{"id":4738,"date":"2026-03-18T21:43:01","date_gmt":"2026-03-18T16:13:01","guid":{"rendered":"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/"},"modified":"2026-03-18T21:43:01","modified_gmt":"2026-03-18T16:13:01","slug":"master-aws-best-practices-optimize-your-cloud-performance","status":"publish","type":"post","link":"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/","title":{"rendered":"Master AWS Best Practices: Optimize Your Cloud Performance"},"content":{"rendered":"<p><strong>INTERNAL DOCUMENT: POST-MORTEM REPORT \u2013 PROJECT \u201cSILVER LINING\u201d (MIGRATION FAILURE)<\/strong><br \/>\n<strong>FROM: Senior Systems Architect (Infrastructure &amp; Physical Security)<\/strong><br \/>\n<strong>TO: The C-Suite and the &#8220;Cloud Native&#8221; Evangelists who broke the bank.<\/strong><br \/>\n<strong>DATE: 2024-05-22<\/strong><br \/>\n<strong>SUBJECT: Why we are broke and why my pager didn&#8217;t stop buzzing for 72 hours.<\/strong><\/p>\n<pre class=\"codehilite\"><code class=\"language-json\">{\n    &quot;Version&quot;: &quot;2012-10-17&quot;,\n    &quot;Statement&quot;: [\n        {\n            &quot;Sid&quot;: &quot;AllowDevsToBreakEverything&quot;,\n            &quot;Effect&quot;: &quot;Allow&quot;,\n            &quot;Principal&quot;: &quot;*&quot;,\n            &quot;Action&quot;: [\n                &quot;s3:GetObject&quot;,\n                &quot;s3:PutObject&quot;,\n                &quot;s3:ListBucket&quot;\n            ],\n            &quot;Resource&quot;: [\n                &quot;arn:aws:s3:::prod-customer-data-sensitive\/*&quot;,\n                &quot;arn:aws:s3:::prod-customer-data-sensitive&quot;\n            ],\n            &quot;Condition&quot;: {\n                &quot;StringLike&quot;: {\n                    &quot;aws:Referer&quot;: [\n                        &quot;http:\/\/localhost:3000&quot;,\n                        &quot;*&quot;\n                    ]\n                }\n            }\n        }\n    ]\n}\n<\/code><\/pre>\n<p>Look at that. Look at the JSON above. That was found in our production environment three days ago. Some &#8220;Full Stack Architect&#8221; thought that adding a wildcard to the Referer condition while allowing <code>Principal: \"*\"<\/code> was a &#8220;quick fix&#8221; for a CORS issue during a late-night deployment. This is what happens when you trade physical firewalls and air-gapped subnets for a web console that looks like a toy store. You wanted &#8220;agility.&#8221; Well, you got it. You\u2019re agile enough to leap right off a cliff and take the company\u2019s valuation with you.<\/p>\n<p>I\u2019ve spent 25 years in climate-controlled rooms where I could actually touch the hardware. I knew where the packets went because I laid the CAT6 myself. Now? Now I\u2019m chasing ghosts in &#8220;Availability Zones&#8221; that are just warehouses in Northern Virginia that I\u2019m not allowed to enter. The cloud isn&#8217;t a revolution; it&#8217;s a landlord-tenant dispute where the landlord raises the rent every time you turn on a lightbulb.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-69d8545702d14\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-69d8545702d14\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#TICKET-404-WHERE-DID-THE-MONEY-GO\" >TICKET-404-WHERE-DID-THE-MONEY-GO<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#ops-nightmares-vpc-peering-hell\" >#ops-nightmares-vpc-peering-hell<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#TICKET-882-S3-LEAK-AND-THE-FALSE-SENSE-OF-SECURITY\" >TICKET-882-S3-LEAK-AND-THE-FALSE-SENSE-OF-SECURITY<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#THE-IOPS-THROTTLING-SILENT-KILLER\" >THE-IOPS-THROTTLING-SILENT-KILLER<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#ROUTE53-IS-NOT-A-LOAD-BALANCER\" >ROUTE53-IS-NOT-A-LOAD-BALANCER<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#THE-TERRAFORM-STATE-OF-DESPAIR\" >THE-TERRAFORM-STATE-OF-DESPAIR<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#RESIGNATION_LETTER_DRAFT\" >RESIGNATION LETTER (DRAFT)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#Related_Articles\" >Related Articles<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"TICKET-404-WHERE-DID-THE-MONEY-GO\"><\/span>TICKET-404-WHERE-DID-THE-MONEY-GO<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>We blew the quarterly budget in twenty-one days. Twenty-one. I remember when a $50,000 CAPEX request for a new SAN would get me grilled for three hours by the CFO. Now, a junior dev with a credit card and a lack of sleep can spin up a <code>p4d.24xlarge<\/code> instance because they wanted to &#8220;test some ML models&#8221; and forgot to shut it down over the weekend.