Best Practices for designing applications in Cloud

In this article, we will look at some of the best practices followed while designing / architecting applications in cloud.

2 min readSep 12, 2022

The best practices have been categorised under various categories. These practices are generic, however, AWS cloud has been used for illustration.

When using compute instances, make sure to distribute the compute instances over multiple availability zones to make it resilient to availability zone failure.
When using a relational database, make sure to use read replicas which are distributed in multiple availability zones.
If a master node of a database fails, look for options to promote a read replica as a master node.
Configure backups for critical data. For example configure periodic backups for databases and configure secondary storage systems for S3, using life cycle policies (eg. Use S3 In-frequent access, Glacier etc).

Use auto scaling to horizontally scale the compute instances based on demand. Analyse the usage pattern to figure out the right auto scaling technique, for example, step scaling versus target tracking.
Look for options to scale the database reads. For example read replica scaling or use a cache in front of database.
Look for bottle necks for scaling the system and have a mitigation plan for such bottlenecks ( Look at throttling options).
Look for options to use asynchronous communication as required.

Use the principle of least privilege access, while opening ports, while creating security lists and access control lists.
Use in flight encryption (mutually authenticated SSL) and encryption at rest.
Isolate workloads which are exposed to public internet, from those which are not (consider at using different subnets).
If you have workloads exposed to public internet, look for options to use and configure a WAF(Web Application Firewall), to secure workloads from various kinds of attacks.
Use Vault to store credentials and secrets (AWS Secret Manager).
Secure your APIs, consider Rate Limiting (an API Gateway can help in addressing all these concerns).
Audit and track configuration changes, Metadata API calls in production environment.(AWS Audit Manager, AWS Config).

Use logging and tracing to effectively track and analyse requests to assist in troubleshooting. (Eg., Cloudwatch, AWS XRay).
Use alarms to monitor breach of SLA, capacity thresholds.

Use the appropriate compute instance shapes and appropriate instance type (For eg., consider using Reserved Instances for long term usage, consider using spot instances for test environments).
Plan for the cost and capacity in advance, and use tools to monitor the cost. (Eg, AWS Cost Explorer, AWS Budges).