Cloud computing is becoming an increasingly popular solution for companies. The main benefits of cloud environments are: paying only for what you use, quick scaling of resources, and focusing your team time on evolving your product by using managed services. It's very easy to start a cloud project, but starting without a thoughtful structure can complicate management later. This blog lists best practices for starting your cloud project.
There are several cloud providers, and each one has its own products and services stack, benefits, and differentials. No matter which provider you're using, however, there are best practices and processes you can follow to help ensure better cloud governance, secure access to resources, and give better visibility to facilitate management and monitoring.
To create a solid foundation for your cloud project, you'll need to consider: Project Structuring, Billing Management, Identity Access Management, Network Structuring, Logs, and Monitoring. Below, we will discuss some best practices for each of these areas.
It's important to structure your cloud project so that your resources are arranged in a manner that reflects your company's organizational structure. This will help you give access to appropriate team members. It's also important to create markups on your resources to be able to view billing from different perspectives, generate reports, and make it easier to grant access to resources. Some good practices include:
- Projects by area, team, or product
- Projects by environment
- Label resources (e.g. App: XYZ, Env: Prod)
Several companies are segmented by area, and each area has its own budget to invest, so it's important to have several segmented billing accounts and to link specific projects to each of them. Another good practice is to record your budgets in the cloud and set up alerts. Some good practices include:
- Create billing accounts by area
- Link billing accounts by project
- Create budget alerts
Identity Access Management
It's always important to consider security, and this is no different when it comes to cloud projects. Be sure that users of your projects have granular access to what they need to use--nothing more and nothing less. Every cloud provider gives users ways to create custom roles, which helps you create permissions that reflect your team structure. Another helpful feature is to create user groups within a corporate email, making it easy to manage onboarding and offboarding processes for a member of your project. Some good practices include:
- Limited access per user
- Custom roles
- Assigning permissions to groups instead of individual users
Cloud projects can also have custom network rules, which are extremely important in ensuring application isolation. It is also smart to create custom firewall rules according to the needs of your applications to avoid unnecessary exposure of resources to the Internet. For companies that need to connect their local infrastructure directly to the cloud, VPN or a direct link can be helpful to ensure security and low latency. Some good practices include:
- VPC per workload
- Custom firewall rules
- VPN and/or direct connect
Every cloud provider has its own centralized logging system, but there are good practices that make it easier to view these logs and extract insights from them. It is important to create a pattern for both the log format structure and the fields that each log has. Regardless of whether you have a diverse stack with several programming languages, it is important that your logs speak the same language. It is also important to filter sensitive content in the logs. Some good practices include:
- Standard structure format
- Standard schema for fields
- Filter sensitive data
- Export the logs to a long-term storage solution if you need history
Logs are extremely important, but with logs alone, it's hard to gain insight into your applications, so it's always smart to create ways to visualize the health of your product or workload in the cloud. Try creating dashboards by product and/or workload as well as creating alerts so that you're the first to know if something stops working. Some good practices include:
- Dashboards per product
- Dashboards per workloads
- Alerts based on uptime checks
- Alerts based on metrics thresholds (e.g. high CPU, low disk space)
Good cloud utilization is based on using only what you need, so a solid management of your environment can make this a lot easier to achieve. I hope this blog helps you as you start a new cloud project and/or review decisions for current projects.
Douglas Augusto is a Cloud Architect at Avenue Code and is passionate about Cloud Computing. He is a Google Developer Expert (GDE) for Google Cloud Platform and is a Mentor in Cloud Computing on the Google Launchpad, Google's Startups acceleration program.