You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

Please follow the naming convention bellow to help consistent provisioning of AWS resources.

ItemFormatting Style
Determined by Construct{{construct_name}}
Entered by User

{{item_name}}

Optional Text based on use[[naming]]
To be Included "AS IS"wording


For Updates to items already present, please use the inline-comment feature. For new additions which are not below, use the page comments (which will be deleted when resolved).

 

 

 

  1. Dashes are required as entered, do not remove them
  2. Spaces are left for legibility reasons around dashes, they are not to be included in the name
  3. Delimiters are not to be substituted into areas which are components of the name. Where clarity is needed for a veryLongName use modifiedCamelCase

If you need to deviate from standards, please contact your team architect. It will get added to the standard as appropriate (e.g. "search" for a tier type)

Naming Constructs

AWS Resource

Resource Name

Comment

Example

Account Naming Construct

{{group}} - {{environment}} - {{context}}

Environment should be one of:

  • prod
  • dev

Context should be one of:

  • standard

  • level4 (for Level 4 specific accounts)

  • bcdr (only for bcdr exclusive accounts)

admints-dev-standard

admints-prod-standard

admints-prod-level4

App Naming Construct

{{appName}} - {{environment}} -{{scope}}[[number]]

Environment should be one of:

  • prod
  • int
  • uat
  • stage
  • test
  • dev

Scope should be used if necessary and can reflect components of an application

  • auth
  • solr
  • app

  • web

  • cache

  • master

  • worker

  • nfs

If multiple are needed, increment number.

takeasweater-dev

takeasweater-stage

takeasweater-test

takeasweater-prod

ask-prod-auth

coursecatalog-prod-solr1

AWS Resource Naming Standards

CloudFormation Naming Standards

AWS Resource

Resource Name

Comment

Example

CloudFormation Stack

If this stack is universal and not application specific:

{{account_naming_construct}}  - {{stack_group}} - cf


If this stack is application specific:

{{appname_construct}} - {{stack_group}} - cf

stack_group should be one of:

  • ALL - includes all stack types

  • VPC - All VPC resources

  • NAT - NAT servers for the VPC

  • SG - Security Groups

  • IAM - IAM roles used instances and CodeDeploy

  • ELB - Elastic Load Balancer

  • ASGLC - AutoScaling Group and Launch Configuration

  • CW - CloudWatch monitoring

  • RDS - Databases, options groups, parameter groups

  • RDSREPLICA - Replica/slave database instances
  • S3 - S3 buckets

  • CONFIG - Config Rules

admints-prod-level4-vpc-cf

or

takeasweater-prod-all-cf

or

takeasweater-prod-iam-cf

CloudFormation ChangeSet

If this stack is universal and not application specific:

{{account_naming_construct}}  - {{dateGenerated}} - cset


If this stack is application specific:

{{appname_construct}} - {{dateGenerated}} - cset

Date Generated should follow:

YYYYMMDDHHMM

Any additional information about the change set should be included in the description of the changeset

admints-prod-level4-201704201100-cset

or

takeasweater-prod-201704201100-cset

AWS Account Items

AWS Resource

Resource Name

Comment

Example

AWS Account Name

{{account_naming_construct}}

Not all P-env’s require a separate account

admints-dev-standard

admints-prod-level4

AWS Account Emailhuit-cloudops-awsaccounts + {{group}} - {{environment}} @calists.harvard.edu

Environment should be one of:

  • P = prod
  • P-1 = stage
  • P-2 = test
  • P-3 = dev

    Not all P-env’s require a separate account

huit-cloudops-awsaccounts+admints-dev@calists.harvard.edu

If account naming conflicts exist, such as a single group owns a standard account as well as a level4 account, abbreviate {{context}} to make a clear differentiation. e.g. admints-prod and admints-prod-l4

There is a 64 character limit on the AWS Account Email Address form input

 

VPC Resource Naming Standards

AWS Resource

Resource Name

Comment

Example

VPCs

{{account_naming_construct}} - vpc 

  • level4 

    • for Level 4 VPC’s inside non-l4 specific accounts

  • bcdr 

    • only for bcdr exclusive accounts

admints-dev-standard-vpc

admints-stage-standard-vpc

admints-prod-standard-vpc

admints-prod-level4-vpc

admints-prod-bcdr-vpc

 

