{"id":4826,"date":"2026-06-28T21:49:48","date_gmt":"2026-06-28T16:19:48","guid":{"rendered":"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/"},"modified":"2026-06-28T21:49:48","modified_gmt":"2026-06-28T16:19:48","slug":"10-essential-aws-best-practices-for-cloud-optimization-3","status":"publish","type":"post","link":"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/","title":{"rendered":"10 Essential AWS Best Practices for Cloud Optimization"},"content":{"rendered":"<p>The smell of ozone. That\u2019s what I miss. You don&#8217;t get that in the us-east-1 console. You get a loading spinner and a &#8220;Service Health Dashboard&#8221; that lies to your face while the world burns. Back in February of 2009, I was working in a colo facility in the basement of a converted textile mill in Chicago. It was negative twenty degrees outside, and the HVAC system for the server room decided that was the perfect moment to seize up. I was standing there in a Carhartt parka, my breath visible in the glow of the status LEDs, trying to figure out why a Dell PowerEdge 2950 was screaming like a banshee. It wasn&#8217;t the fans; it was the PERC 6\/i RAID controller. The battery-backed cache had failed, and the write-through mode was dragging the entire SQL cluster into the dirt. Then, the smell hit me\u2014the unmistakable scent of a capacitor popping on the backplane. I had to pull that three-unit beast out of the rack by myself, my fingers numb, while the blizzard rattled the industrial windows upstairs. I spent fourteen hours rebuilding that array from LTO-4 tapes that I\u2019d hand-carried from a fireproof safe. There was no &#8220;auto-scaling.&#8221; There was no &#8220;self-healing.&#8221; There was just me, a crimping tool, a spare controller I scavenged from a decommissioned web server, and the cold reality of physical hardware.<\/p>\n<p>That night taught me that everything eventually breaks, and it usually breaks when it\u2019s most inconvenient for you. Now, they\u2019ve dragged me into this &#8220;cloud&#8221; era, and everyone acts like the hardware doesn&#8217;t exist anymore. They call it &#8220;serverless,&#8221; which is the biggest load of marketing jank I\u2019ve ever heard. It\u2019s still a server; it\u2019s just someone else\u2019s server, and you\u2019re paying a 400% markup for the privilege of not being able to touch it. When I look at a migration project for a legacy monolith\u2014some spaghetti code mess written in Java 8 that expects a local mount point and a persistent IP\u2014I don&#8217;t see &#8220;innovation.&#8221; I see a disaster waiting to happen in a multi-tenant environment. My scars from 2009 are why I look at these shiny new services with a squint and a sneer. I know that beneath the &#8220;aws best&#8221; marketing fluff, there\u2019s a hypervisor somewhere that\u2019s oversubscribed and a network switch that\u2019s dropping packets. I\u2019m writing this at 3:15 AM because the &#8220;elastic&#8221; load balancer decided it didn&#8217;t feel like being elastic today, and my coffee is the only thing keeping me from throwing this laptop through the window.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a41bf92aac3e\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a41bf92aac3e\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#The_Myth_of_the_Infinite_Cloud\" >The Myth of the Infinite Cloud<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#IAM_The_Art_of_Saying_%E2%80%98No_Until_it_Works\" >IAM: The Art of Saying &#8216;No&#8217; Until it Works<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#VPCs_and_the_Ghost_of_Subnets_Past\" >VPCs and the Ghost of Subnets Past<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#S3_Its_Not_a_Trash_Can_Its_a_Liability\" >S3: It&#8217;s Not a Trash Can, It&#8217;s a Liability<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#Monitoring_If_it_Doesnt_Wake_You_Up_Its_Useless\" >Monitoring: If it Doesn&#8217;t Wake You Up, It&#8217;s Useless<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#Cost_Optimization_Paying_for_Air\" >Cost Optimization: Paying for Air<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#Related_Articles\" >Related