Are AWS customers configuring their resources to cover security, cost and availability?
When AWS made Trusted Advisor free for the month of March, CloudCheckr took the announcement as an opportunity to conduct an internal survey of their customers usage. CloudCheckr considered the news an implicit acknowledgement of what many have long known: AWS is extremely complex and it is challenging for users to provision and control their AWS infrastructure properly.
They compared the initial assessments of 400 of their users accounts against their 125+ best practice checks for proper configurations and policies. Their best practice checks span 3 key categories: Cost, Availability, and Security. The survey was limited to users with 10 or more running EC2 instances. In aggregate, the users were running more than 16,000 EC2 instances.
Nearly every customer (99%) experienced at least one serious exception. A primary conclusion was that controlling cost may grab the headlines, but users also need to button up a large number of availability and security issues.
When looking at cost exceptions, it was found that 96% of all users experienced at least 1 exception (with many experiencing multiple exceptions). This suggested that price optimization remains a large hurdle for AWS users who rely on native AWS tools. Users consistently fail to optimize purchasing and also fail to optimize utilization. These combined issues meant that the average customer pays nearly twice as much as necessary for resources to achieve proper performance for their technology.
Regarding the availability exceptions, CloudCheckr compared their users against their Availability best practices and found that nearly 98% suffered from at least 1 exception. Therefore, they concluded that this was due to the overall complexity of AWS.
When it comes to the security exceptions, the results showed that 44% of their users had at least one serious exception present during the initial scan. The most serious and common exceptions occurred within S3 usage and bucket permissioning.
If the findings of this survey sparks questions about how well your AWS account is configured, CloudCheckr offers a free account that you can set up in minutes. Simply enter read only credentials from your AWS account and CloudCheckr will assess your configurations and policies in just a few minutes: https://app.cloudcheckr.com/LogOn/Registration