Subnets

{{account_name_construct}} - {{subnetType}} - {{routeType}} - {{az}} {{number}}

Subnet Type should be one of:

  • app

  • elb

  • db

  • cache

  • nat

  • web

  • data

Number:

  • Starts at 1, only increments if we have outgrown that AZ’s subnet

admints-dev-standard-app-private-1a-1

admints-stage-standard-elb-public-1b-1

admints-prod-standard-db-private-1c-1

admints-prod-level4-web-private-1d-1

VPC Peering Link{{account_naming_construct_of_target}} - {{scope_of_target}} - vpc-peerlinkThe items to be written should be that of the remote end of the VPC Peering Link

Example link between admints and sharedservices

  • admints-prod-standard-vpc-peerlink
  • sharedservices-prod-standard-vpc-peerlink

 

Route Tables{{account_naming_construct}} - {{routeType}} - rt  [[ zone]]  

Route type is one of the following:

  • public
  • private

If the route table is distinct for each AZ (e.g. you are routing to different NATs), you must add the following Zone

Zone should be #l (e.g 1a, 1b, 1c, 1d, 1e)

admints-dev-standard-private-rt-1a

admints-dev-standard-public-rt

DHCP Option Sets{{account_naming_construct}} - dhcpoptionsPlease Reference VPC Setup: DHCP Option Sets Required Settings

admints-dev-standard-dhcpoptions

Network ACL{{account_naming_construct}} {{naclType}} nacl

NACL Types should reference why they exist (dnsout, etc)

Please note that these are not required and not great to use

admints-dev-dnsout-nacl
Virtual Private Gateway{{account_naming_construct}} - {{scope}} - vgw 

Scope should be one of (only if colocated in a "standard" account)

  • level4 

    • for Level 4 VPC’s inside non-l4 specific accounts

  • bcdr 

    • only for bcdr exclusive accounts

 

This should match the VPC naming

 

EC2 Resource Naming Standards

AWS Resource

Resource Name

Comment

Example

Elastic Load Balancer

{{appname_construct}} - {{elb_scope}} - elb

Deprecating elb_scope: All new ELBs should be internal

ELB Scope Name is one of:

  • public

  • private

takeasweater-dev-elb

takeasweater-stage-web-elb

takeasweater-prod-web1-elb

 

Launch Configuration

{{appname_construct}} - {{resource_name}} - {{dateGenerated}} - lc

Deprecating resource_name: scope is now built into appname_construct

Resource Name is one of:

  • web

  • app

  • cache

  • management 

    • for bastion and direct Harvard management access only

  • master

  • worker

  • nfs

 

dateGenerated only required if manually created

Date should be in the form:

YYYYMMDDHHMM

Hours should be in 24 hour format

 

car-prod-web-201511041708-lc

maximo-dev-nfs-201511091000-lc

fastcat-prod-app-lc

coursecatalog-prod-app-lc

AutoScaling

{{appname_construct}} - {{asg_scope}} - asg

Deprecating asg_scope: scope is now built into appname_construct

ASG Scope:

  • app

  • web

  • cache

takeasweater-prod-app-asg

takeasweater-prod-asg

Security Groups

{{appname_construct}}[[number]] - {{resource_name}} - sg


Account level Security Group resources:

{{account_naming_construct}}[[number]] - {{account_level_resource_name}} - sg

Resource Name can be one of:

  • elb

  • efs
  • nfs
  • instance
  • db
  • mgmt 

    • for bastion and direct Harvard management access only

If multiple are needed, increment number.

Account level resource name:

  • nat

takeasweater-dev-elb-sg

takeasweater-prod-web-mgmt-sg

takeasweater-prod-web01-instance-sg

takeasweater-prod-web02-instance-sg

Instances

{{appname_construct}} - {{instance_scope}} [[-  ec2asg]] 


 Account level instance resources:

{{account_naming_construct}} - {{account_level_instance_scope}} [[-  ec2asg]] 

Deprecating instance_scope: scope is now built into appname_construct

Instance Scope is one of:

  • app

  • web

  • db
  • cache

  • master

  • worker

  • nfs
  • node

If generated by an Autoscaling Group add "-ec2asg"

Account level Instance Scope:

  • nat

takeasweater-dev-app

takeasweater-prod-cache

takeasweater-prod-web-ec2asg

AMIs{{appname_construct}} - {{instance_scope}} - ami

Deprecating instance_scope: scope is now built into appname_construct

Instance Scope is one of:

  • app

  • web

  • cache

  • master

  • worker

  • nfs
nagiosxi-prod-master-ami

SSH Pem Keys

{{account_naming_construct}} {{appname_construct}} - {{dateGenerated}}

Date should be in the form:

YYYYMMDD

.pem will be added by AWS on download

admints-dev-standard-takeasweater-dev-web-20151102.pem

S3 Resource Naming Standards

AWS Resource

Resource Name

Comment

Example

S3 Buckets{{group}} - {{environment}} - {{scope}} - bucket

Environment should be one of:

  • P = prod
  • P-1 = stage
  • P-2 = test
  • P-3 = dev

Scope can be one or the following

  • elblogs

admints-dev-bucket

admints-dev-elblogs-bucket

Lambda Function Naming Standard

AWS Resource

Resource Name

Comment

Example

Lambda Function

{{appname_construct}} - {{function_scope}} - lambda-function


 Account level function resources:

{{account_naming_construct}} {{function_scope}} - lambda-function

Function scope should be one of the following:

  • autodeploy
  • cfoutputs

takeasweater-prod-autodeploy-lambda-function

 

campussvcs-prod-standard-cfoutputs-lambda-function

RDS Resource Naming Standards

AWS Resource

Resource Name

Comment

Example

RDS (DB Instance Name)

{{appname_construct}} - {{db_type}} - {{deployment_type}}

DB Type is one of the following:

  • oracle
  • mysql
  • postgres
  • maria
  • aurora

Deployment Type is one of the following:

  • multiaz
  • standalone
  • slave
    • Used when making Read Slaves in RDS

 

 

takeasweater-prod-oracle-standalone

takeasweater-prod-mysql-multiaz

takeasweater-prod-aurora-slave

RDS (Subnet Group)

{{appname_construct}} - {{db_type}} - {{deployment_type}} - subnetgroup

DB Type is one of the following:

  • oracle
  • mysql
  • postgres
  • maria
  • aurora

Deployment Type is one of the following:

  • multiaz
  • standalone
  • slave
    • Used when making Read Slaves in RDS

 

 

takeasweater-prod-oracle-standalone-subnetgroup

takeasweater-prod-mysql-multiaz-subnetgroup

takeasweater-prod-aurora-slave-subnetgroup

RDS (Option Group)

{{appname_construct}} - {{db_type}} - {{deployment_type}} - optiongroup

DB Type is one of the following:

  • oracle
  • mysql
  • postgres
  • maria
  • aurora

Deployment Type is one of the following:

  • multiaz
  • standalone
  • slave
    • Used when making Read Slaves in RDS

 

 

takeasweater-prod-oracle-standalone-optiongroup

takeasweater-prod-mysql-multiaz-optiongroup

takeasweater-prod-aurora-slave-optiongroup

RDS (Parameter Group)

{{appname_construct}} - {{db_type}} - {{deployment_type}} - paramgroup

DB Type is one of the following:

  • oracle
  • mysql
  • postgres
  • maria
  • aurora

Deployment Type is one of the following:

  • multiaz
  • standalone
  • slave
    • Used when making Read Slaves in RDS

 

 

takeasweater-prod-oracle-standalone-paramgroup

takeasweater-prod-mysql-multiaz-paramgroup

takeasweater-prod-aurora-slave-paramgroup

 

Elasticache Resource Naming Standards

AWS Resource

Resource Name

Comment

Example

ElastiCache{{appname_construct}} - {{cache_type}} - {{deployment_type}}

Cache Type is one of the following:

  • memcached
  • redis

Deployment Type is one of the following:

  • multiaz
  • standalone
  • slave
    • Used when making Redis Read Slaves in RDS

takeasweater-prod-memcached-standalone

takeasweater-prod-redis-multiaz

takeasweater-prod-redis-slave

 

CodeDeploy Resource Naming Standards

AWS Resource

Resource Name

Comment

Example

Code Deploy Deployment Group

{{appname_construct}} - {{scope}} - dg

Scope Can be one of the following:

  • app

  • web

  • cache

takeasweater-prod-app-dg

takeasweater-dev-web-dg

IAM Resource Naming Standards

AWS Resource

Resource Name

Comment

Example

IAM User

Administrators:

first_last

Service Accounts:

service_name

IAM user names should mirror the users @harvard.edu email address

 

 

robert_ruma

thomas_vachon

cloud_endure

IAM Group

{{appname_construct}} - {{group_purpose}} -  iam - group


Note: There will be a standard naming structure for account level group resources:

{{account_naming_construct}} - {{group_purpose}} - {{access_level}} -  iam - group

Application group purpose can be one of the following:

  • readonly
  • poweruser
  • administrator

 

Account level group purpose can be one of the following:

  • forcemfa
  • cloudendure
  • administrator

Option account level group access can be one of the following:

  • administrator
  • poweruser
  • readonly
  • isolated-by-tag

 

takeasweater-prod-readonly-iam-group

takeasweater-dev-administrator-iam-group

 

 

 

admints-dev-standard-forcemfa-iam-group

IAM Roles{{appname_construct}} - {{role_purpose}} -  iam - role

Role Purpose can be one of the following:

  • autodeploy
  • s3access
  • securitymonkey
  • datapipeline
  • ebssnapshot
  • lambdaexecute

 

 

 

takeasweater-prod-autodeploy-iam-role

takeasweater-dev-s3access-iam-role

Instance Role{{appname_construct}} - {{role_type}} -  iam - ec2role

Role Purpose can be one of the following:

  • app

  • web

  • cache

  • master

  • worker

  • nfs

 

takeasweater-prod-app-iam-ec2role

takeasweater-dev-cache-iam-ec2role

IAM Policy

{{appname_construct}} - {{product_used}} -  {{level_of_access}} - iam - policy



 

Note: There will be a standard naming structure for account level policy resources:

 

{{account_naming_construct}} - {{product_used}} -  {{level_of_access}} -  iam - policy


Product Used must be one of the AWS product names such as:

  • ec2
  • s3
  • lambda
  • codedeploy
  • sqs

Account level product names can be one of the following:

  • securitymonkey
  • osaccounts
  • cloudendure
  • cfoutputs

Level of Access must be one of the following:

  • readonly
  • readwrite
  • isolated-by-tag
takeasweater-prod-s3-readwrite-iam-policy

takeasweater-dev-codedeploy-readonly-iam-policy

 

 

 

 

Note: Instance profiles are a collection of policies added to a role

KMS

{{appname_construct}} {{scope}} {{type}} - kms

Context should be one of:

  • standard

  • level4 (for Level 4 Data)

  • bcdr (only for bcdr exclusive accounts)

 

Type should be one of:

  • ebs
  • rds
  • snowball
  • s3
  • redshift
  • codecommit
  • cloudtrail
  • elastictranscoder
  • ses

 

takeasweater-dev-standard-rds-kms

takeasweater-prod-standard-ebs-kms

 SSL Certificates (for ELB or Cloudfront)

 

{{appname_construct}} - {{product_used}} {{certificate_type}} - {{certificate_expiry}} - sslcert

 

These items are treated internally as IAM resources and therefore must be named appropriately

Product Used must be one of the following AWS product names:

  • elb
  • cloudfront

Certificate Type should be one of the following:

  • domain
  • wildcard
  • san

 

Certificate Expiry should be in the format "YYYYMM"

 

takeasweater-dev-elb-domain-201601-sslcert

takeasweater-prod-cloudfront-wildcard-201601-sslcert

 

Cloudwatch Resource Naming Standards

AWS Resource

Resource Name

Comment

Example

CloudWatch Alarm{{appname_construct}} - {{instance_id}} - {{alarm_product}} - {{alarm_metric}} - {{check_status}} - cw-alarm

Alarm Product Should be one of the following (lowercased):

  • elb
  • asg
  • rds
  • billing
  • ebs
  • lambda
  • s3
  • sns
  • linuxsystem (instance_id must be used)

Alarm Metric should match the metric name in lowercase dashed style such as:

  • http-4xx
  • http-5xx
  • volume-queue-length
  • cpu
  • memory
  • swap
  • diskspace

Check Status should be one of:

  • high
  • low

 

takeasweater-prod-elb-http-4xx-high-cw-alarm

takeasweater-prod-rds-max-connections-high-cw-alarm

 