<\/p>\n<p>For those of you who don&#8217;t read the billing console\u2014because it\u2019s designed to be as confusing as a tax code\u2014a <code>p4d.24xlarge<\/code> costs roughly $32.77 per hour. That\u2019s $786 a day. For one instance. We found six of them. They were <strong>zombie instances<\/strong>, sitting there, idling at 1% CPU utilization, burning money just to keep the NVIDIA A100s warm. <\/p>\n<pre class=\"codehilite\"><code class=\"language-bash\"># AWS CLI v2.15.30 - Hunting for the gold-plated paperweights\naws ec2 describe-instances \\\n    --filters &quot;Name=instance-type,Values=p4d.24xlarge&quot; \\\n    --query &quot;Reservations[*].Instances[*].{ID:InstanceId, LaunchTime:LaunchTime, State:State.Name}&quot; \\\n    --output table\n\n---------------------------------------------------------------------------\n|                            DescribeInstances                            |\n+----------------------+---------------------------+----------------------+\n|          ID          |        LaunchTime         |        State         |\n+----------------------+---------------------------+----------------------+\n|  i-0abcd1234efgh5678 |  2024-05-10T03:14:22+00:00|  running             |\n|  i-09876fedcba54321  |  2024-05-10T03:15:45+00:00|  running             |\n|  i-0123456789abcdef  |  2024-05-10T04:00:12+00:00|  running             |\n+----------------------+---------------------------+----------------------+\n<\/code><\/pre>\n<p>When I asked why we needed 400Gbps networking for a CRUD app that serves maybe fifty concurrent users, I was told it was for &#8220;future-proofing.&#8221; In my day, future-proofing meant buying a chassis with two extra blade slots. In the cloud, it means paying for a Ferrari to drive to the mailbox. <\/p>\n<p>And don&#8217;t get me started on the <strong>egress fees<\/strong>. We moved 40TB of legacy logs from S3 to an on-prem archival server because someone finally realized that keeping &#8220;debug_log_final_v2_OLD.txt&#8221; in Standard Tier storage was costing us $900 a month. The bill for just <em>moving<\/em> that data out? $3,600. AWS charges you to leave the party. It\u2019s a digital Hotel California. You can check out any time you like, but your data is held for ransom by the byte.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ops-nightmares-vpc-peering-hell\"><\/span>#ops-nightmares-vpc-peering-hell<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>People talk about <strong>aws best<\/strong> practices like they&#8217;re some holy scripture, but they usually just ignore the basics of CIDR blocks and wonder why their packets are disappearing into the ether. We have seventeen VPCs. Why? Because every time a new team starts a project, they click &#8220;Create VPC&#8221; with the default 172.31.0.0\/16 range. <\/p>\n<p>Do you know what happens when you try to peer two VPCs with overlapping CIDR blocks? Nothing. Exactly nothing happens. No traffic flows, and you spend four hours debugging a routing table only to realize you\u2019ve built a logical paradox. <\/p>\n<p>Then came the &#8220;solution&#8221;: Transit Gateway. <\/p>\n<pre class=\"codehilite\"><code class=\"language-hcl\"># Terraform 1.7.4 - The &quot;Solution&quot; that costs $36\/day just to exist\nresource &quot;aws_ec2_transit_gateway&quot; &quot;main&quot; {\n  description = &quot;The expensive hub for our overlapping mess&quot;\n  amazon_side_asn = 64512\n  auto_accept_shared_attachments = &quot;enable&quot;\n  default_route_table_association = &quot;enable&quot;\n\n  tags = {\n    Name = &quot;Money-Pit-Gateway&quot;\n    Environment = &quot;Production&quot;\n  }\n}\n\nresource &quot;aws_ec2_transit_gateway_vpc_attachment&quot; &quot;attachment&quot; {\n  subnet_ids         = [aws_subnet.private_a.id, aws_subnet.private_b.id]\n  transit_gateway_id = aws_ec2_transit_gateway.main.id\n  vpc_id             = aws_vpc.app_vpc.id\n}\n<\/code><\/pre>\n<p>Transit Gateway is great if you love paying $0.05 per hour per attachment, plus data processing fees. We\u2019re paying for the privilege of routing our own internal traffic. On-prem, I had a Cisco Nexus 9k. I bought it once. It stayed in the rack. It didn&#8217;t charge me every time a packet went from VLAN 10 to VLAN 20. In the cloud, every hop is a micro-transaction. It\u2019s like the entire infrastructure was designed by someone who used to make mobile games with &#8220;energy systems.