Information security is crucial in the business world. Companies choose various approaches to address tasks related to the storage and processing of confidential data. One of them is ISO 27001.
ISO 27001 is an international standard that defines requirements for the creation, implementation, improvement, and maintenance of an Information Security Management System (ISMS).
[lwptoc]
Recently, we successfully prepared our client for ISO 27001 certification. Based on a recent case, we want to share with you the procedure.
This standard establishes frameworks and principles for safeguarding confidential information within an organization, covering various aspects such as
financial data
intellectual property
personal employee data
and other information about third parties.
Over an extended period globally, efforts have been made to create uniform rules for protecting personal data, leading to the adoption of the General Data Protection Regulation (GDPR). All companies processing data of individuals from the European Union must comply with this regulation. While the document exists, there is no certificate confirming adherence to these standards. This is where ISO 27001 comes to the rescue, as its standards partially align with the requirements of GDPR, and compliance can be validated with a certificate.
ISO 27001 for Businesses
The certification of ISO 27001 is becoming increasingly relevant not only for large organizations but also for small and medium-sized companies in the context of technological advancement.
Every modern enterprise, to some extent, has tools for managing information security risks. In simpler terms, every company takes measures to secure its informational assets and restrict access to its systems. The Information Security Management System (ISMS) aligns all components of the organization's information security system to ensure that all system policies, procedures, and strategies work as a cohesive unit.
It's important to note that certificates do not provide an absolute guarantee of security but rather confirm adherence to specific criteria set by the accrediting body. For instance, the presence of an ISO/IEC 27001 certificate does not ensure 100% data security; it simply attests that the company meets certain information security standards.
Need assistance on your ISO 27001 journey? Reach out to Gart for personalized support and ensure your company's information security is top-notch.
Why is standardization important for business? Advantages of ISO 27001 Certification
ISO 27001 certification is a powerful tool for building and maintaining trust in the client-supplier relationship. The competitive advantage gained through ISO 27001 extends beyond marketing, influencing real success and the resilience of the business.
Obtaining the certificate comes with numerous benefits. Firstly, it confirms that the company takes information security seriously, a crucial factor for clients and partners. The certificate enhances trust and demonstrates adherence to established standards.
Cost Savings
It sounds incredible, but the certification process can actually lead to substantial cost savings for the company in the future. When ISO 27001 certification is conducted properly, it results in long-term economic benefits. For instance, Gart's strategic approach streamlines processes, allowing teams to focus on higher-level tasks, ultimately reducing costs associated with compliance audits.
A clear understanding of risks enables cost optimization and the formulation of effective security policies.
Increased Sales
ISO 27001 certification is a significant marketing asset. Clients are drawn to the commitments a business makes by obtaining the certificate. The enhanced reputation attracts new clients and partners, fostering business growth.
Reputation Protection
Certification elevates the level of company security, introducing improved policies and technologies. A modern security system helps avoid the detrimental impact of malicious actors on your business. ISO 27001 certification allows you to demonstrate a commitment to information security, ensuring data confidentiality and integrity. It also contributes to attracting clients and serves as a competitive advantage for your business. Regular audits help identify risks and respond to changes in the environment.
How to Prepare Your Company for ISO 27001 Certification?
Achieving ISO 27001 certification is a complex task that requires thorough preparation and involves various types of work. This process demands the involvement of a significant number of employees and entails lengthy and costly preparations.
Therefore, at the initial stage, it is crucial to develop a detailed action plan outlining specific tasks, who will be working on them, when they will be accomplished, and how the project will be executed.
Appoint a dedicated team responsible for the certification process, including representatives from different departments. Conduct training for staff on information security and the implementation of an Information Security Management System (ISMS).
Start by understanding the ISO 27001 standard and its requirements. It is essential to carefully study the ISO 27001 standard, which consists of two parts:
The main part, which contains the core content of the standard.
Appendix A, which includes a list of 114 potential control measures.
Ready to elevate your information security standards? Gart is here to guide you through ISO 27001 certification. Let's strengthen your defense against cyber threats together.
Approximate ISO 27001 Preparation Plan
Analysis
Assess the current state of your Information Security Management System (ISMS). Identify gaps between existing practices and ISO 27001 requirements. Also, crucially, determine which part of your organization falls under the scope of ISO 27001.
