Purpose
- One-stop, bullet-point, production-grade standards for architects + dev + SRE + security.
- Covers capabilities, quotas/limits, security baselines, cost tips, resiliency patterns, observability, CI/CD, and sample IaC + SDK.
- Treat as a living repo. Update via PRs when AWS releases change.
Scope (v1)
- Core: EC2, S3, Lambda, Step Functions, Glue, Athena, RDS, Route53
- Foundational: IAM, VPC, KMS, CloudWatch, CloudTrail, Organizations/SCP
- Common “top” services to round out most stacks: DynamoDB, API Gateway, CloudFront, EKS
Conventions: Prefer Terraform for IaC examples; include CLI + Python
boto3snippets. Use least-privilege IAM, SSE-KMS by default, private networking first, multi-AZ where applicable, tag everything.
aws-architecture-playbook/
├── STANDARDS.md
├── SECURITY_BASELINES.md
├── GOVERNANCE.md
├── OBSERVABILITY.md
├── COST.md
├── EC2/README.md
├── S3/README.md
├── Lambda/README.md
├── StepFunctions/README.md
├── Glue/README.md
├── Athena/README.md
├── RDS/README.md
├── Route53/README.md
├── IAM/README.md
├── VPC/README.md
├── KMS/README.md
├── CloudWatch/README.md
├── CloudTrail/README.md
├── Organizations/README.md
├── DynamoDB/README.md
├── APIGateway/README.md
├── CloudFront/README.md
└── EKS/README.md
How to use
- Teams: copy snippets, adapt tags, submit PRs.
- Architects: review PRs against checklists in each README.
- Security: map to CIS/WAF/Wizard and your org SCPs.