&#8221;<\/p>\n<p>The latency? Don&#8217;t even get me started. We\u2019re seeing 15ms spikes because someone decided to put the database in <code>us-east-1a<\/code> and the application servers in <code>us-east-1b<\/code> to &#8220;ensure high availability.&#8221; Great, now every DB query has to traverse the inter-AZ fiber, and we\u2019re getting billed for &#8220;Inter-AZ Data Transfer.&#8221; We are literally paying for the speed of light.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"TICKET-882-S3-LEAK-AND-THE-FALSE-SENSE-OF-SECURITY\"><\/span>TICKET-882-S3-LEAK-AND-THE-FALSE-SENSE-OF-SECURITY<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>S3 Block Public Access should not be a software setting. It should be a physical, red, locking toggle switch on a wall in the data center. If the switch is UP, the data stays inside. If the switch is DOWN, you\u2019re fired. <\/p>\n<p>Instead, we have a &#8220;comprehensive&#8221; (sorry, I meant &#8220;over-complicated&#8221;) set of layers: IAM policies, Bucket policies, Access Control Lists (ACLs), and then the Account-Level Block Public Access. It\u2019s four locks on a door that\u2019s made of glass. <\/p>\n<p>The breach we had last week wasn&#8217;t a &#8220;sophisticated state-sponsored attack.&#8221; It was a dev who wanted to see if an image rendered correctly in a browser. They disabled &#8220;Block Public Access&#8221; because they didn&#8217;t want to deal with Pre-signed URLs. They thought, &#8220;I&#8217;ll just turn it off for five minutes.&#8221; <\/p>\n<p>Five minutes is all it takes for a crawler to find an open bucket. <\/p>\n<pre class=\"codehilite\"><code class=\"language-bash\"># Checking for public buckets before the auditors do\naws s3api get-public-access-block --bucket prod-customer-data-sensitive\n\n{\n    &quot;PublicAccessBlockConfiguration&quot;: {\n        &quot;BlockPublicAcls&quot;: false,\n        &quot;IgnorePublicAcls&quot;: false,\n        &quot;BlockPublicPolicy&quot;: false,\n        &quot;RestrictPublicBuckets&quot;: false\n    }\n}\n<\/code><\/pre>\n<p>When I saw that output, I didn&#8217;t even get angry. I just felt a profound sense of exhaustion. We have Macie running, right? That\u2019s what the brochure said. &#8220;Macie uses machine learning to protect your data.&#8221; <\/p>\n<p>Do you know what Macie actually did? It generated a 400-page report telling us that we have &#8220;Sensitive Data&#8221; in our &#8220;Sensitive Data Bucket.&#8221; Thank you, Macie. That\u2019ll be $2,000 for the discovery job. It\u2019s like hiring a security guard who watches a thief walk out with your TV and then sends you a Slack message three hours later saying, &#8220;Hey, I noticed a high probability of TV-shaped objects leaving the premises.&#8221;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"THE-IOPS-THROTTLING-SILENT-KILLER\"><\/span>THE-IOPS-THROTTLING-SILENT-KILLER<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>In the old world, if my disk was slow, I checked the controller. I checked the cables. I looked at the actual spinning rust or the flash cells. In the cloud, your disk performance is a &#8220;credit balance.&#8221; <\/p>\n<p>We had a production outage on Tuesday. Why? Because the <code>gp2<\/code> volumes on our database ran out of &#8220;Burst Credits.&#8221; The application didn&#8217;t crash; it just slowed down to a crawl. 100 IOPS. Do you know what 100 IOPS feels like in 2024? It feels like trying to run a marathon through a vat of cold molasses.