Over the past decade, developing solutions for cloud architectures has become more suitable for businesses that are trying to minimize infrastructure costs without sacrificing service availability and scaling capabilities. Cloud providers are adding new tools and services that facilitate the development and provisioning of services.
This was evident over a year ago when our team was tasked with implementing complex applications using Microsoft Azure Cloud Services. Although Wovenware has implemented cloud-based solutions in the past, we knew that there were additional considerations that we needed to address in order to accomplish our goals due to the particular requirements of a certain project. If you have used cloud services before, let this post serve as a check-list for your future projects. If you are new to cloud services, it will help you get a better grasp of what you should expect and consider while designing serverless architectures.
The first thing you must do is shift your mindset away from what you may already know about traditional data centers. Cloud architectures provide serverless services that even though they may require minimal maintenance, they will require additional considerations during the application design phase. This was addressed in-depth in the first post of this two-part series.
Cloud service providers such as Microsoft Azure and Amazon AWS offer out-of-the-box services to manage applications. These services facilitate the access to back-end services by providing a gateway to publish API’s to the consumers of your application. When integrating with an API management service, keep in mind that you must follow the conventions and definitions of the API you design. This approach allows you to develop the back end service with the programming language of your choice and avoid integration issues in the future.
A decoupled application is made up of independent components that compute a specific task to provide a result. Each component is autonomous and minimizes the dependencies in an application. Developing and maintaining decoupled applications in cloud architectures is not as complex as it may sound. Concentrating on individual autonomous services gives developers more agility and focus when building solutions for the cloud.
The first step in implementing security in cloud architectures is making sure that your application does not contain any risks listed in the OWASP Top 10 application security risks. Aside from addressing these risks, the application should be continuously scanned for vulnerabilities to make sure you maintain a healthy codebase. OWASP provides an updated list of source code analysis tools that you can include as part a CI/CD pipeline.
The nature of some cloud services, such as containers and functions, is that they activate at the moment they have to compute. That change of state occurs instantly and it may cause service error failures. Therefore, it is important to put the necessary measures in place to log data such as the status, state and general information of the service used.
If the application that you’re designing is going to manage personal identifiable information (PII), there may be regulations that apply to your application such as GDPR, HIPAA or IRS Pub. 1075. A good approach to your logging efforts is to look at the Logging Cheat Sheet provided by OWASP as it will provide insights into the type of information to log and the best approach to accomplish this.
As you may know, when working in cloud architectures, you can deploy resources on the fly based on the requirements of the application you are designing. This is where the infrastructure of applications becomes codified and additional efforts are needed to validate the infrastructure code as well as application code, such as back-end or front-end services.
Although you will not have to worry about updates or security patches on the cloud infrastructure, your application will still require that you address any vulnerabilities that surface. CI/CD pipelines allow releasing new security implementations to address vulnerabilities as soon as they become available.
Coding the application infrastructure requires that you define a rollback plan in case the deployment encounters any errors during the process. This is in addition to the application code you are deploying. To address this, you need to determine if you need to roll back to a previous release, fix the issue during the deployment, or have an automation in place that can detect if a specific resource fails. My recommendation is to take the time to define and implement that automation, so that you can make sure to always be able to deploy it in case an error arises.
Last but not least, when beginning with cloud architectures, it’s important for you to have patience in your transition. There may be moments that a specific service might not work as expected or as documented by the providers. In these cases, if you have put the necessary logging in place, this will aid you in your debugging efforts to address any situation you might encounter.
Designing new applications for cloud architectures is not that different from traditional architectures. The important thing is to test and continuously scan any code the solution contains, design with decoupling in mind, apply security across the solution, log any errors that arise, and automate everything you can. With these considerations in your design, your application will perform better than expected in the cloud.