SNS Resource Naming Standards

AWS Resource

Resource Name

Comment

Example

SNS Topic{{appname_construct}} - {{topic_name}} - {{topic_subscription_type}} sns-topic

Topic name should be a lowercased name for the topic

Topic Subscription Type should be one of the following:

  • email
  • http
  • sqs
  • sms
  • application
  • lambda

 

takeasweater-prod-elbcw-email-sns-topic

takeasweater-prod-codedeploy-lambda-sns-topic

 

 

SQS Resource Naming Standards

AWS Resource

Resource Name

Comment

Example

SQS Queue{{appname_construct}} - {{queue_name}} sqs-queueThe Queue name should be a lowercased name for the queuetakeasweater-prod-myqueuename-sqs-queue

 

CloudOps Tool Naming Standards

Package Names for CAR 

TypeFormatExampleKnown Standards Reference
RPM

hcdo - {{ package context }}

Version and architecture are added in the Jenkins build

hcdo-ansible-role-apache

hcdo-ansible-role-postfix

hcdo-ansible-role-splunk

hcdo-splunk-certs

hcdo-cloud-os-accounts

https://fedoraproject.org/wiki/Packaging:NamingGuidelines
DEB   

 

Splunk Index Naming

FormatCommentExample

cloud - {{ group }} - {{ environment }}

Optional for level4 isolation:

cloud - {{ group }} - {{ inner-group }} - {{ environment }}



Environment should be one of:

  • prod
  • uat
  • stage
  • test
  • dev

Values should be lowercase, no spaces

Already created indexes:

cloud-acts-dev

cloud-acts-prod

cloud-admints-dev

cloud-admints-test

cloud-admints-uat

cloud-admints-prod

cloud-campusservices-dev

cloud-campusservices-prod

cloud-cloudops-dev

cloud-cloudops-prod

cloud-lts-dev

cloud-lts-prod

cloud-sharedservices-dev

cloud-sharedservices-prod

Optional for level4:

cloud-admints-researchadmin-prod

cloud-admints-researchadmin-dev



 

Git Repository

TypeFormatCommentExample
Automation Code Repositories

hcdo - {{ code context }} - {{ resource name }}

 

Code context should be one of the following:

  • ansible-role
  • cloudformation


This name should mirror any associated CAR package

 

Resource name should be the name of the resource the automation code manages.

 

hcdo-ansible-role-apache

hcdo-ansible-role-postfix

hcdo-ansible-role-splunk

hcdo-cloudformation-rds

 

Tools Repositorieshcdo - {{ tool name }}

Tool name is specific to the function of the tool.

It should reflect a meaningful name.

 

This name should mirror any associated CAR package

hcdo-splunk-certs

hcdo-cloud-os-accounts

Application Repositorieshcdo - applications - {{groupName}} - {{appName}}

groupName should be the application group

appName should be the application name without the environment

hcdo-applications-admints-gmas
Feature Branchfeature/CLOPS-xxx_short_descriptionCLOPS-xxx should be the JIRA Story or task used to track progressfeature/CLOPS-2713_adding_environment_tag
Bugfix Branchbugfix/CLOPS-xxx_short_descriptionCLOPS-xxx should be the JIRA Story or task used to track progressbugfix/CLOPS-2713_fix_race_condition

DynamoDB Tables

FormatCommentExample
 {{appname_construct}} - {{ context }}

Context may be arbitrary but reflects the use of the table

 

 pidash-dev-osaccounts

 pidash-prod-osaccounts

CloudWatch Log Groups

FormatCommentExample

{{appname_construct}} - {{ source }} - {{ context }} 


Source should be one of the following (the AWS service the CloudWatch Log is configured with):

  • lambda
  • vpc

Context may be arbitrary but reflects the context of the use of the log

vpc-flowlog

lambda-dev-autodeploy

lambda-prod-autodeploy

pidash-dev-lambda-deleteebssnapshot

pidash-prod-solr-lambda-deleteebssnapshot

pidasht-dev-lambda-ebssnapsho

pidash-prod-lambda-ebssnapshot

Elastic File System

FormatCommentExample
 {{appname_construct}} - efs

Context may be arbitrary but reflects the purpose of the storage

 

 github-prod-backup-efs

  • No labels