Articles<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"The_Myth_of_the_Infinite_Cloud\"><\/span>The Myth of the Infinite Cloud<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>They tell the juniors that the cloud is infinite. They say you can just scale horizontally until the sun goes down. That is a lie. The cloud is a series of very specific, very rigid boxes called Service Quotas, and if you don&#8217;t know where the walls are, you\u2019re going to crack your skull against them. I\u2019ve seen teams try to follow some sanitized version of aws best practices by spinning up thousands of tiny containers, only to realize they\u2019ve hit the API rate limit for the EC2 DescribeInstances call. Suddenly, their entire deployment pipeline grinds to a halt because they\u2019re being throttled by the very provider they\u2019re paying six figures a month to. You aren&#8217;t just fighting your own bugs; you\u2019re fighting the &#8220;noisy neighbor&#8221; on the physical rack three states away and the arbitrary limits set by a bean counter in Seattle.<\/p>\n<p>If you\u2019re using the AWS CLI v2.15, you better get real comfortable with checking your limits before you start dreaming of &#8220;infinite&#8221; scale. You need to know exactly how many VPCs, EIPs, and running instances your account is allowed to have in a specific region. If you don&#8217;t, your &#8220;automated&#8221; infrastructure-as-code is going to barf a bunch of JSON errors at you right when you\u2019re trying to push a critical patch. Use the following command to actually see what you\u2019re up against before you start building your &#8220;vibrant&#8221; architecture that will inevitably fail:<\/p>\n<pre class=\"codehilite\"><code class=\"language-bash\"># Checking service quotas for EC2 instances to avoid the &quot;infinite&quot; trap\naws service-quotas list-service-quotas \\\n    --service-code ec2 \\\n    --query &quot;Quotas[?QuotaName=='Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) instances'].{Name:QuotaName, Value:Value, Code:QuotaCode}&quot; \\\n    --output table \\\n    --region us-east-1\n<\/code><\/pre>\n<p>The &#8220;jank&#8221; here is that these quotas aren&#8217;t always updated in real-time. You might think you have room to grow, but then you hit a &#8220;ResourceLimitExceeded&#8221; error because the internal accounting hasn&#8217;t caught up to your recent deletions. It\u2019s the same bit rot, just moved to a different layer of the stack. You have to treat the cloud like a crowded data center where you\u2019ve only rented half a rack. You have to be stingy. You have to be skeptical. If you don&#8217;t account for throttling and quotas, your &#8220;highly available&#8221; system is just a very expensive way to show a 503 error to your users.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"IAM_The_Art_of_Saying_%E2%80%98No_Until_it_Works\"><\/span>IAM: The Art of Saying &#8216;No&#8217; Until it Works<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Back in the day, I had a physical key to the cage. If you didn&#8217;t have the key, you didn&#8217;t touch the server. Now, we have IAM, a labyrinth of JSON policies that are so complex they practically require a PhD in Boolean logic to understand. People get lazy. They see the complexity and they just slap <code>AdministratorAccess<\/code> on everything because they want the &#8220;seamless&#8221; experience of things just working. That is how you end up with a crypto-miner running on a p4d.24xlarge instance that costs more than your mortgage. I hate writing IAM policies. It\u2019s a tedious, soul-crushing exercise in trial and error, but it\u2019s the only thing standing between you and a total account takeover.<\/p>\n<p>You have to adopt a &#8220;deny by default&#8221; mindset. If a service doesn&#8217;t absolutely need to talk to another service, you shut that door and you bolt it. I don&#8217;t care if it makes the developers cry. I\u2019ve seen what happens when a &#8220;robust&#8221; application has an SSRF vulnerability and the EC2 instance profile has <code>s3:*<\/code> permissions. It\u2019s not pretty. You end up with your entire customer database on a public pastebin. When you\u2019re trying to implement what the whitepapers call aws best architecture, you start with an empty policy and you add permissions one by one until the errors stop. It\u2019s slow, it\u2019s painful, and it\u2019s the only way to sleep at night. Here is a snippet of what a &#8220;least privilege&#8221; policy actually looks like for a standard app server\u2014none of that <code>Resource: *<\/code> garbage that the tutorials tell you to use.