In late 2017, New Relic did an AWS “This is My Architecture” video. The video talks about how they setup their Terraform execution plans in a modular fashion. This provided the team some much needed flexibility when managing builds.
Now, a few years later, I react to that video and see what’s stood the test of time, what could be done simpler given today’s technology, and generally critique the design against the AWS Well-Architected Framework.
The AWS Well-Architected Framework
The AWS Well-Architected Framework is designed to help you and your team make informed trade offs while building in the AWS Cloud. It’s built on five pillars;
- Operational Excellence
- Security
- Cost Optimization
- Reliability
- Performance Efficiency
There pillars cover the primary concerns of building and running any solution. And as much as we’d all love to have everything, that’s just not possible.
…enter the framework.
It’ll help you strike the right balance for your goals to make sure that your build is the best it can be now and moving forward.
Why Architecture?
I often get asked why I talk about building in the cloud and architectural choices so often…aren’t I a security person?
Yes, I do focus on security and architecture is a critical part of that.
There’s really two types of security design work. The first is when you’re handed something and need to make sure the risks of that technology matches the risk appetite of the users.
The second type is when you’re building the technology. This is where making choices informed by security early in the process can have profound effects. You’re no longer bolting security on but building it in by design.
That’s why I talk about architecture and building so much. It’s where we all can have the largest possible security impact!
This video—and the ones that will come after—looks at a specific set of design decisions and how they balance the concerns of the AWS Well-Architected Framework…where security is one of the five pillars.
New Relic’s Design
New Relic took a modular approach to their Terraform execution plans. Why?
In a word, flexibility.
If your entire infrastructure is in one plan, you have a binary choice: all or nothing. If you need to ensure that one particular section is configured as desired, you can’t just check that one section. You have to re-run the entire plan.
While that shouldn’t have a negative impact on your system (plans should be idempotent) it could and will definitely take longer than needed.
Using plans that are smaller in scope that work together to create your desired infrastructure gives you much needed flexibility.
Learn more in the reaction video 👆.
Btw, I’ve updated my course, “Mastering The AWS Well-Architected Framework” on A Cloud Guru. If you want a solid walk through of the ideas behind the framework and how to apply it to your work in the AWS Cloud, check it out!