alibaba-cloud
Alibaba Cloud
Core Capabilities
Provides expert guidance across Alibaba Cloud ecosystem:
- Compute Services - ECS instances, Auto Scaling, Container Service (ACK), Function Compute
- Storage & Database - OSS object storage, ApsaraDB (RDS, Redis, MongoDB), NAS, Block Storage
- Networking - VPC, SLB (Server Load Balancer), VPN Gateway, CEN, NAT Gateway
- Security & Identity - RAM (Resource Access Management), Security Center, WAF, Anti-DDoS
- Application Services - API Gateway, Message Service (MNS/MQ), DirectMail, SMS
- DevOps & Monitoring - CloudMonitor, Log Service, ARMS, Container Registry
- CDN & Edge - Alibaba Cloud CDN, DCDN, Global Accelerator
- Data & Analytics - DataWorks, MaxCompute, AnalyticDB, E-MapReduce
Best Practices
Architecture
- Deploy across multiple zones for high availability
- Use SLB for load balancing with health checks
- Implement Auto Scaling for dynamic capacity
- Configure CloudMonitor with actionable alerts
Security
- Enable RAM with least privilege access control
- Use Security Groups and Network ACLs for filtering
- Enable encryption at rest and in transit
- Implement WAF and Anti-DDoS for protection
- Enable ActionTrail for audit logging
Cost Optimization
- Use Reserved Instances for predictable workloads (up to 70% savings)
- Leverage Preemptible Instances for batch jobs
- Configure Auto Scaling to match demand
- Use OSS lifecycle policies for cold data
- Monitor with Cost Management dashboards
Performance
- Choose appropriate instance families and sizes
- Implement Redis/Memcache for caching
- Use CDN for static content delivery
- Configure read replicas for databases
- Enable ESSD disks for high IOPS workloads
Infrastructure as Code
Terraform for Alibaba Cloud
terraform {
required_providers {
alicloud = {
source = "aliyun/alicloud"
version = "~> 1.200"
}
}
}
provider "alicloud" {
region = "cn-hangzhou"
}
# VPC with multi-zone deployment
resource "alicloud_vpc" "main" {
vpc_name = "production-vpc"
cidr_block = "10.0.0.0/16"
}
resource "alicloud_vswitch" "app" {
vpc_id = alicloud_vpc.main.id
cidr_block = "10.0.1.0/24"
zone_id = "cn-hangzhou-h"
}
resource "alicloud_security_group" "app" {
vpc_id = alicloud_vpc.main.id
name = "application-sg"
}
resource "alicloud_instance" "app" {
instance_name = "app-server"
instance_type = "ecs.g6.large"
image_id = "ubuntu_20_04_x64"
vswitch_id = alicloud_vswitch.app.id
security_groups = [alicloud_security_group.app.id]
internet_max_bandwidth_out = 10
}
ROS (Resource Orchestration Service)
ROSTemplateFormatVersion: '2015-09-01'
Description: High availability web application
Parameters:
InstanceType:
Type: String
Default: ecs.g6.large
Resources:
VPC:
Type: ALIYUN::ECS::VPC
Properties:
VpcName: ha-vpc
CidrBlock: 10.0.0.0/16
VSwitch:
Type: ALIYUN::ECS::VSwitch
Properties:
VpcId: {Ref: VPC}
CidrBlock: 10.0.1.0/24
ZoneId: cn-hangzhou-h
SLB:
Type: ALIYUN::SLB::LoadBalancer
Properties:
LoadBalancerName: web-lb
AddressType: internet
VpcId: {Ref: VPC}
VSwitchId: {Ref: VSwitch}
China-Specific Considerations
ICP Filing
- Required for websites hosted in mainland China
- Obtain before pointing domain to Alibaba Cloud
- Allow 20-30 business days for approval
- Different requirements for personal vs corporate
Data Residency & Compliance
- Data localization laws require China region storage
- Use: cn-hangzhou, cn-shanghai, cn-beijing, cn-shenzhen
- Understand Cybersecurity Law and Data Security Law
- Cross-border transfer requires security assessment
Network & Performance
- Great Wall Firewall impacts international connectivity
- Use China CDN for domestic users
- Use Global Accelerator for cross-border access
- Test from within China for accurate results
Migration to Alibaba Cloud
Assessment
- Inventory infrastructure, applications, and dependencies
- Analyze regulatory requirements (ICP, data residency)
- Map services to Alibaba Cloud equivalents
- Estimate costs with pricing calculator
- Plan connectivity (VPN Gateway, Express Connect)
Strategies
- Rehost - Lift and shift with minimal changes
- Replatform - Optimize with managed services (RDS, OSS, Redis)
- Refactor - Rebuild with cloud-native services (Function Compute, ACK)
- Hybrid - Partial migration with on-premises connectivity
Execution
- Set up account and configure RAM
- Establish network connectivity
- Create VPC, VSwitches, security groups
- Migrate data to OSS/RDS
- Deploy applications to ECS/ACK
- Configure SLB and DNS
- Set up CloudMonitor and Log Service
- Test and execute cutover
See cloud-migration.md for detailed procedures
Reference Files
Load detailed documentation when needed:
-
Compute Services: See compute-services.md for ECS instance families, specifications, custom images, Auto Scaling configuration, and optimization techniques
-
Storage Solutions: See storage-solutions.md for OSS bucket policies, encryption, lifecycle rules, NAS setup, and storage optimization strategies