Documentation
Develop and document policies, processes, and procedures aligned with ISO 27001. Create a Statement of Applicability (SoA) defining the scope of your ISMS.
Risk Assessment
Conduct a thorough risk analysis to identify potential security threats. Develop a risk treatment plan to manage and mitigate the identified risks.
Implementation
Ensure employee training and awareness regarding their roles in preserving information security.
Internal Audit
Conduct an internal audit to assess the effectiveness of implemented measures. Identify areas for improvement and corrective actions. At this stage, you may consider engaging external consultants with the necessary expertise, and companies like Gart offer professional services for ISO 27001 certification preparation.
It's also important to note that ISO 27001 is related to several other standards, such as ISO 22301, ISO 31000, and ISO 27003.
External Audit
Demonstrate compliance with ISO 27001 standards. Select an auditor or certification body to conduct the final audit and issue a certificate if your company meets the requirements. After successfully completing the external audit, obtain the ISO 27001 certificate.
What is the cost of obtaining an ISO 27001 certificate?
The cost of obtaining an ISO 27001 certificate can vary significantly and depends on various factors, including the size of the company, the complexity of its information systems, the industry, geographical location, and other considerations. Typically, it's a bespoke matter that is discussed with the agency or organization overseeing the certification process. Even with an approximate cost estimate, it's advisable to include a contingency reserve in the budget.
ISO 27001 vs. SOC 2 table
AspectISO 27001SOC 2ScopeInformation security management system (ISMS)Controls relevant to security, availability, processing integrity, confidentiality, and privacy of information stored in the cloudFocusComprehensive security frameworkSpecific emphasis on cloud securityRequirementsBroad range covering risk assessment, policies, procedures, and continual improvementFocus areas include security, availability, processing integrity, confidentiality, and privacyApplicabilityApplicable to all types of organizationsEspecially relevant for service organizations hosting data in the cloudCertificationISO 27001 certificationSOC 2 complianceBenefitsDemonstrates commitment to information security and data protectionProvides assurance to clients and stakeholders regarding security controls in placeMarket RecognitionGlobally recognized standardIncreasingly recognized and sought after, particularly in tech and service sectorsCustomizabilityHighly customizable to fit organizational needsAllows flexibility in selecting applicable trust services criteriaContinuous ImprovementRequires continual assessment and improvementEncourages ongoing monitoring and refinement of controlsRegulatory ComplianceHelps organizations comply with various regulationsCan assist in meeting regulatory requirements, especially in data privacy and security standards
Conclusion
ISO 27001 certification is not just a compliance requirement; it is a journey towards excellence in the realm of information security. Preparing for ISO 27001 certification is a task that demands dedication, collaboration, and systematic efforts from the entire company.
Ready to embark on your ISO 27001 journey? Contact Gart for expert guidance and let's achieve information security excellence together.
In this article, I want to delve into the role of DevOps in the Software Development Life Cycle (SDLC) and explore how DevOps practices contribute to the creation of higher-quality products faster and even more cost-effectively.
[lwptoc]
So, at which stage of the product lifecycle do you need DevOps? Let's try to unravel this.
Where DevOps Fits in the Product Journey?
It's remarkable how DevOps expertise is essential both in the initial stages of product creation and during its scaling, as well as for process optimization or modernization.
Project Kickoff
Introduce DevOps from the very beginning to establish an efficient workflow. At this stage, DevOps helps foster collaboration between development and operations, promoting team cohesion and rapid product development.
Scaling
DevOps acts as a key element for successful project scaling, ensuring efficiency and reliability amid growing demands and workloads. It provides automated infrastructure management processes, allowing for resource efficiency as the workload increases. Continuous Integration (CI) and Continuous Deployment (CD) enable swift implementation of changes to the product.
This becomes particularly crucial when expanding a project, requiring rapid infrastructure scaling and ensuring high availability.
System Transformation
DevOps facilitates the modernization and optimization of existing systems, contributing to the transformation of legacy systems. At this stage, it supports the adoption of new practices and technologies to simplify system management and support.
DevOps in the World of SDLC
Attempting to map DevOps onto the phases of SDLC might look something like this:
Planning: Collaborative planning and requirement gathering.
