123 docs tagged with "Design Decision"

Context and Problem Statement

Problem DRAFT

Choose the right method to distribute Docker images

Review password strategy for engagements with Cloud Posse

Decide on a technical benchmark framework for compliance

Problem

Problem

Context and Problem Statement

Considerations for deploying Argo CD

Structure for Argo CD deployment repositories

Context and Problem Statement

Decide how to organize workloads for isolation and management

Decide the VPC CIDR ranges for AWS accounts

Problem

Decide on a CLI tool that enables AWS login and credentials via SAML IDP for CLI and web console access.

Problem

Context and Problem Statement

Decide whether to create or reuse AWS Organizations

Decide which accounts need AWS Support

Branching strategies for your software delivery

Decide on CIDR blocks for VPCs and Subnets

Decide how to use AWS Client VPNs

Context and Problem Statement

Overview

Identify applications that should migrate to the new platform

Problem and Context

What data should be used in preview environments

Decide on how to structure Datadog accounts

Decide what logs should forward to Datadog

Decide whether to use Datadog Private Locations

Determine the on-call schedule for teams

Determine the default storage class for Kubernetes EKS clusters

Context and Problem Statement

Problem DRAFT

Decide how you'll use ECR for storing docker images

Decide how many ECS load balancers are needed

Decide on the architecture of the EKS node pools

Problem

Decide what address to use `cert-manager` support emails

Decide what emails will be used for AWS Accounts

Decide how to monitor for external reachability

Decide where GitHub Actions workflows are kept

Decide where to host and manage Helm charts

Decide on the AMI for EKS cluster nodes

Decide the hostname format for service discovery

Decide how to revert changes

Decide how to deploy applications to ECS

How to securely access to private Terraform modules in Spacelift

Decide on ACLs for logs and metrics

Decide on how to support TLS in your environment

Problem

Decide which Identity Provider (IdP) to use with AWS

Decide how to use Identity Provider (IdP) with AWS

Determine the rules that make an alert an incident

Decide on Infrastructure & Software Static Analysis Tools

Decide on where to keep your infrastructure code

Decide whether to support both IPv4 and IPv6

Context and Problem Statement

AWS Key Management Service (AWS KMS) makes it easy to create and manage cryptographic keys and control their use across various AWS services and in your applications. AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect your keys. AWS KMS is integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.

How to package and deploy applications to Kubernetes

Decide which Kubernetes Ingress Controller(s) to use with EKS

Decide on a strategy for CIS Compliance/hardening on EKS

Decide on log retention requirements

Decide how to deliver maintenance pages

Decide on MFA Solution for AWS Root Accounts

Problem

Pick a concise prefix for all cloud resource names

Decide which non-default AWS regions to enable

Choose the all-encompassing CIDR for the AWS organization

Decide what CI/CD pipelines are needed to deliver your software

Pick the primary AWS region to use for the company

Problem

Problem

Decide on a regional naming scheme for resources

Decide on how to release software changes to production

Decide how releases are promoted from dev to production

Decide whether to use monorepos or polyrepos

Problem

Decide how to manage secrets used by Terraform

Decide where to store secrets used by Terraform

Decide what data belongs in Staging

Decide on how to self-host GitHub Runners

Decide how to create self-hosted runners

Decide where to place self-hosted runners in your AWS organization

Decide the TLD to use for service discovery

Problem DRAFT

Balance auto-deployment with manual confirmation

Scope Spacelift Workers for secure automation

Decide on what happens during the CI process

Decide on how developers will work with the application locally

Decide on how to harden base AMIs

How to manage and orchestrate secrets for your applications

Decide how preview environments will work

Determine the teams that will be responsible for incidents

Decide how to configure applications

Decide how to organize Terraform State across accounts

Choose Terraform version for compatibility and consistency

Decide how to group logs with CloudWatch

Considerations

Problem

Decide how AWS Transit Gateway will be used

Decide the vanity domains for your environments

Decide how to NAT traffic in your VPCs

Decide how network traffic is isolated with VPCs

Decide how to connect VPCs in different accounts

Decide on WAF requirements and strategy

Decide on the roles to use in Datadog

Problem

These are some of the design decisions you should be aware of when

Review the key design decisions for implementing incident management

Review the key design decisions for the data layer, including which services

Review the key design decisions of the GitHub Action Layer. These decisions

Review the key design decisions for GitOps with Terraform. These decisions

Review the key design decisions of the Identity Layer. These decisions relate

Review the key design decisions for how you'll gather telemetry and logs for

Review the key design decisions for how you'll monitor for security and

Review the key design decisions for how you'll implement CI/CD for your

Review the key design decisions for how you'll leverage Spacelift for

Design Decisions are architectural considerations for how to approach or

Before deploying any infrastructure, there are some fundamental design

Review the key design decisions for ECS. These decisions relate to how you

Review the key design decisions for EKS. These decisions relate to how you

Review the key design decisions for how you'll implement the network and DNS