Skip to content

Operational Excellence Roadmap

Features / Functionalities 👨‍💻 💯🥇

Category Tags / Labels
Feature / Functionality
Status Doc
Cloud
Solutions
Architecture
leverage
cloud-solutions-architecture
documentation
DevSecOps & AWS Cloud Solutions Architecture Doc
Cloud
Solutions
Architecture
leverage
cloud-solutions-architecture
documentation
Demo Applications architecture / Services Specifications Doc
2021 Q1
Base
Infrastructure
leverage
base-infrastructure
github
Open Source Ref Architecture (le-tf-aws / le-ansible / le-tf-vault / le-tf-github)
2021 Q2
Base
Infrastructure
leverage
base-infrastructure
cli
Leverage cli (https://github.com/binbashar/leverage) for every Reference Architecture Repo (le-tf-aws / le-ansible / le-tf-vault / le-tf-github)
2021 Q2
Base
Infrastructure
leverage
base-infrastructure
organizations
Account Settings: Account Aliases and Password Policies, MFA, and enable IAM Access Analyzer across accounts.
Base
Infrastructure
leverage
base-infrastructure
storage
Storage: Account Enable encrypted EBS by default on all accounts; disable S3 public ACLs and policies
Base
Infrastructure
leverage
base-infrastructure
region
Define AWS Region / Multi-Region: keep in mind customers proximity, number of subnets, and other region limitations (https://infrastructure.aws)
Base
Infrastructure
leverage
base-infrastructure
vcs
Terraform Github Ref Architecture / Pre-requisites: permissions to set up webhooks, create/configure repositories, create groups (Preferred SSO tool)
2021 Q2
Base
Infrastructure
leverage
base-infrastructure
organizations

AWS Organizations: development/stage, production, shared, security, legacy
Base
Infrastructure
leverage
base-infrastructure
iam
IAM: initial accounts (security users, groups, policies, roles; shared/appdevtsg/appprd DevOps role)
Base
Infrastructure
leverage
base-infrastructure
vpc
Networking 1: DNS, VPC, Subnets, Route Tables, NACLs, NATGW, VPC Peering or TGW
Base
Infrastructure
leverage
base-infrastructure
vpn
Networking 2: VPN (install Pritunl, create organization, servers and users)
Kubernetes leverage
kubernetes
eks
Production Grade Cluster: deploy EKS cluster as code
Kubernetes leverage
kubernetes
k8s
K8s Helm + Terraform Binbash Leverage repository backing all the K8s components deployment and configuration
Kubernetes leverage
kubernetes
metrics
Monitoring: metrics-server (metrcis for K8s HPA + Cluster AutoScaler + Prom node Exporter) + kube-state-metrics (for Grafana Dasboards)
2021 Q2
Kubernetes leverage
kubernetes
iam
security
Security: Iam-authenticator, K8s RBAC (user, group and roles)
Kubernetes leverage
kubernetes
iam

Implement AWS service accounts (IRSA for EKS) to provide IAM credentials to containers running inside a kubernetes cluster based on annotations.
Kubernetes leverage
kubernetes
dashboard
Monitoring: K8s dashboard & Weave Scope
Kubernetes leverage
kubernetes
ingress
Ingress: review, analyze and implement (alb skipper, k8s nginx, alb sigs, etc)
Kubernetes leverage
kubernetes
ingress
Load Balancing: review, analyze and implement Ingress w/ LB (AWS ALB or NLB + access logs)
Kubernetes leverage
kubernetes
dns
Implement external-dns w/ annotations for K8s deployed Apps (https://github.com/kubernetes-sigs/external-dns)
Kubernetes leverage
kubernetes
services-discovery
Service Discovery: review, analyze and implement k8s native [env vars & core-dns] or Consul
2021 Q3
Kubernetes leverage
kubernetes
service-mesh
linkerd
Service Mesh: review, analyze and implement consul or linkerd2.
2021 Q3
CI/CD
Infrastructure
leverage
ci-cd-infrastructure
jenkins
Jenkins: installation, configuration, GitHub/GSuite/Bitbucket SSO-Auth integration
CI/CD
Infrastructure
leverage
ci-cd-infrastructure
spinnaker
Deployments / Jenkins or Tekton Pipelines + Argo-CD: installation, configuration, Github integration
2021 Q3
CI/CD
Infrastructure
leverage
ci-cd-infrastructure
droneci
DroneCI: installation, configuration, Github integration
2021 Q4
CI/CD
Infrastructure
leverage
ci-cd-infrastructure
webhook
Proxy Instance (webhooks) : installation, configuration, GitHub integration
2021 Q4
CI/CD
Infrastructure
leverage
ci-cd-infrastructure
qa
SonarQube: installation, configuration, GitHub/GSuite/Bitbucket SSO-Auth integration
2021 Q4
Applications
Infrastructure
leverage
apps-infrastructure
docker
containers
Automate and containerized app environments by using docker images, enabling consistent experience in local environment and dev/stage/prod Cloud environments.
Applications
Infrastructure
leverage
apps-infrastructure
docker
containers
Automate and containerized app environments by using docker images, enabling consistent experience in local environment and dev/stage/prod Cloud environments.
Applications
Infrastructure
leverage
apps-infrastructure
database
rds
Databases: RDS (most likely AWS Aurora MySql, single db for all microservices at first - Prod dedicated instance considering new auto-scaling feature and read-replicas) + RDS Proxy (if needed for high Cx N°) - Compliance: Consider using SSL/TLS to Encrypt a Connection to a DB Instance
Applications
Infrastructure
leverage
apps-infrastructure
queue
sqs
Queues: SQS (recommended for background workers and some microservices). Redis (AWS ElasticCache) / RabbitMQ (K8s Containerzied).
Applications
Infrastructure
leverage
apps-infrastructure
storage
s3
Storage: S3 (for the FrontEnd statics)
Applications
Infrastructure
leverage
apps-infrastructure
cloudfront
cdn
Caching: CloudFront (for the FrontEnd) w/ access logs
Applications
Infrastructure
leverage
apps-infrastructure
cache
redis
CacheLayer: AWS Elasticache (Memcache or Redis)