DNS, Apex domain and HTTPS → HTTP redirects
API gateway options
https://blog.cloudcraft.co/comparing-api-gateways-on-aws/
Network architecture
- VPC, IG, NAT, SG
- route-based vs SG based security model
https://blog.cloudcraft.co/what-architects-need-to-know-about-networking-on-aws/
IAM policies
https://cloudonaut.io/record-aws-api-calls-to-improve-iam-policies/
Migration to Graviton ARM instances
Spot market, mispriced instances
https://pauley.me/post/2022/spot-instance-pricing/
Scheduled & serverless batch jobs
- AWS Batch
- EC2, managed EC2 by ECS, Fargate
- EventBridge
https://blog.cloudcraft.co/aws-architecture-pattern-for-scheduled-serverless-batch-processing/
Containers on AWS
- ECS, EKS, Fargate https://cloudonaut.io/containers-on-aws-ecs-eks-and-fargate/
Simple login using Application Load Balancer Authentication
https://aws.amazon.com/blogs/aws/built-in-authentication-in-alb/
- Single Sign On (SSO)
- OpenID Connect (OIDC)
- Cognito, Auth0, Google OIDC, Facebook OIDC
https://www.exampleloadbalancer.com/auth_detail.html
- demo of ALB Authentication
ECS Anywhere
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-anywhere.html
Serverless
AppSync Masterclass https://www.manning.com/books/serverless-architectures-on-aws-second-edition
Good use of serverless
- YES for High-compute, highly parallel, low throughput ( ex: search by scanning in S3 )
- YES for sandboxing (complex file parsing which might have vulnerabilities)
- NOT for web services
https://kerkour.com/when-to-use-serverless
DynamoDB
AWS, the good parts
- EC2
- ELB
- CI/CD
https://gumroad.com/l/aws-good-parts
Gotchas on AWS
- CPU credits on T2, T3 instancea
- IOPS and bandwidth limits for EBS https://laravel-news.com/aws-mistakes
Managing effectively
ChatOps
- get notified of alerts and security events on Slack
- escalate within team
Monitor security
https://cloudonaut.io/2023-08-04-aws-security-monitoring/
https://cloudonaut.io/security-iceberg-aws-security-hub-the-right-way/