Promoting Code with Pipeline Stages
Think of pipeline stages as quality gates. Code must pass one gate, like 'build', before being promoted to the next, like 'deploy to staging'. This is core to CI/CD, moving code safely from dev to production. The footgun is making later stages less strict.
AWS CodeDeploy: Automated, Safe Application Updates
AWS CodeDeploy automates pushing your application to servers, Lambda, or ECS. It handles complex updates across many targets, letting you release new features rapidly while minimizing downtime.
AWS CodeBuild: Managed Builds Without the Servers
Think of AWS CodeBuild as an on-demand build server you don't manage. It's used in CI/CD to compile code, run tests, and create artifacts. The main footgun is thinking it's a full CI/CD platform; it's just the 'build' step, needing an orchestrator.
Procfile: Declare Your App's Startup Commands
A Procfile is the start script for your cloud app, telling the platform what commands to run. You use it to define processes like a `web` server for HTTP traffic or `worker`s for background jobs.
AWS DMS: Automating Database Migrations
AWS DMS automates moving data between databases, not just as a simple data pump. Use it for one-time migrations to the cloud or for continuous replication. The footgun is assuming DMS also converts your schema; for different engines, you must use the Schema…
Global Database: One Logical DB, Multiple Regions
A global database is a single logical database that spans multiple geographic regions, providing fast local reads and disaster recovery. It's used for apps with a worldwide user base that must survive regional outages.
Managed In-Memory Data Store: Speed Without the Sysadmin
A managed in-memory store is a high-speed valet for your data, sitting between your app and database to serve requests at microsecond latency. Use it for database acceleration or session stores. The footgun is treating it as a permanent database.
Managed Document Databases: Your Data, Their Ops
A managed document database is like a fully-staffed warehouse for your data. You store JSON-like objects, and the provider handles security, maintenance, and scaling. It's the default for cloud apps, but the convenience isn't free—watch for surprise bills.
Managed Key-Value Databases: Scaling Without Server Chores
A managed key-value database is like an outsourced dictionary. You give it a key, it returns a value, and the cloud provider handles all scaling and server management. It's used for session stores or user profiles where you need fast lookups by a known ID.
Database Multi-AZ: High Availability vs. Read Scaling
Multi-AZ deployment is like a hot spare database in another datacenter for automatic failover. It's for critical systems where downtime is costly. The footgun is assuming all standbys serve reads; only the 'cluster' type does, not the 'instance' type.
DDoS Mitigation: Surviving Traffic Floods
DDoS mitigation acts like a smart bouncer, learning your app's normal traffic to block malicious floods. It's used for any public internet endpoint, filtering attacks at the network and transport layers (L3/L4).
Service Principal: Your App's Identity
A service principal is an application's identity in a specific security context, like a "robot user." It's the local instance that gets permissions, separate from the app's global blueprint. This is how CI/CD pipelines authenticate to cloud APIs.
RBAC: Manage Permissions with Roles, Not Users
RBAC manages permissions by assigning users to roles (e.g., "editor"), not by giving permissions directly. This simplifies security in large systems like AWS IAM. The footgun is creating overly broad roles that grant excessive, unintended access.
Cloud Direct Connect: A Private Lane to the Cloud
Think of Direct Connect as a private fiber-optic highway from your datacenter to the cloud, bypassing the public internet. It's for stable, high-bandwidth needs like large data transfers where public internet performance is too unpredictable or insecure.
VPC Peering: Connect Private Networks Securely
VPC peering connects two virtual networks as if they were one, letting them talk over private IPs. Use it to share files or access resources between VPCs across accounts or regions without going over the public internet.
Network ACLs: A Stateless Firewall for Subnets
A Network ACL (NACL) is a firewall for an entire cloud subnet, checking traffic as it enters or leaves. It's used for broad, stateless rules, like blocking a malicious IP from all instances.
Content Delivery Network (CDN): Serving Content from the Edge
A CDN is like a global chain of convenience stores for your website's assets. It caches copies closer to users for faster delivery, speeding up images, CSS, and video. The footgun: accidentally caching private user data and serving it to everyone.
Security Groups: Stateful Firewalls for Your Cloud Resources
A security group is a stateful firewall for your cloud resources, like a bouncer with an allow-list. Use it to let a web server accept traffic or a database talk to app servers. The footgun: opening SSH to the entire internet (0.0.0.0/0).
Cross-Region Replication (CRR): Geographic Data Copying
Cross-Region Replication automatically copies data to another geographic region, like a live backup. Use it for disaster recovery, lower latency for global users, or compliance. The footgun: it only copies *new* objects, not what's already in the bucket.
Block Storage Snapshots Are Incremental Backups
A snapshot is an incremental, point-in-time backup of a disk volume, saving only changed data blocks. Use it for disaster recovery to restore a volume's exact state. The footgun: deleting an older snapshot may not save money if a newer one needs its data.