Architecture Weekly #117

Architecture Weekly Issue #117. Articles, books, and playlists on architecture and related topics. Split by sections, highlighted with complexity: 🤟 means hardcore, 👷‍♂️ is technically applicable right away,  🍼 - is an introduction to the topic or an overview. Now in telegram and Substack as well.

Highlights

Framework for implementation of Quorum Systems 🤟

Writing asynchronous code is hard. First option is writing callbacks for async events, which complicates control flow and leads to callback hell. Second one is using coroutines, which works well. However, even coroutines are suboptimal for implementation of quorum systems, as it imposes new challenges like working with the majorities and minorities of the replies. This paper suggest a framework to address that. Fun read!

#distributedsystems

Data Egress: What is it and how much does it cost? 👷‍♂️

While data ingress for cloud provides like the user uploading a file is typically free, data egress on the contrary cost you a lot. So it's crucial to understand how you can potentially pay for your data egress. That's why I am sharing this article.

Data Egress: What is it and how much does it cost?
A list of egress costs for major cloud providers.

#cost

Automatic CVE remediation using Generative AI 👷‍♂️

AI is indeed on hype, and it becomes quite hard to find really useful applications out of all that noice. Grab one though! Automatically finding vulnerabilities in the applications is long-known capability, but now you can apply AI to generate pull requests to fix them decreasing the time to fix. Great case!

Applying Generative AI to CVE remediation – early vulnerability patching in Continuous Integration Pipelines | Amazon Web Services
Cloud technologies are a rapidly evolving landscape. Securing cloud applications is everyone’s responsibility, meaning application development teams are needed to follow strict security guidelines from the earliest development stages, and to make sure of continuous security scans throughout the whol…

#security #ai

Follow-Up

The case for and against Amazon Cognito 🍼

There are many out-of-the-shelf options for implementation of authentication, authorization and role management like Auth0, OneLogin, JumpCloud etc. AWS has it's own solution - Amazon Cognito. But as always in software architecture it has its pros and cons. Follow the article for details.

The case for and against Amazon Cognito
Should you consider Amazon Cognito in your project? We’ve got the pros & cons for you, and many of the painpoints you need to consider.

#aws

Data Persistence Layer in a Node.js app 👷‍♂️

Another short piece of content from my side on how to properly isolate and organize the code working with persistence layer with the example of Typescript, Node.js and DynamoDB.

Data Persistence Layer in a Node.js app
You need to call a PostgreSQL or DynamoDB from your Nest.js app. How do you organize the code speaking to your database?

#code

The only two log levels you need are INFO and ERROR 🍼

Typical logging library would have several levels like error, warn, info, debug, trace etc. However this article argues that for each log entry you need to answer only one question: does it need to wake me up at night? If so, let it be error. All the rest - info. Follow the considerations in the article.

The only two log levels you need are INFO and ERROR | nicole@web

#observability

Designing High-Performance APIs 👷‍♂️

Grab an overview article on the principles and tactics that you can employ to design an API for high performance including caching, input validation, stateless design and many more.

Designing High-Performance APIs - DZone
Learn API design principles for optimal performance and scalability. Create high-performance APIs for great user experiences and workload management.

#api

Minimizing on-call burnout through alerts observability 👷‍♂️

You can imagine how many alerts more than a 1000 Prometheus servers can generate at Cloudflare. Without proper filtration and management of alerts the engineers will burn out faster than a match. In this post the Observability team explains their architecture and how do they approach a crazy number of alerts

Minimizing on-call burnout through alerts observability
Learn how Cloudflare used open-source tools to enhance alert observability, leading to increased resilience and improved on-call team well-being

#observability

WARNING 🇺🇦

The brutal and unjustified war against Ukraine continues already 2 years. If you want to help Ukraine directly visit this fund.

Big thanks to Nikita, Anatoly, Oleksandr, Dima, Pavel B, Pavel, Robert, Roman, Iyri, Andrey, Lidia, Vladimir, August, Roman, Egor, Roman, Evgeniy, Nadia, Daria, Dzmitry, Mikhail, Nikita, Dmytro, Denis and Mikhail for supporting the newsletter. They receive early access to the articles, influence the content and participate in the closed group where we discuss the architecture problems. They also see my daily updates on all the things I am working on. Join them at Patreon or Boosty!