<\/p>\n<pre class=\"codehilite\"><code class=\"language-json\">{\n    &quot;Version&quot;: &quot;2012-10-17&quot;,\n    &quot;Statement&quot;: [\n        {\n            &quot;Sid&quot;: &quot;RestrictiveS3Access&quot;,\n            &quot;Effect&quot;: &quot;Allow&quot;,\n            &quot;Action&quot;: [\n                &quot;s3:GetObject&quot;,\n                &quot;s3:PutObject&quot;\n            ],\n            &quot;Resource&quot;: &quot;arn:aws:s3:::my-legacy-monolith-data-prod\/*&quot;,\n            &quot;Condition&quot;: {\n                &quot;StringEquals&quot;: {\n                    &quot;aws:PrincipalTag\/Environment&quot;: &quot;production&quot;\n                }\n            }\n        },\n        {\n            &quot;Sid&quot;: &quot;CloudWatchLogAccess&quot;,\n            &quot;Effect&quot;: &quot;Allow&quot;,\n            &quot;Action&quot;: [\n                &quot;logs:CreateLogGroup&quot;,\n                &quot;logs:CreateLogStream&quot;,\n                &quot;logs:PutLogEvents&quot;\n            ],\n            &quot;Resource&quot;: &quot;arn:aws:logs:*:*:*&quot;\n        }\n    ]\n}\n<\/code><\/pre>\n<p>Notice the <code>Condition<\/code> block. If you aren&#8217;t using conditions, you aren&#8217;t doing IAM right. You\u2019re just pretending. And don&#8217;t get me started on the &#8220;Confused Deputy&#8221; problem. If you\u2019re not validating the <code>ExternalId<\/code> when you\u2019re letting third-party SaaS tools into your account, you\u2019re basically leaving the back door unlocked and putting a &#8220;Welcome&#8221; mat out for hackers. It\u2019s all just cruft and complexity designed to hide the fact that security is hard and people are lazy.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"VPCs_and_the_Ghost_of_Subnets_Past\"><\/span>VPCs and the Ghost of Subnets Past<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>I remember when a &#8220;network&#8221; was a bunch of Cat6 cables I crimped myself and a Cisco switch that smelled like warm electronics. Now, it\u2019s a &#8220;Virtual Private Cloud,&#8221; which is just a fancy way of saying &#8220;software-defined networking that will charge you for every gigabyte that crosses an arbitrary boundary.&#8221; The CIDR math is the same, but the stakes are higher because every mistake has a dollar sign attached to it. The biggest scam in the modern cloud is the NAT Gateway. It\u2019s a tax on the soul. You pay for the gateway to exist, and then you pay for every bit of data that passes through it. If you\u2019re pulling a 50GB container image from a public registry through a NAT Gateway, you\u2019re basically burning money to stay warm.<\/p>\n<p>I\u2019ve seen &#8220;cloud architects&#8221; who don&#8217;t know the difference between a public and a private subnet. They just put everything in a public subnet and use Security Groups to &#8220;secure&#8221; it. That\u2019s like putting your server on the sidewalk and hoping nobody tries the door handle. If you\u2019re ignoring the so-called aws best advice on VPC design, you\u2019re going to end up with a flat network that is a playground for lateral movement. You need VPC Endpoints. You need to keep your traffic on the AWS backbone and off the public internet. It\u2019s more &#8220;jank&#8221; to configure, but it saves you from the NAT Gateway tax. Use the CLI to find those idle gateways that are sucking your budget dry:<\/p>\n<pre class=\"codehilite\"><code class=\"language-bash\"># Finding NAT Gateways that are just sitting there, costing money\naws ec2 describe-nat-gateways \\\n    --filter &quot;Name=state,Values=available&quot; \\\n    --query &quot;NatGateways[?length(ProvisionedBandwidth) == \\`0\\`].