Tech Thoughts: Understand Your Principles
When you are growing fast clarity is incredible important. New people start all of the time and if you are hiring right they have a lot of different experiences and principles they have picked up along the way. Now is the time to be consistent and to create a list of principles you plan to live by. Here are the principles I like to use for an Infrastructure team:
CI/CD for Everything
Automated pipelines are more reliable and less vulnerable to human error. Code changes require CI/CD pipelines and code owner's approval.
Production is Read-only
The production environment is modified only by approved CI/CD pipelines. Only in a break-glass scenario do we provide humans elevated access to production.
Architect for Resiliency
Our infrastructure is deployed to three availability zones and has automated, built-in recovery mechanisms to withstand hardware failures and other disruptions. We don’t just expect things to fail: we regularly test our ability to deal with failures.
Simpler is Better
We try to automate and simplify our operations as much as possible and only add complexity when needed. We prefer to leverage managed services and existing technologies wherever possible to accomplish this. This allows us to benefit from the scale of our vendors while remaining focused on the task at hand.
Immutable Infrastructure
We prefer to replace resources rather than modify them. Our infrastructure is versioned in code and promoted through environments. We use automation to make sure that the infrastructure is consistently configured. This process helps us address any security issues and is vital for disaster recovery.
Security by Design
We follow strict patterns to guarantee the security of our infrastructure. These patterns help protect us from unintentional errors or malicious actors. At the core of this is the principle of least-privileged access. We have role-based access control groups to ensure that everybody has just enough access to do their jobs.