<\/p>\n<pre class=\"codehilite\"><code class=\"language-bash\"># Checking the volume status while the site is down\naws ec2 describe-volumes --volume-ids vol-0123456789abcdef0 --query &quot;Volumes[*].Iops&quot;\n[\n    100\n]\n<\/code><\/pre>\n<p>The fix, according to the &#8220;Cloud Architects,&#8221; was to migrate to <code>gp3<\/code> and provision the IOPS. More money. Always more money. We\u2019re paying for &#8220;Provisioned IOPS&#8221; now, which means we\u2019re paying for performance that we might not even use, just so we don&#8217;t get throttled during a cron job. It\u2019s a protection racket. &#8220;Nice database you got there. Shame if its throughput dropped to 1990s levels during your peak sales window.&#8221;<\/p>\n<p>And let\u2019s talk about <strong>cold storage<\/strong>. We moved our backups to Glacier Deep Archive. $0.00099 per GB. Sounds great on a spreadsheet. But have you tried to actually <em>restore<\/em> from it? It takes 12 hours just to &#8220;rehydrate&#8221; the data. If our primary site goes down, the business is dead for half a day while we wait for AWS to find our virtual tapes in their virtual basement. On-prem, I could have a tape in the drive and data flowing in ten minutes. Here, I\u2019m at the mercy of a &#8220;retrieval tier.&#8221;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"ROUTE53-IS-NOT-A-LOAD-BALANCER\"><\/span>ROUTE53-IS-NOT-A-LOAD-BALANCER<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>I\u2019ve had enough of people treating DNS like it\u2019s a global traffic manager. Route53 is a fine DNS service, but the way we\u2019ve implemented it is a disaster. We have &#8220;Health Checks&#8221; that cost $0.50 per endpoint per month. We have 500 microservices. Do the math. We are paying $250 a month just to have AWS ask our servers &#8220;Are you alive?&#8221; every 30 seconds.<\/p>\n<p>And the <strong>blast radius<\/strong> of a Route53 mistake is terrifying. Last month, someone updated a weighted routing policy and accidentally sent 100% of our traffic to a &#8220;Coming Soon&#8221; bucket in <code>us-west-2<\/code>. Because of TTL (Time To Live) settings, that mistake stayed &#8220;live&#8221; for an hour after we fixed it. On-prem, I could clear the cache on the local resolvers. In the cloud, I just have to sit there and watch the &#8220;404 Not Found&#8221; errors spike on the dashboard while I contemplate my life choices.<\/p>\n<pre class=\"codehilite\"><code class=\"language-hcl\"># The Terraform change that killed the weekend\nresource &quot;aws_route53_record&quot; &quot;www&quot; {\n  zone_id = aws_route53_zone.primary.zone_id\n  name    = &quot;api.company.com&quot;\n  type    = &quot;A&quot;\n\n  weighted_routing_policy {\n    weight = 0 # Someone thought this meant &quot;Primary&quot;\n  }\n  set_identifier = &quot;primary&quot;\n  alias {\n    name                   = aws_lb.prod_lb.dns_name\n    zone_id                = aws_lb.prod_lb.zone_id\n    evaluate_target_health = true\n  }\n}\n<\/code><\/pre>\n<p>The complexity is the point. The more complex it is, the more &#8220;managed services&#8221; they can sell you to fix the complexity they created. It\u2019s a self-licking ice cream cone.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"THE-TERRAFORM-STATE-OF-DESPAIR\"><\/span>THE-TERRAFORM-STATE-OF-DESPAIR<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>We were told that Infrastructure as Code would make everything &#8220;repeatable&#8221; and &#8220;safe.&#8221; Instead, it has just made it possible to delete the entire staging environment with a single <code>terraform apply<\/code>. <\/p>\n<p>I spent four hours yesterday fixing a corrupted state file because two people tried to run a plan at the same time and the S3 bucket lock failed. We\u2019re using Terraform 1.7.x, and while the <code>removed<\/code> blocks are nice, they don&#8217;t fix the fundamental problem: we are building a house of cards out of text files.<\/p>\n<pre class=\"codehilite\"><code class=\"language-hcl\"># Terraform 1.7.x - Trying to fix the mess without destroying the world\nremoved {\n  from = aws_instance.unnecessary_gpu_beast\n\n  lifecycle {\n    destroy = false # PLEASE DO NOT ACTUALLY DELETE THE DATA\n  }\n}\n<\/code><\/pre>\n<p>Every time I run a <code>terraform plan<\/code>, my heart rate goes up to 110. I\u2019m looking at 45 resources to be changed, 12 to be destroyed, and 3 to be added. Why is it destroying the database? &#8220;Oh, because you changed the name of the subnet, and that forces a replacement.