{ID:NatGatewayId, Subnet:SubnetId, Created:CreateTime}&quot; \\\n    --output table\n<\/code><\/pre>\n<p>And don&#8217;t even get me started on IPv6. Amazon Linux 2023 handles it better, but the legacy monolith we\u2019re moving still thinks the world ends at 255.255.255.255. Trying to bridge that gap is like trying to teach a dog to play the violin. You end up with a mess of dual-stack configurations and routing table entries that look like spaghetti code. It\u2019s all just layers of abstraction built on top of the same old Ethernet frames, and it\u2019s getting harder to see the actual wire through all the &#8220;cloud-native&#8221; fog.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"S3_Its_Not_a_Trash_Can_Its_a_Liability\"><\/span>S3: It&#8217;s Not a Trash Can, It&#8217;s a Liability<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>S3 is the one thing I\u2019ll grudgingly admit is impressive, but it\u2019s also the most dangerous tool in the shed. People treat it like an infinite trash can for their &#8220;big data&#8221; (which is usually just 400GB of uncompressed logs that nobody will ever read). The problem is that S3 is a public-facing service by default if you click the wrong button. I\u2019ve seen more data breaches caused by a &#8220;vibrant&#8221; developer making a bucket public &#8220;just for a second&#8221; than I have by actual sophisticated hacking. If you aren&#8217;t using &#8220;Block Public Access&#8221; at the account level, you\u2019re asking for a PagerDuty alert at 4:00 AM.<\/p>\n<p>The bit rot in S3 comes from the lack of lifecycle policies. People upload files and forget them. Ten years later, you\u2019re paying for petabytes of data that hasn&#8217;t been accessed since the Obama administration. If you actually want to follow aws best standards, you need to enforce encryption at rest and use Object Lock for anything that needs to be immutable. And for the love of all that is holy, use versioning. I once saw a junior run a <code>python 3.11<\/code> script with a bug that deleted the wrong prefix in a production bucket. If we hadn&#8217;t had versioning enabled, I\u2019d still be in that data center trying to find the tapes.<\/p>\n<pre class=\"codehilite\"><code class=\"language-bash\"># Enforcing a lifecycle policy to move old cruft to Glacier Deep Archive\naws s3api put-bucket-lifecycle-configuration \\\n    --bucket my-legacy-monolith-backups \\\n    --lifecycle-configuration '{\n        &quot;Rules&quot;: [\n            {\n                &quot;ID&quot;: &quot;MoveOldLogsToArchive&quot;,\n                &quot;Prefix&quot;: &quot;logs\/&quot;,\n                &quot;Status&quot;: &quot;Enabled&quot;,\n                &quot;Transitions&quot;: [\n                    {&quot;Days&quot;: 90, &quot;StorageClass&quot;: &quot;GLACIER_IR&quot;},\n                    {&quot;Days&quot;: 180, &quot;StorageClass&quot;: &quot;DEEP_ARCHIVE&quot;}\n                ],\n                &quot;Expiration&quot;: {&quot;Days&quot;: 3650}\n            }\n        ]\n    }'\n<\/code><\/pre>\n<p>Encryption is another point of pain. KMS is great until you hit the request limits because your app is calling <code>Decrypt<\/code> every time it reads a file. Then you\u2019re throttled, your app hangs, and the &#8220;cloud&#8221; doesn&#8217;t look so &#8220;seamless&#8221; anymore. You have to cache your data keys. You have to understand the envelope encryption model. It\u2019s not just &#8220;upload and forget.&#8221; It\u2019s a constant battle against entropy and the rising cost of storage.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Monitoring_If_it_Doesnt_Wake_You_Up_Its_Useless\"><\/span>Monitoring: If it Doesn&#8217;t Wake You Up, It&#8217;s Useless<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>CloudWatch is a cruel joke. It\u2019s a logging system designed by people who love looking at graphs but hate actually fixing things. The latency is the real killer. By the time a CloudWatch alarm triggers and sends a notification to SNS, which then triggers a Lambda, which then pings your Slack channel, your database has already been a smoking crater for five minutes. I miss the days of Nagios\u2014at least I knew that if the light turned red, something was actually broken. Now, I have &#8220;AI-powered insights&#8221; telling me that my CPU usage is &#8220;anomalous&#8221; because I ran a cron job.