Coding: Development of code with a focus on collaboration.
Building: Automated compilation and build processes.
Testing: Continuous testing practices for early bug detection.
Deployment: Automated deployment for rapid and reliable releases.
Monitoring: Continuous monitoring of application and infrastructure performance.
How do DevOps practices help create better products?
Product Quality
DevOps ensures product quality through the use of Continuous Integration/Continuous Deployment (CI/CD) pipelines and automated testing. CI/CD automates the processes of code integration and its secure deployment into production environments.
Impact: Swift detection and correction of errors, ensuring continuous improvement and delivery of the software product.
Automated testing allows the execution of tests automatically, ensuring stability and reliability of the software code.
Impact: Ensuring high product quality, rapid detection and resolution of defects, and overall improvement of software reliability.
DevOps employs these practices to create efficient, fast, and reliable development processes, promoting high product quality and user satisfaction.
💡Our projects:
▪ CI/CD Pipelines and Infrastructure for E-Health Platform
▪ AWS Cost Optimization and CI/CD Automation for Entertainment Software Platform
▪ Building a Robust CI/CD Pipeline for Cybersecurity Company
Change Agility
DevOps ensures flexibility through Infrastructure as Code (IaC) and automated rollback mechanisms.
IaC involves managing and deploying infrastructure using code.
Impact: Ensuring speed and consistency in deployment, simplifying changes, and working with infrastructure.
Utilizing automated tools for rolling back changes in case of incorrect deployment or issues.
Impact: Reducing the risk and time of system recovery in case of adverse consequences, ensuring environment stability.
💡Our projects:
▪ Infrastructure as Code Implementation for a Seamless Web App Development Lifecycle
▪ A DevOps Overhaul with Infrastructure as Code for a LATAM FinTech Powerhouse
▪ AWS Migration, Infrastructure Localization, and Cloud Excellence for a Global Sportsbook Platform
Smooth Product Launch
DevOps enables the gradual introduction of new features, reducing risks, and ensuring system stability. This is made possible through 'Blue-Green Deployments' and 'Canary Releases.'
Blue-Green Deployments: Systems alternate between two separate environments - the 'blue' (active) and 'green' (new).
Impact: Ensuring system continuity, the ability to roll back to the previous version in case of issues.
Canary Releases: Gradual deployment of a new version to a limited subset of users or servers to validate its functionality.
Impact: Risk minimization, rapid issue detection, phased deployment to reduce the impact on users.
💡Our projects:
▪ DevOps for Fashion Circularity Web App
▪ Implementation of Nomad Cluster for Massively Parallel Computing
Budget Control
Implementing the following DevOps practices ensures effective resource and budget management, leading to optimal cost utilization and high product quality.
Automation
Utilizing automated processes for quick and efficient resource utilization.
Impact: Reducing manual operations, saving time and money, and avoiding errors.
Resource Optimization
Continuous monitoring and optimization of resource utilization, considering project needs.
Impact: Ensuring efficient resource utilization, achieving maximum productivity with minimal costs.
Effective Infrastructure Management
Strategic management to ensure high productivity and project compliance.
Impact: Improving infrastructure stability and reliability, as well as precise project-specific planning.
💡Our projects:
▪ Optimizing Costs and Operations for Cloud-Based SaaS E-Commerce Platform
▪ Azure Cost Optimization for a Software Development Company
Stable Product
DevOps helps anticipate and address potential issues, ensuring automated responses to changes in workload. Product stability is maintained through monitoring and alerts for proactive issue resolution and automated scaling based on demand.
Monitoring and Alerts
Continuous monitoring of system parameters and automatic alerts upon detecting anomalies or issues.
Impact: Ensuring a proactive response to problems before they impact performance and swift issue resolution.
Automated Scaling (On-Demand)
Automatic adjustment of resource volumes based on workload or demand.
Impact: Ensuring optimal resource efficiency, maximizing productivity, and cost savings.
💡Our projects:
▪ Cloud-Agnostic Kubernetes Solution with Advanced Monitoring Capabilities
▪ Telecom SaaS: Monitoring-Driven GCP Optimization and Infrastructure Modernization
▪ Sustainable Threads, Sustainable Code: Gart's Monitoring-Enabled DevOps Excellence
I hope I've managed to convince you that DevOps is a journey worth taking.
