Engineering Decisions
Documentation¶
Design Docs, RFCs, PRDs¶
Documentation Types
- Design Docs (or RFCs) are a great way to get higher-level feedback on an approach, before starting the work
- Written to share:
- context
- suggested approach
- bird's eye view of requirements and general architecture of the project
- tradeoffs
- and to invite feedback
- Architecture Decision Records (ADRs) document implementation decisions
- Written to document decisions, and less for getting feedback on these decisions
- Usually live in the same repo (living docs)
| Link | Notes |
|---|---|
| Design Docs at Google | Anatomy of a good design doc |
| PRD Template | |
| Gergely Orosz Scaling Engineering Teams via RFCs: Writing Things Down | The power of writing things down, and spreading knowledge across the organization |
| Gergely Orosz Engineering Planning with RFCs, Design Documents and ADRs | What are some successful planning approaches engineering teams use as they grow? |
| Architecture decision record (ADR) | An architectural decision record (ADR) is a document that captures an important architectural decision made along with its context and consequences |
| Markdown Any Decision Records | A lean template to capture any decisions in a structured way |
| Docs as code is a broken promise | The pitfalls and risks of implementing a docs as code workflow, and a consideration for the future of writing docs with this workflow |
Writing¶
| Link | Notes |
|---|---|
| Technical Writing Courses for Engineers from Google |
|
| S.P.A.D.E. Toolkit: How to implement Square's famous decision-making framework | A decision-making framework, alternative to consensus built on accountability and clarity, where the person responsible for executing the decision is the one who decides |
| How to write SMART goals |
Infrastructure¶
Architectures¶
| Link | Notes |
|---|---|
| Cloud design patterns | Design patterns for building reliable, scalable, secure applications in the cloud by walking through examples based on Microsoft Azure |
| monday.com’s Multi-Regional Architecture: A Deep Dive | When making a decision to go multi-region, one needs to understand the primary motivation, as the work will vary greatly between performance-first, resilience-first and privacy-first designs |
| Uber Crane: Uber’s Next-Gen Infrastructure Stack | Post examining the original motivation and some key features behind Uber's been multi-year journey to reimagine their infrastructure stack for a hybrid, multi-cloud world |
| Building ClickHouse Cloud From Scratch in a Year |
|
| Cruise Container Platform Security at Cruise | Identity, Authentication, Authorization, Secrets, Encryption |
| Cruise Building a Container Platform at Cruise | Environments & Tenants, Infrastructure Boundaries, Platform Boundaries |
| Building the Next Evolution of Cloud Networks at Slack | How Slack has gone through an evolution of their AWS infrastructure from running a few hand-built EC2, all the way to provisioning thousands of them across multiple AWS regions |
| Decentralized GitOps over multiple environments | How SAP Artificial Intelligence implements GitOps in their large-scale project spanning multiple environments |
| Hashnode's Overall Architecture | How Hashnode runs on a scale (almost) completely serverless |
| Securing Research Infrastructure for Advanced AI | A snapshot of the security architecture OpenAI designed to protect their research infrastructure and model training |
| (Almost) Every infrastructure decision I endorse or regret after 4 years running infrastructure at a startup | The author reviews infrastructure decisions over four years at a startup, covering successful choices and regrets, emphasizing AWS, EKS, managed services, automation, and the value of early adoption and GitOps |
Cloud Implementations¶
| Link | Notes |
|---|---|
| Multicloud failover is almost always a terrible idea | Multicloud failover is complex and costly to the point of nearly almost always being impractical, and it's not an especially effective way to address cloud resilience risks |
| AWS Cloud Encryption is worthless! Click here to see why... | When evaluating your cloud security posture priorities, encryption should be at the bottom of your list. First, get your IAM house in order |
| AWS App-Layer Encryption in AWS | |
| AWS Network access for private clusters | Very interesting article going into the problem of providing network connectivity between Kubernetes clusters and other internal tools (like deployment pipelines) |
| AWSSquare Adopting AWS VPC Endpoints at Square | Secure communication between data centers and the cloud |
| AWSSquare Providing mTLS Identities to Lambdas | Writeup on how Square added support for mutual TLS calls from AWS Lambda into their data center |
| AWSSquare Expanding Secrets Infrastructure to AWS Lambda | How Square extended their datacenter-based secrets infrastructure to enable a cloud migration supporting Lambda |
| AWSSquare Connecting Block Business Units with AWS API Gateway | How Block enables backend services to securely connect across business unit boundaries using AWS API Gateway |
| GCP Container Platform Networking at Cruise | GCP Hybrid Connectivity Options |
Kubernetes & Microservices¶
| Link | Notes |
|---|---|
| Container technologies at Coinbase: Why Kubernetes is not part of our stack | Container technologies also create a large set of challenges that must be overcome to prevent failures |
| Uber Why We Leverage Multi-tenancy in Uber's Microservice Architecture |
|
| Uber Introducing Domain-Oriented Microservice Architecture | This piece explains DOMA, the concerns that led to the adoption of this architecture for Uber, its benefits for platform and product teams, and, finally, some advice for teams who want to adopt this architecture |
| A Kubernetes engineer's guide to mTLS | What mTLS is, how it relates to ordinary TLS, and why it's relevant to Kubernetes |
| Design Considerations at the Edge of the ServiceMesh | Set of design patterns around inbound and outbound traffic to and from a service mesh |
| How we use HashiCorp Nomad | Reliability model of services running in our more than 200 edge cities worldwide |
Development Environments & CI¶
| Link | Notes |
|---|---|
| AWS Setup |
|
| GCP Setup |
|
| Automating Our Infrastructure to Empower Engineers |
|
| Balancing Safety and Velocity in CI/CD at Slack |
|
| Lyft Scaling productivity on microservices at Lyft | History of development and test environments |
| Devpod: Improving Developer Productivity at Uber with Remote Development | How Uber improved the daily edit-build-run developer experience using DevPods |
| How Discord Moved Engineering To Cloud Development Environments | How Discord moved to Coder |
| Stripe's monorepo developer environment - Made of Bugs | |
| Uber's Continuous deployment for large monorepos | How Uber reimagined continuous deployment of microservices to improve deployment automation and the user experience of managing microservices |
| Superuser Gateway: Guardrails for Privileged Command Execution | Uber's "Superuser Gateway" replaces direct superuser CLI access with a Git-backed, peer-reviewed workflow |
| Orchestrating AI Code Review at scale | Cloudflare built a CI-native, plugin-based AI code review system using OpenCode, orchestrating up to 7 specialised agents (security, performance, code quality, etc.) per merge request |
Software Engineering¶
| Link | Notes |
|---|---|
| Why is it so hard to decide to buy? |
|
| Common Mistakes in Modularisation |
|
| The top 10 fallacies in platform engineering |
|
| The slop cannons in your engineering org | "Slop cannons" are engineers/designers who over-rely on AI agents, shipping high volumes of low-quality, poorly-understood PRs. The article identifies the pattern, its causes, and offers mitigation strategies for managers and practitioners |
Other¶
| Link | Notes |
|---|---|
| Ledger: Stripe’s system for tracking and validating money movement | Technical details on how Stripe built a state-of-the-art money movement tracking system |
| What Happens on GitLab When You do git push? | Ever wondered how Git and GitLab operate under the hood? |