<\/p>\n<p>The &#8220;jank&#8221; in modern monitoring is the sheer volume of noise. We have metrics for everything, but visibility into nothing. You need to focus on the &#8220;Four Golden Signals,&#8221; but even then, you\u2019re just guessing because you can&#8217;t see the underlying hardware. Is the disk slow because of your code, or because the EBS volume is being throttled on the IOPS you were too cheap to provision? You have to dig through the logs. Real logs. Not the summarized &#8220;insights&#8221; garbage. I use the CLI to tail logs because the web console is too slow to be useful during an actual incident.<\/p>\n<pre class=\"codehilite\"><code class=\"language-bash\"># Tailing logs for a specific function to see the actual errors, not the marketing version\naws logs tail \/aws\/lambda\/legacy-monolith-processor \\\n    --follow \\\n    --format short \\\n    --since 10m\n<\/code><\/pre>\n<p>If your monitoring doesn&#8217;t include a &#8220;dead man&#8217;s switch,&#8221; you don&#8217;t have monitoring. You have a historical record of your failures. I want to know when the heartbeat stops, not when the &#8220;vibrant&#8221; dashboard shows a 5% dip in throughput. And don&#8217;t get me started on the cost of custom metrics. You start pushing a few high-cardinality metrics and suddenly your CloudWatch bill is higher than your EC2 bill. It\u2019s a racket. They charge you to tell you that the service you\u2019re paying for is broken.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cost_Optimization_Paying_for_Air\"><\/span>Cost Optimization: Paying for Air<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The cloud is the only place where you pay for things you aren&#8217;t using. In my data center, if a server was off, it was just a hunk of metal taking up space. In AWS, if you leave an unattached EBS volume sitting there, or an idle NAT Gateway, or a bunch of &#8220;zombie&#8221; Elastic IPs, the meter keeps running. It\u2019s &#8220;paying for air.&#8221; I\u2019ve spent the last three weeks cleaning up the mess left behind by a &#8220;cloud-native&#8221; consultant who thought that &#8220;elasticity&#8221; meant &#8220;never delete anything.&#8221;<\/p>\n<p>We\u2019re running Amazon Linux 2023 now, which is fine, I guess, but it doesn&#8217;t change the fact that the underlying instances are often oversized. People pick an m5.xlarge because they\u2019re too lazy to profile their code, and they end up using 5% of the CPU. That\u2019s 95% waste. That\u2019s money that could be going into my whiskey fund. You have to be ruthless. You have to use Spot instances for anything that isn&#8217;t mission-critical, and you have to use Savings Plans for the stuff that is. But even then, you\u2019re just playing a game of &#8220;guess the capacity&#8221; with a provider that has all the cards.<\/p>\n<p>The &#8220;cruft&#8221; accumulates faster than you think. You spin up a sandbox to test a new feature, you forget to delete the RDS snapshot, and six months later you\u2019re wondering why your &#8220;storage&#8221; costs have doubled. There is no &#8220;seamless&#8221; way to manage this. It\u2019s manual labor. It\u2019s checking the billing dashboard every morning like a hawk. It\u2019s writing scripts to find and kill the resources that are sucking the life out of your budget.<\/p>\n<p>I just got a notification. The RDS instance in us-east-1 is reporting &#8220;Storage Full.&#8221; Of course it is. It\u2019s 3:45 AM and the legacy monolith just decided to dump 200GB of &#8220;vibrant&#8221; debug logs into the database because a developer left a flag on. The &#8220;self-healing&#8221; storage hasn&#8217;t kicked in because we hit the maximum autoscaling limit I set to keep the bean counters happy. I have to go. The &#8220;cloud&#8221; is calling, and it sounds a lot like a server screaming in a blizzard. My coffee is cold. My eyes hurt. This is the life we chose.<\/p>\n<p>Wait, the PagerDuty is going off again. It\u2019s the &#8220;aws best&#8221; load balancer. It\u2019s failing its health checks. I\u2019m out.