&#8221; <\/p>\n<p>A replacement. In the real world, if I rename a room, the furniture doesn&#8217;t spontaneously combust. In the cloud, if you change a tag or a name, sometimes the entire resource is vaporized and recreated. If you don&#8217;t have your &#8220;Deletion Protection&#8221; flags set\u2014and let\u2019s be honest, the devs never do\u2014you\u2019re one keystroke away from a resume-generating event.<\/p>\n<hr \/>\n<h3><span class=\"ez-toc-section\" id=\"RESIGNATION_LETTER_DRAFT\"><\/span>RESIGNATION LETTER (DRAFT)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>To:<\/strong> Human Resources \/ VP of Engineering<br \/>\n<strong>From:<\/strong> The Guy Who Remembers What a Serial Cable Looks Like<br \/>\n<strong>Subject:<\/strong> Moving to a cabin in the woods (where there is no Wi-Fi)<\/p>\n<p>Effective two weeks from today, I am resigning from my position as Senior Systems Architect. <\/p>\n<p>I\u2019ve spent the last six months watching this company set fire to its capital in the name of &#8220;Cloud Transformation.&#8221; I have tried to explain that &#8220;Serverless&#8221; still uses servers, that &#8220;Elasticity&#8221; is just a fancy word for &#8220;Variable Billing,&#8221; and that &#8220;The Cloud&#8221; is just a way to outsource your competence to a third party that doesn&#8217;t care if your business fails.<\/p>\n<p><strong>Lessons Learned (The Hard Way):<\/strong><\/p>\n<ol>\n<li><strong>The Bill is the Only Metric:<\/strong> We stopped caring about uptime and started caring about &#8220;Cost Optimization.&#8221; When your engineers spend 40% of their time looking at AWS Cost Explorer instead of writing code, you aren&#8217;t a tech company anymore; you\u2019re an accounting firm with a hobby.<\/li>\n<li><strong>Hardware was Honest:<\/strong> If a drive failed in my rack, a red light turned on. I replaced the drive. Now, if a &#8220;Volume&#8221; fails, I have to open a support ticket and wait for a &#8220;Cloud Support Associate&#8221; to tell me that there was an &#8220;increased error rate in the underlying hardware.&#8221; Just say the disk died, Kevin. I know the disk died.<\/li>\n<li><strong>The Magic Wand is a Pipe:<\/strong> AWS is not a magic wand. It is a series of pipes, and those pipes are leaking money. We ignored the <strong>aws best<\/strong> practices of &#8220;least privilege&#8221; and &#8220;cost allocation tags&#8221; because they were &#8220;too slow.&#8221; Now we\u2019re fast, but we\u2019re broke.<\/li>\n<li><strong>Identity is a Nightmare:<\/strong> IAM is more complex than the actual applications we run. I shouldn&#8217;t need a PhD in Boolean logic to allow a Lambda function to write to a log group.<\/li>\n<li><strong>Networking is a Lost Art:<\/strong> Nobody knows what a subnet mask is anymore. Nobody understands BGP. They just click &#8220;Create Transit Gateway&#8221; and hope the &#8220;Cloud Magic&#8221; handles the routing. It doesn&#8217;t. It just charges you for the failure.<\/li>\n<\/ol>\n<p>I\u2019m going back to a world where &#8220;The Cloud&#8221; is something that brings rain, not something that brings a $250,000 invoice for &#8220;Unused Elastic IPs&#8221; and &#8220;NAT Gateway Data Processing.&#8221; <\/p>\n<p>I\u2019ve left the rack keys on my desk. Oh wait, we don&#8217;t have racks anymore. I\u2019ve left my login credentials for the AWS Console in a secure vault. I suggest you delete the <code>p4d.24xlarge<\/code> instances before you can&#8217;t afford to pay my final paycheck.<\/p>\n<p>Goodbye, and may your egress fees be low and your IOPS be plentiful. You\u2019re going to need them.