Static website or SPA
Route 53 -> CloudFront -> S3, with ACM for TLS and optional WAF.
Core pieces
- S3 bucket for assets
- CloudFront distribution
- custom domain
- ACM certificate
- cache policy
- CI/CD upload step.
Production note
Use CloudFront invalidations carefully, block direct public S3 access, and add security headers.
Serverless API
API Gateway -> Lambda -> DynamoDB, with EventBridge or SQS for async work.
Core pieces
- API Gateway routes
- Lambda versions/aliases
- DynamoDB PITR
- CloudWatch alarms
- structured logs
- DLQ or retry strategy.
Production note
Design idempotency, throttling, auth, reserved concurrency, and rollback before launch.
Container web app
CloudFront/WAF -> ALB -> ECS Fargate tasks across private subnets.
Core pieces
- ECR image scanning
- ECS service
- task role
- ALB health checks
- Secrets Manager
- CloudWatch logs
- autoscaling.
Production note
Tune health checks and deployment circuit breakers; keep databases outside tasks.
Multi-AZ relational app
ALB -> compute layer -> Aurora/RDS Multi-AZ with private subnets.
Core pieces
- VPC across two or more AZs
- DB subnet group
- backups
- RDS Proxy where needed
- alarms and restore drills.
Production note
Test failover, connection pooling, migrations, and point-in-time recovery.
Event-driven processing
EventBridge/SQS/SNS -> Lambda/ECS workers -> durable storage.
Core pieces
- Event schema
- DLQ
- retry policy
- archive/replay
- idempotent consumers
- backlog alarms.
Production note
Plan poison-message handling and replay procedures before production traffic.
Data lake and analytics
S3 data lake -> Glue catalog/jobs -> Athena/Redshift/OpenSearch/QuickSight.
Core pieces
- Bucket partitioning
- lifecycle policies
- IAM boundaries
- encryption
- data quality checks
- cost controls.
Production note
Control query scan costs and define ownership for raw, curated, and published zones.