Operational Excellence Roadmap ¶
Features / Functionalities 👨💻 💯🥇 ¶
| Category | Tags / Labels | Feature / Functionality |
Status | Doc |
|---|---|---|---|---|
| Cloud Solutions Architecture |
leverage cloud-solutions-architecture documentation |
DevSecOps & AWS Cloud Solutions Architecture Doc |
✅ | ✅ |
| Cloud Solutions Architecture |
leverage cloud-solutions-architecture documentation |
Demo Applications architecture / Services Specifications Doc |
2021 Q1 | ❌ |
| Base Infrastructure |
leverage base-infrastructure github |
Open Source Ref Architecture (le-tf-aws / le-ansible / le-tf-vault / le-tf-github) |
2021 Q2 | ❌ |
| Base Infrastructure |
leverage base-infrastructure cli |
Leverage CLI (https://github.com/binbashar/leverage) for every Reference Architecture Repo (le-tf-aws / le-ansible / le-tf-vault / le-tf-github) |
2021 Q2 | ❌ |
| Base Infrastructure |
leverage base-infrastructure organizations |
Account Settings: Account Aliases and Password Policies, MFA, and enable IAM Access Analyzer across accounts. |
✅ | ❌ |
| Base Infrastructure |
leverage base-infrastructure storage |
Storage: Account Enable encrypted EBS by default on all accounts; disable S3 public ACLs and policies |
✅ | ❌ |
| Base Infrastructure |
leverage base-infrastructure region |
Define AWS Region / Multi-Region: keep in mind customers proximity, number of subnets, and other region limitations (https://infrastructure.aws) |
✅ | ❌ |
| Base Infrastructure |
leverage base-infrastructure vcs |
Terraform Github Ref Architecture / Pre-requisites: permissions to set up webhooks, create/configure repositories, create groups (Preferred SSO tool) |
2021 Q2 | ❌ |
| Base Infrastructure |
leverage base-infrastructure organizations |
AWS Organizations: development/stage, production, shared, security, legacy |
✅ | ✅ |
| Base Infrastructure |
leverage base-infrastructure iam |
IAM: initial accounts (security users, groups, policies, roles; shared/appdevtsg/appprd DevOps role) |
✅ | ✅ |
| Base Infrastructure |
leverage base-infrastructure vpc |
Networking 1: DNS, VPC, Subnets, Route Tables, NACLs, NATGW, VPC Peering or TGW |
✅ | ❌ |
| Base Infrastructure |
leverage base-infrastructure vpn |
Networking 2: VPN (install Pritunl, create organization, servers and users) |
✅ | ❌ |
| Kubernetes | leverage kubernetes eks |
Production Grade Cluster: deploy EKS cluster as code |
✅ | ❌ |
| Kubernetes | leverage kubernetes k8s |
K8s Helm + Terraform binbash Leverage repository backing all the K8s components deployment and configuration |
✅ | ❌ |
| Kubernetes | leverage kubernetes metrics |
Monitoring: metrics-server (metrics for K8s HPA + Cluster AutoScaler + Prom node Exporter) + kube-state-metrics (for Grafana Dashboards) |
2021 Q2 | ❌ |
| Kubernetes | leverage kubernetes iam security |
Security: Iam-authenticator, K8s RBAC (user, group and roles) |
✅ | ❌ |
| Kubernetes | leverage kubernetes iam |
Implement AWS service accounts (IRSA for EKS) to provide IAM credentials to containers running inside a kubernetes cluster based on annotations. |
✅ | ❌ |
| Kubernetes | leverage kubernetes dashboard |
Monitoring: K8s dashboard & Weave Scope |
✅ | ❌ |
| Kubernetes | leverage kubernetes ingress |
Ingress: review, analyze and implement (alb skipper, k8s nginx, alb sigs, etc) |
✅ | ❌ |
| Kubernetes | leverage kubernetes ingress |
Load Balancing: review, analyze and implement Ingress w/ LB (AWS ALB or NLB + access logs) |
✅ | ❌ |
| Kubernetes | leverage kubernetes dns |
Implement external-dns w/ annotations for K8s deployed Apps (https://github.com/kubernetes-sigs/external-dns) |
✅ | ❌ |
| Kubernetes | leverage kubernetes services-discovery |
Service Discovery: review, analyze and implement k8s native [env vars & core-dns] or Consul |
2021 Q3 | ❌ |
| Kubernetes | leverage kubernetes service-mesh linkerd |
Service Mesh: review, analyze and implement consul or linkerd2. |
2021 Q3 | ❌ |
| CI/CD Infrastructure |
leverage ci-cd-infrastructure jenkins |
Jenkins: installation, configuration, GitHub/GSuite/Bitbucket SSO-Auth integration |
✅ | ❌ |
| CI/CD Infrastructure |
leverage ci-cd-infrastructure spinnaker |
Deployments / Jenkins or Tekton Pipelines + Argo-CD: installation, configuration, Github integration |
2021 Q3 | ❌ |
| CI/CD Infrastructure |
leverage ci-cd-infrastructure droneci |
DroneCI: installation, configuration, Github integration |
2021 Q4 | ❌ |
| CI/CD Infrastructure |
leverage ci-cd-infrastructure webhook |
Proxy Instance (webhooks) : installation, configuration, GitHub integration |
2021 Q4 | ❌ |
| CI/CD Infrastructure |
leverage ci-cd-infrastructure qa |
SonarQube: installation, configuration, GitHub/GSuite/Bitbucket SSO-Auth integration |
2021 Q4 | ❌ |
| Applications Infrastructure |
leverage apps-infrastructure docker containers |
Automate and containerized app environments by using docker images, enabling consistent experience in local environment and dev/stage/prod Cloud environments. |
✅ | ❌ |
| Applications Infrastructure |
leverage apps-infrastructure docker containers |
Automate and containerized app environments by using docker images, enabling consistent experience in local environment and dev/stage/prod Cloud environments. |
✅ | ❌ |
| Applications Infrastructure |
leverage apps-infrastructure database rds |
Databases: RDS (most likely AWS Aurora MySql, single db for all microservices at first - Prod dedicated instance considering new auto-scaling feature and read-replicas) + RDS Proxy (if needed for high Cx N°) - Compliance: Consider using SSL/TLS to Encrypt a Connection to a DB Instance |
✅ | ❌ |
| Applications Infrastructure |
leverage apps-infrastructure queue sqs |
Queues: SQS (recommended for background workers and some microservices). Redis (AWS ElasticCache) / RabbitMQ (K8s Containerzied). |
✅ | ❌ |
| Applications Infrastructure |
leverage apps-infrastructure storage s3 |
Storage: S3 (for the FrontEnd statics) |
✅ | ❌ |
| Applications Infrastructure |
leverage apps-infrastructure cloudfront cdn |
Caching: CloudFront (for the FrontEnd) w/ access logs |
✅ | ❌ |
| Applications Infrastructure |
leverage apps-infrastructure cache redis |
CacheLayer: AWS Elasticache (Memcache or Redis) |
✅ | ❌ |