In my experience optimizing cloud costs, especially on AWS, I often find that many quick wins are in the "easy to implement - good savings potential" quadrant.
[lwptoc]
That's why I've decided to share some straightforward methods for optimizing expenses on AWS that will help you save over 80% of your budget.
Choose reserved instances
Potential Savings: Up to 72%
Choosing reserved instances involves committing to a subscription, even partially, and offers a discount for long-term rentals of one to three years. While planning for a year is often deemed long-term for many companies, especially in Ukraine, reserving resources for 1-3 years carries risks but comes with the reward of a maximum discount of up to 72%.
You can check all the current pricing details on the official website - Amazon EC2 Reserved Instances
Purchase Saving Plans (Instead of On-Demand)
Potential Savings: Up to 72%
There are three types of saving plans: Compute Savings Plan, EC2 Instance Savings Plan, SageMaker Savings Plan.
AWS Compute Savings Plan is an Amazon Web Services option that allows users to receive discounts on computational resources in exchange for committing to using a specific volume of resources over a defined period (usually one or three years). This plan offers flexibility in utilizing various computing services, such as EC2, Fargate, and Lambda, at reduced prices.
AWS EC2 Instance Savings Plan is a program from Amazon Web Services that offers discounted rates exclusively for the use of EC2 instances. This plan is specifically tailored for the utilization of EC2 instances, providing discounts for a specific instance family, regardless of the region.
AWS SageMaker Savings Plan allows users to get discounts on SageMaker usage in exchange for committing to using a specific volume of computational resources over a defined period (usually one or three years).
The discount is available for one and three years with the option of full, partial upfront payment, or no upfront payment. EC2 can help save up to 72%, but it applies exclusively to EC2 instances.
Utilize Various Storage Classes for S3 (Including Intelligent Tier)
Potential Savings: 40% to 95%
AWS offers numerous options for storing data at different access levels. For instance, S3 Intelligent-Tiering automatically stores objects at three access levels: one tier optimized for frequent access, 40% cheaper tier optimized for infrequent access, and 68% cheaper tier optimized for rarely accessed data (e.g., archives).
S3 Intelligent-Tiering has the same price per 1 GB as S3 Standard — $0.023 USD.
However, the key advantage of Intelligent Tiering is its ability to automatically move objects that haven't been accessed for a specific period to lower access tiers.
Every 30, 90, and 180 days, Intelligent Tiering automatically shifts an object to the next access tier, potentially saving companies from 40% to 95%. This means that for certain objects (e.g., archives), it may be appropriate to pay only $0.0125 USD per 1 GB or $0.004 per 1 GB compared to the standard price of $0.023 USD.
Information regarding the pricing of Amazon S3
AWS Compute Optimizer
Potential Savings: quite significant
The AWS Compute Optimizer dashboard is a tool that lets users assess and prioritize optimization opportunities for their AWS resources.
The dashboard provides detailed information about potential cost savings and performance improvements, as the recommendations are based on an analysis of resource specifications and usage metrics.
The dashboard covers various types of resources, such as EC2 instances, Auto Scaling groups, Lambda functions, Amazon ECS services on Fargate, and Amazon EBS volumes.
For example, AWS Compute Optimizer reproduces information about underutilized or overutilized resources allocated for ECS Fargate services or Lambda functions. Regularly keeping an eye on this dashboard can help you make informed decisions to optimize costs and enhance performance.
Use Fargate in EKS for underutilized EC2 nodes
If your EKS nodes aren't fully used most of the time, it makes sense to consider using Fargate profiles. With AWS Fargate, you pay for a specific amount of memory/CPU resources needed for your POD, rather than paying for an entire EC2 virtual machine.
For example, let's say you have an application deployed in a Kubernetes cluster managed by Amazon EKS (Elastic Kubernetes Service). The application experiences variable traffic, with peak loads during specific hours of the day or week (like a marketplace or an online store), and you want to optimize infrastructure costs. To address this, you need to create a Fargate Profile that defines which PODs should run on Fargate. Configure Kubernetes Horizontal Pod Autoscaler (HPA) to automatically scale the number of POD replicas based on their resource usage (such as CPU or memory usage).
