AWS Deep Dive

AWS Well-Architected Framework

Questions and Best Practices

Operational Excellence

Perform Patch Management

It is preferable to have immutable infrastructures and deploy workloads in verified known good states.

Funny that I’m reading this at the same time I’ve begun to experiment with NixOS on the side…

Patches should only be applied if they support an operational or business outcome.

This seems like an ill-posed sentence… I’m sure the argument here is that maintaining application security and integrity is an “operational or business outcome”, but I strongly suspect that a lot of people are going to read this as “don’t patch things that aren’t directly related to a measured operational or business outcome.”

Use Multiple Environments

I don’t always test my code. But when I do, I test in production.

Make Frequent, Small, Reversible Changes

This section harkens back to Amazon’s conception of “one-way doors” and “two-way doors”. Small, reversible changes are “two-way doors”, and are thus generally preferred for reasons of business (and engineering!) agility.

Deploy Using Parallel Environments

This isn’t just about deploying into a parallel environment and then cutting over when ready: It’s also about using partial cut-overs to test the new environment, and about keeping the old environment around after cut-over in order to enable faster roll-backs.