- Designing for failure
- Decoupling the application components
- Implementing elasticity
- Combining it with parallelization
- Integrating security in every aspect of the application architecture
Decoupling the application components
Reduce interdependencies so that a change or a failure in one component does not cascade to other components.
Asynchronous integration is a common pattern for implementing loose coupling between services.
- Involves one components that generates events and another that consumes them.
- The two components do not integrate through direct point-to-point interaction,
- but through an intermediate durable storage layer such as AWS SQS queue or a streaming data platform like AWS Kinesis.
Implementing elasticity
Scaling Horizontally
Stateless Applications:
- A stateless application needs no knowledge of the previous interactions and stores no session information
- No session data needs to be shared between system resources, compute resources can be added as needed
Deployment Automation
- Automate your infrastructure
- Bootstrap your instances
Benefits of Deployment Automation
- Recreate environment with minimal efforts
- Maintain more control over your abstract, cloud based resources
- Reduce human-induced deployment errors
- Create a self-healing and self-discoverable environment that is more resilient to hardware failure
Leverage Different Storage Options
Example of the web application architecture:
- Move static assets (images, videos, CSS..) to S3, serve these objects via CloudFront
- Move web application session info to DynamoDB
- Leverage ElastCache to store common database query results, taking the load off from DB tier
Combining it with parallelization
Leverage request parallelization to achieve maximum performance and throughput
Build Security in Every Layer
Inventory your data, prioritize it by value, and apply the appropriate level of encryption for the data in transit and at rest.
Use AWS Features for Defense in Depth
- On network level, build a VPC to isolate parts of the infrastructure through the use of subnets, security groups, and routing controls.
- Application level build services like Web Application Firewall AWS WAF to protect your web application from SQL injection and other vulnerabilities in your application nodes
- For access control use IAM to define set of policies and assigne them to users, groups, and AWS resources
- Protect data in transit and at rest with encryption
Offload Security Responsibility to AWS
Reduce Privileged Access
Security as Code
Real-Time Auditing