Manage Workload Across Different Regions
Potential Savings: significant in most cases
When handling workload across multiple regions, it's crucial to consider various aspects such as cost allocation tags, budgets, notifications, and data remediation.
Cost Allocation Tags: Classify and track expenses based on different labels like program, environment, team, or project.
AWS Budgets: Define spending thresholds and receive notifications when expenses exceed set limits. Create budgets specifically for your workload or allocate budgets to specific services or cost allocation tags.
Notifications: Set up alerts when expenses approach or surpass predefined thresholds. Timely notifications help take actions to optimize costs and prevent overspending.
Remediation: Implement mechanisms to rectify expenses based on your workload requirements. This may involve automated actions or manual interventions to address cost-related issues.
Regional Variances: Consider regional differences in pricing and data transfer costs when designing workload architectures.
Reserved Instances and Savings Plans: Utilize reserved instances or savings plans to achieve cost savings.
AWS Cost Explorer: Use this tool for visualizing and analyzing your expenses. Cost Explorer provides insights into your usage and spending trends, enabling you to identify areas of high costs and potential opportunities for cost savings.
Transition to Graviton (ARM)
Potential Savings: Up to 30%
Graviton utilizes Amazon's server-grade ARM processors developed in-house. The new processors and instances prove beneficial for various applications, including high-performance computing, batch processing, electronic design automation (EDA) automation, multimedia encoding, scientific modeling, distributed analytics, and machine learning inference on processor-based systems.
The processor family is based on ARM architecture, likely functioning as a system on a chip (SoC). This translates to lower power consumption costs while still offering satisfactory performance for the majority of clients. Key advantages of AWS Graviton include cost reduction, low latency, improved scalability, enhanced availability, and security.
Spot Instances Instead of On-Demand
Potential Savings: Up to 30%
Utilizing spot instances is essentially a resource exchange. When Amazon has surplus resources lying idle, you can set the maximum price you're willing to pay for them. The catch is that if there are no available resources, your requested capacity won't be granted.
However, there's a risk that if demand suddenly surges and the spot price exceeds your set maximum price, your spot instance will be terminated.
Spot instances operate like an auction, so the price is not fixed. We specify the maximum we're willing to pay, and AWS determines who gets the computational power. If we are willing to pay $0.1 per hour and the market price is $0.05, we will pay exactly $0.05.
Use Interface Endpoints or Gateway Endpoints to save on traffic costs (S3, SQS, DynamoDB, etc.)
Potential Savings: Depends on the workload
Interface Endpoints operate based on AWS PrivateLink, allowing access to AWS services through a private network connection without going through the internet. By using Interface Endpoints, you can save on data transfer costs associated with traffic.
Utilizing Interface Endpoints or Gateway Endpoints can indeed help save on traffic costs when accessing services like Amazon S3, Amazon SQS, and Amazon DynamoDB from your Amazon Virtual Private Cloud (VPC).
Key points:
Amazon S3: With an Interface Endpoint for S3, you can privately access S3 buckets without incurring data transfer costs between your VPC and S3.
Amazon SQS: Interface Endpoints for SQS enable secure interaction with SQS queues within your VPC, avoiding data transfer costs for communication with SQS.
Amazon DynamoDB: Using an Interface Endpoint for DynamoDB, you can access DynamoDB tables in your VPC without incurring data transfer costs.
Additionally, Interface Endpoints allow private access to AWS services using private IP addresses within your VPC, eliminating the need for internet gateway traffic. This helps eliminate data transfer costs for accessing services like S3, SQS, and DynamoDB from your VPC.
Optimize Image Sizes for Faster Loading
Potential Savings: Depends on the workload
Optimizing image sizes can help you save in various ways.
Reduce ECR Costs: By storing smaller instances, you can cut down expenses on Amazon Elastic Container Registry (ECR).
Minimize EBS Volumes on EKS Nodes: Keeping smaller volumes on Amazon Elastic Kubernetes Service (EKS) nodes helps in cost reduction.
Accelerate Container Launch Times: Faster container launch times ultimately lead to quicker task execution.
Optimization Methods:
Use the Right Image: Employ the most efficient image for your task; for instance, Alpine may be sufficient in certain scenarios.
Remove Unnecessary Data: Trim excess data and packages from the image.