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Related_Articles\"><\/span>Related Articles<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Explore more insights and best practices:<\/p>\n<ul>\n<li><a href=\"https:\/\/itsupportwale.com\/blog\/top-machine-learning-best-practices-for-better-models\/\">Top Machine Learning Best Practices For Better Models<\/a><\/li>\n<li><a href=\"https:\/\/itsupportwale.com\/blog\/docker-best-practices-optimize-and-secure-your-containers\/\">Docker Best Practices Optimize And Secure Your Containers<\/a><\/li>\n<li><a href=\"https:\/\/itsupportwale.com\/blog\/getting-started-with-iot\/\">Getting Started With Iot<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The smell of ozone. That\u2019s what I miss. You don&#8217;t get that in the us-east-1 console. You get a loading spinner and a &#8220;Service Health Dashboard&#8221; that lies to your face while the world burns. Back in February of 2009, I was working in a colo facility in the basement of a converted textile mill &#8230; <a title=\"10 Essential AWS Best Practices for Cloud Optimization\" class=\"read-more\" href=\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/\" aria-label=\"Read more  on 10 Essential AWS Best Practices for Cloud Optimization\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4826","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>10 Essential AWS Best Practices for Cloud Optimization - ITSupportWale<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"10 Essential AWS Best Practices for Cloud Optimization - ITSupportWale\" \/>\n<meta property=\"og:description\" content=\"The smell of ozone. That\u2019s what I miss. You don&#8217;t get that in the us-east-1 console. You get a loading spinner and a &#8220;Service Health Dashboard&#8221; that lies to your face while the world burns. Back in February of 2009, I was working in a colo facility in the basement of a converted textile mill ... Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/\" \/>\n<meta property=\"og:site_name\" content=\"ITSupportWale\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Itsupportwale-298547177495978\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-28T16:19:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/itsupportwale.com\/blog\/wp-content\/uploads\/2021\/05\/android-chrome-512x512-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Techie\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Techie\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/\"},\"author\":{\"name\":\"Techie\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/#\/schema\/person\/8c5a2b3d36396e0a8fd91ec8242fd46d\"},\"headline\":\"10 Essential AWS Best Practices for Cloud Optimization\",\"datePublished\":\"2026-06-28T16:19:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/\"},\"wordCount\":2590,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/\",\"url\":\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/\",\"name\":\"10 Essential AWS Best Practices for Cloud Optimization - ITSupportWale\",\"isPartOf\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/#website\"},\"datePublished\":\"2026-06-28T16:19:48+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/itsupportwale.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"10 Essential AWS Best Practices for Cloud Optimization\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/#website\",\"url\":\"https:\/\/itsupportwale.com\/blog\/\",\"name\":\"ITSupportWale\",\"description\":\"Tips, Tricks, Fixed-Errors, Tutorials &amp; Guides\",\"publisher\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/itsupportwale.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/#organization\",\"name\":\"itsupportwale\",\"url\":\"https:\/\/itsupportwale.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/itsupportwale.com\/blog\/wp-content\/uploads\/2023\/09\/cropped-Logo-trans-without-slogan.png\",\"contentUrl\":\"https:\/\/itsupportwale.com\/blog\/wp-content\/uploads\/2023\/09\/cropped-Logo-trans-without-slogan.png\",\"width\":1119,\"height\":144,\"caption\":\"itsupportwale\"},\"image\":{\"@id\":\"https:\/\/itsupportwale.