<\/p>\n<p>Regards,<\/p>\n<p>The Grumpy On-Prem Refugee<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Related_Articles\"><\/span>Related Articles<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Explore more insights and best practices:<\/p>\n<ul>\n<li><a href=\"https:\/\/itsupportwale.com\/blog\/\">Blog<\/a><\/li>\n<li><a href=\"https:\/\/itsupportwale.com\/blog\/tcpdump-examples\/\">Tcpdump Examples<\/a><\/li>\n<li><a href=\"https:\/\/itsupportwale.com\/blog\/artificial-intelligence-best-practices-a-complete-guide\/\">Artificial Intelligence Best Practices A Complete Guide<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>INTERNAL DOCUMENT: POST-MORTEM REPORT \u2013 PROJECT \u201cSILVER LINING\u201d (MIGRATION FAILURE) FROM: Senior Systems Architect (Infrastructure &amp; Physical Security) TO: The C-Suite and the &#8220;Cloud Native&#8221; Evangelists who broke the bank. DATE: 2024-05-22 SUBJECT: Why we are broke and why my pager didn&#8217;t stop buzzing for 72 hours. { &quot;Version&quot;: &quot;2012-10-17&quot;, &quot;Statement&quot;: [ { &quot;Sid&quot;: &quot;AllowDevsToBreakEverything&quot;, &#8230; <a title=\"Master AWS Best Practices: Optimize Your Cloud Performance\" class=\"read-more\" href=\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/\" aria-label=\"Read more  on Master AWS Best Practices: Optimize Your Cloud Performance\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4738","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Master AWS Best Practices: Optimize Your Cloud Performance - ITSupportWale<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Master AWS Best Practices: Optimize Your Cloud Performance - ITSupportWale\" \/>\n<meta property=\"og:description\" content=\"INTERNAL DOCUMENT: POST-MORTEM REPORT \u2013 PROJECT \u201cSILVER LINING\u201d (MIGRATION FAILURE) FROM: Senior Systems Architect (Infrastructure &amp; Physical Security) TO: The C-Suite and the &#8220;Cloud Native&#8221; Evangelists who broke the bank. DATE: 2024-05-22 SUBJECT: Why we are broke and why my pager didn&#8217;t stop buzzing for 72 hours. { &quot;Version&quot;: &quot;2012-10-17&quot;, &quot;Statement&quot;: [ { &quot;Sid&quot;: &quot;AllowDevsToBreakEverything&quot;, ... Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/\" \/>\n<meta property=\"og:site_name\" content=\"ITSupportWale\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Itsupportwale-298547177495978\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-18T16:13:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/itsupportwale.com\/blog\/wp-content\/uploads\/2021\/05\/android-chrome-512x512-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Techie\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Techie\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/\"},\"author\":{\"name\":\"Techie\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/#\/schema\/person\/8c5a2b3d36396e0a8fd91ec8242fd46d\"},\"headline\":\"Master AWS Best Practices: Optimize Your Cloud Performance\",\"datePublished\":\"2026-03-18T16:13:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/\"},\"wordCount\":2099,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/\",\"url\":\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/\",\"name\":\"Master AWS Best Practices: Optimize Your Cloud Performance - ITSupportWale\",\"isPartOf\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/#website\"},\"datePublished\":\"2026-03-18T16:13:01+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/itsupportwale.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Master AWS Best Practices: Optimize Your Cloud Performance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/#website\",\"url\":\"https:\/\/itsupportwale.com\/blog\/\",\"name\":\"ITSupportWale\",\"description\":\"Tips, Tricks, Fixed-Errors, Tutorials &amp; Guides\",\"publisher\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/itsupportwale.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/#organization\",\"name\":\"itsupportwale\",\"url\":\"https:\/\/itsupportwale.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/itsupportwale.com\/blog\/wp-content\/uploads\/2023\/09\/cropped-Logo-trans-without-slogan.png\",\"contentUrl\":\"https:\/\/itsupportwale.com\/blog\/wp-content\/uploads\/2023\/09\/cropped-Logo-trans-without-slogan.png\",\"width\":1119,\"height\":144,\"caption\":\"itsupportwale\"},\"image\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Itsupportwale-298547177495978\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/#\/schema\/person\/8c5a2b3d36396e0a8fd91ec8242fd46d\",\"name\":\"Techie\",\"sameAs\":[\"https:\/\/itsupportwale.com\",\"iswblogadmin\"],\"url\":\"https:\/\/itsupportwale.com\/blog\/author\/iswblogadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Master