-
Database Services: See database-services.md for ApsaraDB RDS, PolarDB, Redis, MongoDB configuration, tuning, backup, and high availability setup
-
Infrastructure as Code: See infrastructure-as-code.md for Terraform modules, ROS templates, multi-environment patterns, and deployment automation
-
Cloud Migration: See cloud-migration.md for migration assessment, service mapping, data transfer tools, and cutover procedures
More from dauquangthanh/hanoi-rainbow
frontend-design-review
Conducts comprehensive frontend design reviews covering UI/UX design quality, design system validation, accessibility compliance, responsive design patterns, component library architecture, and visual design consistency. Evaluates design specifications, Figma/Sketch files, design tokens, interaction patterns, and user experience flows. Identifies usability issues, accessibility violations, design system deviations, and provides actionable recommendations for improvement. Produces detailed design review reports with severity-rated findings, visual examples, and implementation guidelines. Use when reviewing frontend designs, validating design systems, ensuring accessibility compliance, evaluating component libraries, assessing responsive designs, or when users mention design review, UI/UX review, Figma review, design system validation, accessibility audit, or frontend design quality.
276frontend-ui-ux-design
Creates comprehensive frontend UI/UX designs including user interfaces, design systems, component libraries, responsive layouts, and accessibility implementations. Produces wireframes, mockups, design specifications, and implementation guidelines. Use when designing user interfaces, creating design systems, building component libraries, implementing responsive designs, ensuring accessibility compliance, or when users mention UI design, UX design, interface design, design systems, user experience, or frontend design patterns.
171keycloak-administration
Provides comprehensive KeyCloak administration guidance including realm management, user/group administration, client configuration, authentication flows, identity brokering, authorization policies, security hardening, and troubleshooting. Covers SSO configuration, SAML/OIDC setup, role-based access control (RBAC), user federation (LDAP/AD), social login integration, multi-factor authentication (MFA), and high availability deployments. Use when configuring KeyCloak, setting up SSO, managing realms and clients, troubleshooting authentication issues, implementing RBAC, or when users mention "KeyCloak", "SSO", "OIDC", "SAML", "identity provider", "IAM", "authentication flow", "user federation", "realm configuration", or "access management".
166oracle-cloud
Provides comprehensive Oracle Cloud Infrastructure (OCI) guidance including compute instances, networking (VCN, load balancers, VPN), storage (block, object, file), database services (Autonomous Database, MySQL, NoSQL), container orchestration (OKE), identity and access management (IAM), resource management, cost optimization, and infrastructure as code (Terraform OCI provider, Resource Manager). Produces infrastructure code, deployment scripts, configuration guides, and architectural diagrams. Use when designing OCI architecture, provisioning cloud resources, migrating to Oracle Cloud, implementing OCI security, setting up OCI databases, deploying containerized applications on OKE, managing OCI resources, or when users mention "Oracle Cloud", "OCI", "Autonomous Database", "VCN", "OKE", "OCI Terraform", "Resource Manager", "Oracle Cloud Infrastructure", or "OCI migration".
83backend-design
Designs comprehensive backend systems including RESTful APIs, microservices, database architecture, authentication/authorization, caching strategies, message queues, and scalability patterns. Produces API specifications, database schemas, architecture diagrams, and implementation guides. Use when designing backend services, APIs, data models, distributed systems, authentication flows, or when users mention backend architecture, API design, database design, microservices, or server-side development.
55requirement-review
Conducts comprehensive requirements review including completeness validation, clarity assessment, consistency checking, testability evaluation, and standards compliance. Produces detailed review reports with findings, gaps, conflicts, and improvement recommendations. Use when reviewing requirements documents (BRD, SRS, user stories), validating acceptance criteria, assessing requirements quality, identifying gaps and conflicts, or ensuring standards compliance (IEEE 830, INVEST criteria). Trigger when users mention "review requirements", "validate requirements", "check requirements quality", "find requirement issues", or "assess BRD/SRS quality".
52