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Itsupportwale-298547177495978\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/itsupportwale.com\/blog\/#\/schema\/person\/8c5a2b3d36396e0a8fd91ec8242fd46d\",\"name\":\"Techie\",\"sameAs\":[\"https:\/\/itsupportwale.com\",\"iswblogadmin\"],\"url\":\"https:\/\/itsupportwale.com\/blog\/author\/iswblogadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"10 Essential AWS Best Practices for Cloud Optimization - ITSupportWale","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/","og_locale":"en_US","og_type":"article","og_title":"10 Essential AWS Best Practices for Cloud Optimization - ITSupportWale","og_description":"The smell of ozone. That\u2019s what I miss. You don&#8217;t get that in the us-east-1 console. You get a loading spinner and a &#8220;Service Health Dashboard&#8221; that lies to your face while the world burns. Back in February of 2009, I was working in a colo facility in the basement of a converted textile mill ... Read more","og_url":"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/","og_site_name":"ITSupportWale","article_publisher":"https:\/\/www.facebook.com\/Itsupportwale-298547177495978","article_published_time":"2026-06-28T16:19:48+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/itsupportwale.com\/blog\/wp-content\/uploads\/2021\/05\/android-chrome-512x512-1.png","type":"image\/png"}],"author":"Techie","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Techie","Est. reading time":"14 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#article","isPartOf":{"@id":"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/"},"author":{"name":"Techie","@id":"https:\/\/itsupportwale.com\/blog\/#\/schema\/person\/8c5a2b3d36396e0a8fd91ec8242fd46d"},"headline":"10 Essential AWS Best Practices for Cloud Optimization","datePublished":"2026-06-28T16:19:48+00:00","mainEntityOfPage":{"@id":"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/"},"wordCount":2590,"commentCount":0,"publisher":{"@id":"https:\/\/itsupportwale.com\/blog\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/","url":"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/","name":"10 Essential AWS Best Practices for Cloud Optimization - ITSupportWale","isPartOf":{"@id":"https:\/\/itsupportwale.com\/blog\/#website"},"datePublished":"2026-06-28T16:19:48+00:00","breadcrumb":{"@id":"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/itsupportwale.com\/blog\/10-essential-aws-best-practices-for-cloud-optimization-3\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/itsupportwale.com\/blog\/"},{"@type":"ListItem","position":2,"name":"10 Essential AWS Best Practices for Cloud Optimization"}]},{"@type":"WebSite","@id":"https:\/\/itsupportwale.com\/blog\/#website","url":"https:\/\/itsupportwale.com\/blog\/","name":"ITSupportWale","description":"Tips, Tricks, Fixed-Errors, Tutorials &amp; Guides","publisher":{"@id":"https:\/\/itsupportwale.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/itsupportwale.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/itsupportwale.com\/blog\/#organization","name":"itsupportwale","url":"https:\/\/itsupportwale.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/itsupportwale.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/itsupportwale.com\/blog\/wp-content\/uploads\/2023\/09\/cropped-Logo-trans-without-slogan.png","contentUrl":"https:\/\/itsupportwale.com\/blog\/wp-content\/uploads\/2023\/09\/cropped-Logo-trans-without-slogan.png","width":1119,"height":144,"caption":"itsupportwale"},"image":{"@id":"https:\/\/itsupportwale.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Itsupportwale-298547177495978"]},{"@type":"Person","@id":"https:\/\/itsupportwale.com\/blog\/#\/schema\/person\/8c5a2b3d36396e0a8fd91ec8242fd46d","name":"Techie","sameAs":["https:\/\/itsupportwale.com","iswblogadmin"],"url":"https:\/\/itsupportwale.com\/blog\/author\/iswblogadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/posts\/4826","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/comments?post=4826"}],"version-history":[{"count":0,"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/posts\/4826\/revisions"}],"wp:attachment":[{"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/media?parent=4826"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/categories?post=4826"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itsupportwale.com\/blog\/wp-json\/wp\/v2\/tags?post=4826"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}