AWS Best Practices: Optimize Your Cloud Performance - ITSupportWale","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/","og_locale":"en_US","og_type":"article","og_title":"Master AWS Best Practices: Optimize Your Cloud Performance - ITSupportWale","og_description":"INTERNAL DOCUMENT: POST-MORTEM REPORT \u2013 PROJECT \u201cSILVER LINING\u201d (MIGRATION FAILURE) FROM: Senior Systems Architect (Infrastructure &amp; Physical Security) TO: The C-Suite and the &#8220;Cloud Native&#8221; Evangelists who broke the bank. DATE: 2024-05-22 SUBJECT: Why we are broke and why my pager didn&#8217;t stop buzzing for 72 hours. { &quot;Version&quot;: &quot;2012-10-17&quot;, &quot;Statement&quot;: [ { &quot;Sid&quot;: &quot;AllowDevsToBreakEverything&quot;, ... Read more","og_url":"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/","og_site_name":"ITSupportWale","article_publisher":"https:\/\/www.facebook.com\/Itsupportwale-298547177495978","article_published_time":"2026-03-18T16:13:01+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/itsupportwale.com\/blog\/wp-content\/uploads\/2021\/05\/android-chrome-512x512-1.png","type":"image\/png"}],"author":"Techie","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Techie","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#article","isPartOf":{"@id":"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/"},"author":{"name":"Techie","@id":"https:\/\/itsupportwale.com\/blog\/#\/schema\/person\/8c5a2b3d36396e0a8fd91ec8242fd46d"},"headline":"Master AWS Best Practices: Optimize Your Cloud Performance","datePublished":"2026-03-18T16:13:01+00:00","mainEntityOfPage":{"@id":"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/"},"wordCount":2099,"commentCount":0,"publisher":{"@id":"https:\/\/itsupportwale.com\/blog\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/","url":"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/","name":"Master AWS Best Practices: Optimize Your Cloud Performance - ITSupportWale","isPartOf":{"@id":"https:\/\/itsupportwale.com\/blog\/#website"},"datePublished":"2026-03-18T16:13:01+00:00","breadcrumb":{"@id":"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/itsupportwale.com\/blog\/master-aws-best-practices-optimize-your-cloud-performance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/itsupportwale.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Master AWS Best Practices: Optimize Your Cloud Performance"}]},{"@type":"WebSite","@id":"https:\/\/itsupportwale.com\/blog\/#website","url":"https:\/\/itsupportwale.com\/blog\/","name":"ITSupportWale","description":"Tips, Tricks, Fixed-Errors, Tutorials &amp; Guides","publisher":{"@id":"https:\/\/itsupportwale.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/itsupportwale.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/itsupportwale.com\/blog\/#organization","name":"itsupportwale","url":"https:\/\/itsupportwale.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/itsupportwale.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/itsupportwale.com\/blog\/wp-content\/uploads\/2023\/09\/cropped-Logo-trans-without-slogan.png","contentUrl":"https:\/\/itsupportwale.com\/blog\/wp-content\/uploads\/2023\/09\/cropped-Logo-trans-without-slogan.png","width":1119,"height":144,"caption":"itsupportwale"},"image":{"@id":"https:\/\/itsupportwale.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Itsupportwale-298547177495978"]},{"@type":"Person","@id":"https:\/\/itsupportwale.com\/blog\/#\/schema\/person\/8c5a2b3d36396e0a8fd91ec8242fd46d","name":"Techie","sameAs":["https:\/\/itsupportwale.com","iswblogadmin"],"url":"https:\/\/itsupportwale.com\/blog\/author\/iswblogadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/posts\/4738","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/comments?post=4738"}],"version-history":[{"count":0,"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/posts\/4738\/revisions"}],"wp:attachment":[{"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/media?parent=4738"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/categories?post=4738"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/tags?post=4738"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}