Menu Close

Chapter 14 – Architecture Best Practices

  • Designing for failure
  • Decoupling the application components
  • Implementing elasticity
  • Combining it with parallelization
  • Integrating security in every aspect of the application architecture

Decoupling the application components

Reduce interdependencies so that a change or a failure in one component does not cascade to other components.

Asynchronous integration is a common pattern for implementing loose coupling between services.

  • Involves one components that generates events and another that consumes them.
  • The two components do not integrate through direct point-to-point interaction,
  • but through an intermediate durable storage layer such as AWS SQS queue or a streaming data platform like AWS Kinesis.

Implementing elasticity

Scaling Horizontally

Stateless Applications:

  • A stateless application needs no knowledge of the previous interactions and stores no session information
  • No session data needs to be shared between system resources, compute resources can be added as needed

Deployment Automation

  • Automate your infrastructure
  • Bootstrap your instances

Benefits of Deployment Automation

  1. Recreate environment with minimal efforts
  2. Maintain more control over your abstract, cloud based resources
  3. Reduce human-induced deployment errors
  4. Create a self-healing and self-discoverable environment that is more resilient to hardware failure

Leverage Different Storage Options

Example of the web application architecture:

  • Move static assets (images, videos, CSS..) to S3, serve these objects via CloudFront
  • Move web application session info to DynamoDB
  • Leverage ElastCache to store common database query results, taking the load off from DB tier

Combining it with parallelization

Leverage request parallelization to achieve maximum performance and throughput

Build Security in Every Layer

Inventory your data, prioritize it by value, and apply the appropriate level of encryption for the data in transit and at rest.

Use AWS Features for Defense in Depth

  • On network level, build a VPC to isolate parts of the infrastructure through the use of subnets, security groups, and routing controls.
  • Application level build services like Web Application Firewall AWS WAF to protect your web application from SQL injection and other vulnerabilities in your application nodes
  • For access control use IAM to define set of policies and assigne them to users, groups, and AWS resources
  • Protect data in transit and at rest with encryption

Offload Security Responsibility to AWS

Reduce Privileged Access

Security as Code

Real-Time Auditing

Leave a Reply

Your email address will not be published. Required fields are marked *