You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Entire infrastructure in a private isolated network.
Solution: Place web and database tier in the same VPC under public and private subnets respectively.
Solution: Add Bastion server in public subnet for accessing database in private subnet.
Web application is available over the Internet via HTTP.
Solution: App instances only allow ingress/egress from Bastion and Elastic Beanstalk
Database tier should have restricted access (not open to HTTP) and allow traffic only through the web tier.
Solution: Database instances only allow Ingress/egress from Bastion and Elastic Beanstalk
Database tier should allow outbound requests via NAT.
Solution: Managed NAT gateways
Database requirements
Requires a managed SQL database which is highly available.
Solution: Amazon RDS (use Aurora in real-world scenario, sadly not in free-tier).
Daily generation of numerous reports which incur heavy read operations on the database. Need to mitigate impact on the performance of the web application.
Solution: Read replica and Batch job triggered by Cloudwatch rule.
No requirement at this point to balance the load on the database tier.
Elastic Beanstalk requirements
Enable automatic scaling based on traffic for cost-effectiveness.
Solution: Elastic Beanstalk > Auto-Scaling Group > Scaling based on instance CPU utilization.
L4/L7 load balancer which directs traffic to healthy instances only.
Solution: Elastic Beanstalk > Elastic Load Balancer (App or Network)
Set up CI/CD workflow
Solution: CodePipeline > Elastic Beanstalk
Well-architected framework
Operational Excellence
Ability to run and monitor systems to deliver value and to continually improve supporting processes and procedures.
Perform operations as code - Infrastructure as code.
Solution: Cloudformation.
Monitor operations.
Solution: CloudWatch alarms on MasterDB and Elastic Beanstalk environment
Security
Ability to protect information, systems, and assets while delivering value through risk assessments and mitigation strategies.
Apply security at all layers
Solution: Use Subnet Network ACL, VPC Security Groups, DB Subnet Groups, etc.
Solution: SSH Invalid User alarm for Bastion server
Data security at rest
Solution: RDS encryption at rest (for Production)
Reliability
Ability of a system to recover from disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions.
Automatically recover from failure
Solution: Elastic Beanstalk > Elastic Load Balancer health checks and auto-recovery
Scale horizontally to increase aggregate system availability
Use auto-scaling
Solution: Elastic Beanstalk > Auto-Scaling Group
Performance efficiency
Ability to use computing resources efficiently to meet requirements, and to maintain that efficiency.
Solution: Elastic Beanstalk > Auto-Scaling Group
Cost-optimisation
Ability to run systems to deliver business value at the lowest price point.
Adopt a consumption mode; only pay for what you need/use
Solution: Elastic Beanstalk > Auto-Scaling Group
Stop spending money on data centre operations
Solution: Use managed services as much as possible, such as Elastic Beanstalk, RDS, managed NAT, etc.
The text was updated successfully, but these errors were encountered:
Breakdown of requirements stated in https://gist.github.com/houdinisparks/b8dcd1d2b5b1179b45b0afe68351e027 and the Well Architected Framework.
VPC requirements
Database requirements
Elastic Beanstalk requirements
Well-architected framework
Operational Excellence
Ability to run and monitor systems to deliver value and to continually improve supporting processes and procedures.
Security
Ability to protect information, systems, and assets while delivering value through risk assessments and mitigation strategies.
Reliability
Ability of a system to recover from disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions.
Performance efficiency
Ability to use computing resources efficiently to meet requirements, and to maintain that efficiency.
Cost-optimisation
Ability to run systems to deliver business value at the lowest price point.
The text was updated successfully, but these errors were encountered: