11 Emerging practices

 

This chapter covers

  • Using multiple AWS accounts
  • Using temporary stacks
  • Avoiding keeping sensitive data in plain text in environment variables
  • Using EventBridge in event-driven architectures

The term serverless came about after AWS released the Lambda service back in 2014. In that sense, the serverless paradigm (building applications using managed services, including for all your compute needs) is something of a new kid on the block.

New paradigms give us new ways to look at problems and solve them differently, perhaps more efficiently. This should be obvious by now as we have discussed several serverless architectures in this book, and you must admit they look very different than the equivalent serverful architectures; they are more event-driven, and they often involve many different services working together.

New paradigms also require us to think and work differently. For example, instead of thinking about cost as a function of the size of a fleet of virtual machines and how long you need them for, we need to think about cost in terms of request count and execution duration. The code we write and the way we deploy and monitor our applications also need to change to take full advantage of this new paradigm and mitigate some of its limitations.

11.1 Using multiple AWS accounts

11.1.1 Isolate security breaches

11.1.2 Eliminate contention for shared service limits

11.1.3 Better cost monitoring

11.1.4 Better autonomy for your teams

11.1.5 Infrastructure-as-code for AWS Organizations

11.2 Using temporary stacks

11.2.1 Common AWS account structure

11.2.2 Use temporary stacks for feature branches

11.2.3 Use temporary stacks for e2e tests

11.3 Avoid sensitive data in plain text in environment variables

11.3.1 Attackers can still get in

11.3.2 Handle sensitive data securely