEmail  and the  handlePassword  functions. These functions are used for updating state. The  login()  function will just alert the current value of the state. We will also add some other properties to text inputs to disable auto capitalisation, remove the bottom border on Android devices and set a placeholder. inputs.js import React , { Component } from 'react' import { View , Text , TouchableOpacity , TextInput , StyleSheet } from 'react-native' class Inputs extends Component { state = { ...
Post a Comment
Read more

How I Reduced the Size of My React Native App by 85%

How and Why You Should Do It I borrowed 25$ from my friend to start a Play Store Developer account to put up my first app. I had already created the app, created the assets and published it in the store. Nobody wants to download a todo list app that costs 25mb of bandwidth and another 25 MB of storage space. So today I am going to share with you how I reduced the size of Tet from 25 MB to around 3.5 MB. Size Matters Like any beginner, I wrote my app using Expo, the awesome React Native platform that makes creating native apps a breeze. There is no native setup, you write javascript and Expo builds the binaries for you. I love everything about Expo except the size of the binaries. Each binary weighs around 25 MB regardless of your app. So the first thing I did was to migrate my existing Expo app to React Native. Migrating to React Native react-native init  a new project with the same name Copy the  source  files over from Expo project Install all de...
Post a Comment
Read more