Multi-Stage Image Builds: Utilize multi-stage image builds by employing multiple FROM instructions.
Use .dockerignore: Prevent the addition of unnecessary files by employing a .dockerignore file.
Reduce Instruction Count: Minimize the number of instructions, as each instruction adds extra weight to the hash. Group instructions using the && operator.
Layer Consolidation: Move frequently changing layers to the end of the Dockerfile.
These optimization methods can contribute to faster image loading, reduced storage costs, and improved overall performance in containerized environments.
Use Load Balancers to Save on IP Address Costs
Potential Savings: depends on the workload
Starting from February 2024, Amazon begins billing for each public IPv4 address. Employing a load balancer can help save on IP address costs by using a shared IP address, multiplexing traffic between ports, load balancing algorithms, and handling SSL/TLS.
By consolidating multiple services and instances under a single IP address, you can achieve cost savings while effectively managing incoming traffic.
Optimize Database Services for Higher Performance (MySQL, PostgreSQL, etc.)
Potential Savings: depends on the workload
AWS provides default settings for databases that are suitable for average workloads. If a significant portion of your monthly bill is related to AWS RDS, it's worth paying attention to parameter settings related to databases.
Some of the most effective settings may include:
Use Database-Optimized Instances: For example, instances in the R5 or X1 class are optimized for working with databases.
Choose Storage Type: General Purpose SSD (gp2) is typically cheaper than Provisioned IOPS SSD (io1/io2).
AWS RDS Auto Scaling: Automatically increase or decrease storage size based on demand.
If you can optimize the database workload, it may allow you to use smaller instance sizes without compromising performance.
Regularly Update Instances for Better Performance and Lower Costs
Potential Savings: Minor
As Amazon deploys new servers in their data processing centers to provide resources for running more instances for customers, these new servers come with the latest equipment, typically better than previous generations. Usually, the latest two to three generations are available. Make sure you update regularly to effectively utilize these resources.
Take Memory Optimize instances, for example, and compare the price change based on the relevance of one instance over another. Regular updates can ensure that you are using resources efficiently.
InstanceGenerationDescriptionOn-Demand Price (USD/hour)m6g.large6thInstances based on ARM processors offer improved performance and energy efficiency.$0.077m5.large5thGeneral-purpose instances with a balanced combination of CPU and memory, designed to support high-speed network access.$0.096m4.large4thA good balance between CPU, memory, and network resources.$0.1m3.large3rdOne of the previous generations, less efficient than m5 and m4.Not avilable
Use RDS Proxy to reduce the load on RDS
Potential for savings: Low
RDS Proxy is used to relieve the load on servers and RDS databases by reusing existing connections instead of creating new ones. Additionally, RDS Proxy improves failover during the switch of a standby read replica node to the master.
Imagine you have a web application that uses Amazon RDS to manage the database. This application experiences variable traffic intensity, and during peak periods, such as advertising campaigns or special events, it undergoes high database load due to a large number of simultaneous requests.
During peak loads, the RDS database may encounter performance and availability issues due to the high number of concurrent connections and queries. This can lead to delays in responses or even service unavailability.
RDS Proxy manages connection pools to the database, significantly reducing the number of direct connections to the database itself.
By efficiently managing connections, RDS Proxy provides higher availability and stability, especially during peak periods.
Using RDS Proxy reduces the load on RDS, and consequently, the costs are reduced too.
Define the storage policy in CloudWatch
Potential for savings: depends on the workload, could be significant.
The storage policy in Amazon CloudWatch determines how long data should be retained in CloudWatch Logs before it is automatically deleted.
Setting the right storage policy is crucial for efficient data management and cost optimization. While the "Never" option is available, it is generally not recommended for most use cases due to potential costs and data management issues.
Typically, best practice involves defining a specific retention period based on your organization's requirements, compliance policies, and needs.
Avoid using an undefined data retention period unless there is a specific reason. By doing this, you are already saving on costs.
Configure AWS Config to monitor only the events you need
Potential for savings: depends on the workload
AWS Config allows you to track and record changes to AWS resources, helping you maintain compliance, security, and governance. AWS Config provides compliance reports based on rules you define. You can access these reports on the AWS Config dashboard to see the status of tracked resources.
