Home / Application Design Considerations

Application Design Considerations

Cloud Computing and microservice architecture leads to special software design considerations for security. This is specially important for the application host or VM in a cloud like Amazon Web Services cloud:

  • Administrator accounts should not be used after initial registration and setup.
    Different identities (users or roles) with least privileges (to resources) should be set up using AWS Identity and Access Management (IAM) for different purposes.
  • No Elastic Compute Cloude (EC2) key pairs should be shared among different users.
  • Use server-side encryption to secure items in storage such as Simple Storage Service (AWS S3).
  • No VMs should have access to the internet execpt through a gateway with only the required ports. A virtual private network (VPN) with appropriate shubnets should be used.
  • Use AWS CloudTrail logs to monitor and audit access history.
  • Ship logs from Elastic Compute Cloude (EC2) instances to outside processing and storage components.
  • Components should be able to be isolated and deployed independently without affecting other components.
  • Components should be coded to be defensive and not to trust their invoker; for security and reliability reasons.
  • Components are provided with configurations (sometimes through dynamically querying an external service such as a Service Registry) appropriate to the environment in which they are executing. The components should be coded to test all configurations at initialization and use the configurations when invoking other components or resources.
  • Configurations should be saved in a version-controlled persistent storage so that:
    • Setting and using configurations can be tracked for auditing purposes.
    • Values of the configurations are available in case a component fails.
  • Invocation among services should be authenticated, with performance penalities of authentication being one of the considerations.
  • Communication to the external world should be encrypted, and communication among internal services should consider encryption (cf. boundaries). The considerations include data sensitivity, perimeter security and performance overhead.
  • Use a well-patched base image to create other customized image, and only allow each development team limited customization for their own service.