Mobycast

In episode #78 of Mobycast, we introduced the AWS Well-Architected Framework, an indispensable resource of best practices when running workloads in the cloud. We explained that the framework defines five pillars of excellence, and we dug deep on the first pillar, "Operational Excellence".

If you missed that episode, hit pause now and go listen to that one first. It's ok, we'll wait for you.
Now, in this episode of Mobycast, Jon and Chris continue their three-part series on the AWS Well-Architected Framework and discuss the next two pillars of excellence: "Security" and "Reliability".

Show Notes

In this episode, we cover the following topics:
  • Pillars in depth
    • Security
      • "Ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies"
      • Design principles
        • Implement strong identity foundation
        • Enable traceability
        • Security at all layers
        • Automate security best practices
        • Protect data in transit and at rest
        • Keep people away from data
        • Prepare for security events
      • Key service: AWS IAM
      • Focus areas
        • Identity and access management
          • Services: IAM, AWS Organizations, MFA
        • Detective controls
          • Services: CloudTrail, CloudWatch, AWS Config, GuardDuty
        • Infrastructure protection
          • Services: VPC, Shield, WAF
        • Data protection
          • Services: KMS, ELB (encryption), Macie (detect sensitive data)
        • Incident response
          • Services: IAM, CloudFormation
      • Best practices
        • Identity and access management
          • AWS Cognito
            • Act as broker between login providers
            • Securely access any AWS service from mobile device
        • Data protection
          • Encrypt
            • Encryption at rest
            • Encryption in transit
            • Encrypted backups
          • Versioning
          • Storage resiliency
          • Detailed logging
        • Incident response
          • Employ strategy of templated "clean rooms"
            • Create new trusted environment to conduct investigation
            • Use CloudFormation to easily create the "clean room" environment
    • Reliability
      • "Ability to recover from failures, dynamically acquire resources to meet demand and mitigate disruptions such as network issues"
      • Design principles
        • Test recovery procedures
        • Auto recover from failures
        • Scale horizontally to increase availability
        • Stop guessing capacity
        • Manage change with automation
      • Key service: CloudWatch
      • Focus areas
        • Foundations
          • Services: IAM, VPC, Trusted Advisor (visibility into service limits), Shield (protect from DDoS)
        • Change management
          • Services: CloudTrail, AWS Config, CloudWatch, Auto Scaling
        • Failure management
          • Services: CloudFormation, S3, Glacier, KMS
      • Best practices
        • Foundations
          • Take into account physical and service limits
          • High availability
            • No single points of failure (SPOF)
            • Multi-AZ design
            • Load balancing
            • Auto scaling
            • Redundant connectivity
            • Software resilience
        • Failure management
          • Backup and disaster recovery
            • RPO, RTO
          • Inject failures to test resiliency
      • Key points
        • Plan network topology
        • Manage your AWS service and rate limits
        • Monitor your system
        • Automate responses to demand
        • Backup
  • In the next episode, we'll cover the remaining 2 pillars and discuss how to perform a Well-Architected Review.

Links
Whitepapers

End song:
The Runner (David Last Remix) - Fax

For a full transcription of this episode, please visit the episode webpage.

We'd love to hear from you! You can reach us at:

What is Mobycast?

A Podcast About Cloud Native Software Development, AWS, and Distributed Systems