AWS Environment Standard
Default hosting patterns
Frontend hosting
Default frontend hosting pattern:
CloudFront + WAF -> S3 bucket
Backend hosting
Default backend hosting pattern:
CloudFront + WAF -> ALB -> ECS
DNS standard
Domains are hosted in Route53 with:
- public hosted zones
- private hosted zones
Resource sharing rule
AWS resources should be shared as much as possible. Create new AWS resources only when needed.
This applies especially to:
- networking
- ingress layers
- shared security controls
- observability components
- messaging infrastructure
- supporting platform services
Documentation expectation
Docs for each product/environment should clearly show:
- where it fits in the shared AWS environment
- which resources are shared versus product-specific
- which permissions are required
- what traffic/data flow exists across the environment
Exception handling
If a product requires dedicated resources instead of shared ones, the reason must be documented explicitly, including:
- technical reason
- security or isolation need
- operational trade-off
- cost/complexity impact