cloud-architecture
Cloud Architecture
Design scalable, cost-effective, secure cloud infrastructure on AWS, GCP, or Azure.
Context
You are designing cloud infrastructure. Select services, plan scaling, networking, security, and cost. Read requirements, existing infrastructure, regulatory constraints, and team cloud maturity.
Domain Context
Based on cloud architecture best practices (AWS Well-Architected Framework, Google Cloud Architecture Framework):
- Compute: Servers (EC2/Compute Engine), containers (ECS/GKE), functions (Lambda/Cloud Functions), management burden increases
- Storage: Object storage (S3), databases (RDS/Cloud SQL), data warehouses (Redshift/BigQuery)
- Networking: VPC isolation, subnets, security groups, load balancing, DNS
- Observability: Metrics, logs, traces; CloudWatch, Stackdriver, DataDog
- Compliance: Shared responsibility; you manage application, cloud owns infrastructure
Instructions
-
Select Core Services: What workloads? Web app → App Engine/Elastic Beanstalk. Data processing → Spark on Kubernetes. Database → RDS PostgreSQL. Data warehouse → BigQuery.
-
Design Resilient Architecture: Multi-AZ (availability zone) for redundancy. Health checks and auto-recovery. Load balancing across instances. Plan RPO/RTO requirements.
-
Plan Networking: VPC with public and private subnets. Bastion for private access. Security groups restrict traffic. NAT Gateway for outbound access. CloudFlare or WAF for DDoS.
-
Implement Security: IAM roles (principle of least privilege). Encrypt data at rest (KMS) and in transit (TLS). Secrets management (Secrets Manager/Vault). Regular patching.
-
Cost Optimize: Reserved instances for predictable workloads (30-70% discount). Spot instances for batch/non-critical (70% discount). Right-size instances; monitor utilization. Use managed services to reduce operational overhead.
Anti-Patterns
- Lift-and-Shift Without Optimization: Move VMs to cloud as-is. Result: expensive, not cloud-native. Guard: Rearchitect for cloud; use managed services where appropriate.
- Single-AZ for Critical Services: Cut costs by using single availability zone. Result: outage when AZ fails. Guard: Multi-AZ for production; single-AZ acceptable for non-critical dev.
- Ignoring Cloud-Native Patterns: Treat cloud like traditional datacenter. Result: underutilize auto-scaling, caching, global distribution. Guard: Design for elasticity; use services like CDN, auto-scaling groups.
- No Cost Monitoring: Assume cloud is cheaper than on-prem. Result: bill shock. Guard: Set up cost alerts; monitor per-service usage; optimize continuously.
Further Reading
- AWS Well-Architected Framework — foundational cloud design principles
- Building Microservices on AWS — cloud-native architecture patterns
- Cloud Security Best Practices — security architecture for cloud
More from sethdford/claude-skills
api-test-automation
Expert approach to api-test-automation in test automation. Use when working with .
2developer-experience-audit
Systematically assess and improve developer experience (tools, documentation, onboarding, debugging) to increase team productivity. Use in roadmapping or when noticing developer friction.
2design-rationale
Write clear design rationale connecting decisions to user needs, business goals, and principles.
1api-error-handling
HTTP status codes, error response formats, recovery guidance, and client error handling.
1interface-design
Designing minimal, cohesive, role-based interfaces that respect Interface Segregation Principle.
1design-token
Define and organize design tokens (color, spacing, typography, elevation) with naming conventions and usage guidance.
1