Examples of golden paths for internal development platforms

Use the AWS Serverless Application Model (AWS SAM) CLI for local development and testing.

Use the AWS Integrated Application Test Kit for integration testing.

During load testing, use Amazon CodeGuru Profiler to fine-tune your application.

Use the AWS Cloud Development Kit (AWS CDK) for infrastructure as code.

Automate infrastructure and application deployment by using CDK Pipelines.

For scaffolding resources, create AWS Lambda functions by using container images and store them in Amazon Elastic Container Registry (Amazon ECR).

Use Lambda images over generic images.

For networking, it is recommended that you deploy Lambda functions in virtual private clouds (VPCs) that have VPC Flow Logs enabled and that you use interface VPC endpoints to access private resources.

Use Amazon API Gateway to route HTTP requests to Lambda functions.

Use versions to manage the deployment of your Lambda functions.

Use AWS AppConfig for dynamic configurations with validators.

Use AWS Secrets Manager to retrieve secrets.

For canary testing, use alias routing configuration to send a portion of traffic to a second Lambda function version.

Use automatic rollbacks in AWS CodeDeploy and configure alarms in Amazon CloudWatch to initiate the rollbacks.

Enable API Gateway access logs.

Log the API Gateway request ID, the extended request ID, and the Lambda request ID.

Use structured logs for Lambda functions, preferably in JSON format.

Emit logs to standard output (stdout) instead of calling the CloudWatch Logs API.

Use AWS Lambda Powertools to implement serverless best practices.

Set your log retention period according to your organization's requirements.

Enable CloudWatch Lambda Insights to collect, aggregate, and summarize diagnostic information, such as cold starts. This can help you isolate and quickly resolve issues with your Lambda functions.

In CloudWatch, use Errors, Throttles, ProvisionedConcurrencySpilloverInvocations, and Duration metrics to monitor your Lambda functions. For more information, see Working with Lambda function metrics.

In CloudWatch, use 4xx error codes, 5xx error codes, and latency metrics to monitor your APIs.

Use AWS X-Ray to collect data about requests that your application serves. For applications that use distributed components and services, this helps you quickly identify issues and opportunities for optimization.

Follow best practices for Amazon Elastic Container Service (Amazon ECS) container images.

Use Amazon Elastic Container Registry (Amazon ECR) to store container images and for continuous security scanning.

Follow best practices to architect your application on Amazon ECS.

Use the AWS Cloud Development Kit (AWS CDK) for infrastructure as code and CI/CD pipelines for both infrastructure and application deployment.

Use Amazon ECS Service Connect to manage Amazon ECS configurations for service discovery, connectivity, and traffic monitoring.

Use Amazon Elastic File System (Amazon EFS) for containerized applications that scale horizontally. Use Amazon Elastic Block Store (Amazon EBS) if your application requires sub-millisecond latency and doesn't need a shared file system.

Use AWS Fargate because it provides a managed way to containerize your workload without having to manage servers or clusters of Amazon Elastic Compute Cloud (Amazon EC2) instances.

Use blue/Green deployment with AWS CodeDeploy.

Use Amazon CloudWatch Container Insights to collect, aggregate, and summarize metrics and logs from your containerized applications and microservices.

Enable the FireLens for Amazon ECS log driver and use the AWS for Fluent Bit sidecar container to improve performance and redirect log streams to separate locations, such as Amazon Simple Storage Service (Amazon S3) or CloudWatch log groups.

Amazon ECS blueprints (GitHub)

Follow best practices for Amazon Elastic Container Service (Amazon ECS) container images.

Use Amazon Elastic Container Registry (Amazon ECR) to store container images and for continuous security scanning.

Use Helm to package your application templates.

Follow a GitOps approach by using Argo CD to deploy your application.

Use the AWS Load Balancer Controller to manage Elastic Load Balancing resources for your Kubernetes cluster.

Use cert-manager and AWS Private Certificate Authority Issuer to manage TLS certificates.

Use Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver or the Amazon Elastic File System (Amazon EFS) CSI driver for storage options.

Use ExternalDNS to integrate Kubernetes services with Amazon Route 53.

Use External Secrets Operator to store secrets in AWS Secrets Manager or AWS Systems Manager Parameter Store.

Use Crossplane to manage AWS infrastructure from your Kubernetes cluster.

Use Calico for network policies and Gatekeeper as a policy controller.

Use Karpenter for cluster autoscaling.

Use Amazon Managed Service for Prometheus and Amazon Managed Grafana for observability.

Use Kubecost to provide a real-time infrastructure cost visibility.

Amazon EKS blueprints for Terraform