You can set up Amazon SNS notifications to receive alerts when AWS Config detects non-compliance with your defined rules. This can help you take immediate action to address the issue. By configuring AWS Config with specific rules and resources you need to monitor, you can efficiently manage your AWS environment, maintain compliance requirements, and avoid paying for rules you don't need.
Use lifecycle policies for S3 and ECR
Potential for savings: depends on the workload
S3 allows you to configure automatic deletion of individual objects or groups of objects based on specified conditions and schedules. You can set up lifecycle policies for objects in each specific bucket. By creating data migration policies using S3 Lifecycle, you can define the lifecycle of your object and reduce storage costs.
These object migration policies can be identified by storage periods. You can specify a policy for the entire S3 bucket or for specific prefixes. The cost of data migration during the lifecycle is determined by the cost of transfers. By configuring a lifecycle policy for ECR, you can avoid unnecessary expenses on storing Docker images that you no longer need.
Switch to using GP3 storage type for EBS
Potential for savings: 20%
By default, AWS creates gp2 EBS volumes, but it's almost always preferable to choose gp3 — the latest generation of EBS volumes, which provides more IOPS by default and is cheaper.
For example, in the US-east-1 region, the price for a gp2 volume is $0.10 per gigabyte-month of provisioned storage, while for gp3, it's $0.08/GB per month. If you have 5 TB of EBS volume on your account, you can save $100 per month by simply switching from gp2 to gp3.
Switch the format of public IP addresses from IPv4 to IPv6
Potential for savings: depending on the workload
Starting from February 1, 2024, AWS will begin charging for each public IPv4 address at a rate of $0.005 per IP address per hour. For example, taking 100 public IP addresses on EC2 x $0.005 per public IP address per month x 730 hours = $365.00 per month.
While this figure might not seem huge (without tying it to the company's capabilities), it can add up to significant network costs. Thus, the optimal time to transition to IPv6 was a couple of years ago or now.
Here are some resources about this recent update that will guide you on how to use IPv6 with widely-used services — AWS Public IPv4 Address Charge.
Collaborate with AWS professionals and partners for expertise and discounts
Potential for savings: ~5% of the contract amount through discounts.
AWS Partner Network (APN) Discounts: Companies that are members of the AWS Partner Network (APN) can access special discounts, which they can pass on to their clients. Partners reaching a certain level in the APN program often have access to better pricing offers.
Custom Pricing Agreements: Some AWS partners may have the opportunity to negotiate special pricing agreements with AWS, enabling them to offer unique discounts to their clients. This can be particularly relevant for companies involved in consulting or system integration.
Reseller Discounts: As resellers of AWS services, partners can purchase services at wholesale prices and sell them to clients with a markup, still offering a discount from standard AWS prices. They may also provide bundled offerings that include AWS services and their own additional services.
Credit Programs: AWS frequently offers credit programs or vouchers that partners can pass on to their clients. These could be promo codes or discounts for a specific period.
Seek assistance from AWS professionals and partners. Often, this is more cost-effective than purchasing and configuring everything independently. Given the intricacies of cloud space optimization, expertise in this matter can save you tens or hundreds of thousands of dollars.
More valuable tips for optimizing costs and improving efficiency in AWS environments:
Scheduled TurnOff/TurnOn for NonProd environments: If the Development team is in the same timezone, significant savings can be achieved by, for example, scaling the AutoScaling group of instances/clusters/RDS to zero during the night and weekends when services are not actively used.
Move static content to an S3 Bucket & CloudFront: To prevent service charges for static content, consider utilizing Amazon S3 for storing static files and CloudFront for content delivery.
Use API Gateway/Lambda/Lambda Edge where possible: In such setups, you only pay for the actual usage of the service. This is especially noticeable in NonProd environments where resources are often underutilized.
If your CI/CD agents are on EC2, migrate to CodeBuild: AWS CodeBuild can be a more cost-effective and scalable solution for your continuous integration and delivery needs.
CloudWatch covers the needs of 99% of projects for Monitoring and Logging: Avoid using third-party solutions if AWS CloudWatch meets your requirements. It provides comprehensive monitoring and logging capabilities for most projects.
Feel free to reach out to me or other specialists for an audit, a comprehensive optimization package, or just advice.
Achieve Faster Development Cycles 
