Architecture Best Practices
OU Structure¶

Reliability¶
| Concept | Description |
|---|---|
| Availability | Determined by percentage uptime, in 9s |
| High Availability | The system will continue to function despite the complete failure of any component of the architecture |
| Fault Tolerance | The system will continue to function without degradation in performance despite the complete failure of any component of the architecture |
| Redundant | Multiple resources dedicated to performing the same task |
| Scalability | The ability of a system to increase resources to accommodate increased demand |
| Elasticity |
|
Design for Failure¶
- HIGHLY AVAILABLE
-
- Can withstand the failure of an individual or multiple components
- Goal is to ensure app survives when the underlying physical hardware for 1 of the servers fails

- REDUNDANCY
-
- Remove single point of failure by having multiple resources for the same task
- Types
Type Description STANDBY - When resources fails, functionality restored on secondary resource using FAILOVER
- Failover require time before completed, during that period resource is UNAVAILABLE
- Used for STATEFUL components
ACTIVE - Requests distributed to multiple redundant resources
- When 1 fails → rest absorb workload
- Redundant Webapp
- Add another web instance in ANOTHER AZ
- Add STANDBY RDS in ANOTHER AZ
- Also ACTIVE redundancy by swapping EIP with ELB

Elasticity¶
- ELASTICITY
-
- Ability of a system to grow to handle increased load, whether gradually over time or in response to a sudden change in business needs
- SCALING
-
- Architecture should scale linearly
- Types
Type Description SCALING VERTICALLY Through an increase in the specs of an individual resource (e.g., EC2 instance type) SCALING HORIZONTALLY - Through an increase in the number of resources (e.g., number of instances)
- STATELESS APPS
- Needs to knowledge of previous interactions & stores no session info
- Can scale horizontally cause each request can be served by any available resource
- For webapps → AUTOSCALING (add AutoScaling Group)

- STATELESS COMPONENTS
- Most apps need to maintain some kind of state info
- You can make a portion of the architecture stateless by not storing state locally (e.g., use HTTP Cookies) on a horizontally-scaling resource (as it can appear/disappear)
- Solution → store user session info in a DB (e.g., DynamoDB)
- STATEFUL COMPONENTS (e.g., DB)
Storage Options¶
| Option | Description |
|---|---|
| S3 |
|
| CloudFront | CDN |
| DynamoDB | NoSQL |
| EBS | Reliable block storage for mission critical apps such as Oracle/SAP/OWA |
| RDS | Highly available, scalable, secure MySQL DB |
| Redshift | Data warehouse to support business analytics |
| Elasticache | Redis cluster to store session info |
| Elastic FS | Common FS for app that is shared between 1+ EC2 instances |
- Webapp
-
- Move static assets to S3 → then serve via CloudFront
- < load on instances
- < footprint of web tier
- Move session info to DynamoDB/Elasticache
- Web instances do not lose session info when autoscaling happens
- Elasticache to store common DB query results
- < load on DB tier
- Move static assets to S3 → then serve via CloudFront

Layered Security¶
| Defense in Depth |
|
| Offload Response to AWS |
|
| Security as Code |
|
| Realtime Auditing |
|
Loose Coupling¶
| Loosely Coupled Components |
|
| Async Integration |
|
| Service Discovery |
|
Elastic Architecture¶

-
Create VPC (
192.168.0.0/16) -
Create IGW, and attach to VPC
- Update Main RT → add route
0.0.0.0/0 --> IGW -
Create Public Subnets
vpc_subnet_1_public=192.168.1.0/24(US-EAST-1A)vpc_subnet_3_public=192.168.3.0/24(US-EAST-1B)
-
Create NAT GW, attach it to
vpc_subnet_1_public - Create Private RT → add route
0.0.0.0/0 --> NAT GW -
Create Private Subnets
vpc_subnet_2_private=192.168.2.0/24(US-EAST-1A)vpc_subnet_4_private=192.168.4.0/24(US-EAST-1B)- Update both RT to use the Private RT
-
Create SG for each tier
- ELB =
vpc_sg_elb/HTTP : TCP : 80 : 0.0.0.0/0 - Web Server =
vpc_sg_web/HTTP : TCP : 80 : vpc_sg_elb - RDS =
vpc_sg_rds/MYSQL : TCP : 3306 : vpc_sg_web
- ELB =
- Create Multi-AZ RDS
- Create DB Subnet Group in private subnets (
2/4) - Launch MySQL
- Multi-AZ:
yes - VPC SG:
vpc_sg_rds
- Multi-AZ:
- Create DB Subnet Group in private subnets (
- Create ELB
- Name:
vpc_elb - Listener:
HTTP : 80 : HTTP : 80 - SG:
vpc_sg_elb - Health Check:
HTTP : 80 : /index.html
- Name:
-
Create AutoScaling Group
- Launch config:
vpc_sg_web+ user data
#! /bin/bash yum update -y yum install -y php php-mysql mysql httpd echo "<html>Hello!</html>" > /var/www/index.html service httpd start- ASG →
vpc_web_lcin public subnets (1/3) - Associate ELB
- Launch config:
SLAs¶
| Kind | Service | Availability SLA | Durability | Scope |
|---|---|---|---|---|
| DBs | DynamoDB | 4 9s | Region | |
| Redshift | 3 9s | |||
| RDS Multi-AZ | 3.5 9s (99.95%) | |||
| Aurora | 3.5 9s | Multi-AZ | ||
| Aurora Multi-Master | 4 9s | |||
| Storage | S3 | 4 9s | Region | |
| EBS volume | 5 9s | afr of .1 to .2% | AZ | |
| EBS snapshot | 4 9s | 11 9s | Region | |
| EFS | 4 9s | 11 9s | Region | |
| Compute | EC2 instance | 1 9 | ||
| Lambda | 3.5 9s | Region | ||
| Distribution | Route53 | 100% | Global | |
| CloudFront | 4 9s | Global | ||
| ELB | 4 9s | Multi-AZ | ||
| API GW | 4 9s | Region | ||
| Cognito | 3 9s | Region |