Back to Details

aws-architecture

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese
<!-- Adapted from: claude-skills/engineering-team/aws-solution-architect -->
<!-- 改编自:claude-skills/engineering-team/aws-solution-architect -->

AWS Solution Architecture Guide

AWS解决方案架构指南

Serverless, scalable, and cost-effective AWS cloud infrastructure.
无服务器、可扩展且经济高效的AWS云基础设施。

When to Use

适用场景

  • Designing AWS architecture for new applications
  • Optimizing AWS costs
  • Building serverless applications
  • Creating infrastructure as code
  • Multi-region deployments
  • 为新应用设计AWS架构
  • 优化AWS成本
  • 构建无服务器应用
  • 创建基础设施即代码
  • 多区域部署

Architecture Patterns

架构模式

1. Serverless Web Application

1. 无服务器Web应用

Best for: SaaS platforms, mobile backends, low-traffic sites
Frontend: S3 + CloudFront
API: API Gateway + Lambda
Database: DynamoDB or Aurora Serverless
Auth: Cognito
CI/CD: Amplify or CodePipeline
Cost: $50-500/month
最佳适用场景:SaaS平台、移动应用后端、低流量站点
Frontend: S3 + CloudFront
API: API Gateway + Lambda
Database: DynamoDB or Aurora Serverless
Auth: Cognito
CI/CD: Amplify or CodePipeline
成本:每月50-500美元

2. Event-Driven Microservices

2. 事件驱动型微服务

Best for: Complex workflows, async processing
Events: EventBridge
Processing: Lambda or ECS Fargate
Queue: SQS (with DLQ)
State: Step Functions
Storage: DynamoDB, S3
Cost: $100-1000/month
最佳适用场景:复杂工作流、异步处理
Events: EventBridge
Processing: Lambda or ECS Fargate
Queue: SQS (with DLQ)
State: Step Functions
Storage: DynamoDB, S3
成本:每月100-1000美元

3. Modern Three-Tier

3. 现代三层架构

Best for: Traditional web apps, e-commerce
Load Balancer: ALB
Compute: ECS Fargate or EC2 Auto Scaling
Database: RDS Aurora
Cache: ElastiCache Redis
CDN: CloudFront
Cost: $300-2000/month
最佳适用场景:传统Web应用、电商平台
Load Balancer: ALB
Compute: ECS Fargate or EC2 Auto Scaling
Database: RDS Aurora
Cache: ElastiCache Redis
CDN: CloudFront
成本:每月300-2000美元

Service Selection Guide

服务选择指南

Compute

计算服务

ServiceUse Case
LambdaEvent-driven, short tasks (<15 min)
FargateContainerized apps, long-running
EC2Custom configs, GPU/FPGA
App RunnerSimple container deployment
服务适用场景
Lambda事件驱动型、短任务(<15分钟)
Fargate容器化应用、长时间运行任务
EC2自定义配置、GPU/FPGA需求
App Runner简单容器部署

Database

数据库服务

ServiceUse Case
DynamoDBKey-value, serverless, <10ms latency
Aurora ServerlessRelational, variable workloads
RDSTraditional databases
DocumentDBMongoDB-compatible
NeptuneGraph database
服务适用场景
DynamoDB键值存储、无服务器、延迟<10ms
Aurora Serverless关系型数据库、可变工作负载
RDS传统数据库
DocumentDB兼容MongoDB
Neptune图数据库

Storage

存储服务

ServiceUse Case
S3 StandardFrequent access
S3 IABackups, archives
S3 GlacierLong-term archives
EFSShared file system
EBSBlock storage for EC2
服务适用场景
S3 Standard频繁访问
S3 IA备份、归档
S3 Glacier长期归档
EFS共享文件系统
EBSEC2块存储

Infrastructure as Code

基础设施即代码

CDK Example

CDK示例

typescript
import * as cdk from 'aws-cdk-lib';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as apigateway from 'aws-cdk-lib/aws-apigateway';

export class ApiStack extends cdk.Stack {
  constructor(scope: cdk.App, id: string) {
    super(scope, id);

    const handler = new lambda.Function(this, 'Handler', {
      runtime: lambda.Runtime.NODEJS_18_X,
      code: lambda.Code.fromAsset('lambda'),
      handler: 'index.handler',
    });

    new apigateway.LambdaRestApi(this, 'Api', {
      handler,
    });
  }
}
typescript
import * as cdk from 'aws-cdk-lib';
import * as lambda from 'aws-cdk-lib/aws-lambda';
import * as apigateway from 'aws-cdk-lib/aws-apigateway';

export class ApiStack extends cdk.Stack {
  constructor(scope: cdk.App, id: string) {
    super(scope, id);

    const handler = new lambda.Function(this, 'Handler', {
      runtime: lambda.Runtime.NODEJS_18_X,
      code: lambda.Code.fromAsset('lambda'),
      handler: 'index.handler',
    });

    new apigateway.LambdaRestApi(this, 'Api', {
      handler,
    });
  }
}

CloudFormation Snippet

CloudFormation代码片段

yaml
Resources:
  MyFunction:
    Type: AWS::Lambda::Function
    Properties:
      Runtime: nodejs18.x
      Handler: index.handler
      Code:
        S3Bucket: !Ref CodeBucket
        S3Key: function.zip
      MemorySize: 256
      Timeout: 30
yaml
Resources:
  MyFunction:
    Type: AWS::Lambda::Function
    Properties:
      Runtime: nodejs18.x
      Handler: index.handler
      Code:
        S3Bucket: !Ref CodeBucket
        S3Key: function.zip
      MemorySize: 256
      Timeout: 30

Cost Optimization

成本优化

Quick Wins

快速优化方案

  • Enable S3 Intelligent-Tiering
  • Use Savings Plans for predictable workloads
  • Set CloudWatch log retention (7-30 days)
  • Use VPC endpoints instead of NAT Gateway
  • Right-size Lambda memory
  • 启用S3智能分层
  • 为可预测工作负载使用Savings Plans
  • 设置CloudWatch日志保留期(7-30天)
  • 使用VPC终端节点替代NAT网关
  • 合理调整Lambda内存大小

Cost Breakdown Tips

成本分析技巧

  • Enable Cost Explorer
  • Set up billing alerts
  • Tag all resources for tracking
  • Review NAT Gateway traffic
  • Check data transfer costs
  • 启用Cost Explorer
  • 设置账单告警
  • 为所有资源添加标签以便追踪
  • 审查NAT网关流量
  • 检查数据传输成本

Security Best Practices

安全最佳实践

PracticeImplementation
Least PrivilegeIAM roles with minimal permissions
EncryptionKMS for at-rest, TLS for transit
Network IsolationPrivate subnets, security groups
SecretsSecrets Manager, not hardcoded
API ProtectionWAF, rate limiting, API keys
Audit LoggingCloudTrail, VPC Flow Logs
实践实现方式
最小权限原则使用权限最小化的IAM角色
加密静态数据用KMS加密,传输数据用TLS
网络隔离私有子网、安全组
密钥管理使用Secrets Manager,而非硬编码
API保护WAF、速率限制、API密钥
审计日志CloudTrail、VPC流日志

Startup Stages

创业公司阶段适配

MVP ($20-100/month)

MVP阶段(每月20-100美元)

  • Amplify full-stack
  • Lambda + API Gateway + DynamoDB
  • Cognito for auth
  • S3 + CloudFront for frontend
  • Amplify全栈方案
  • Lambda + API Gateway + DynamoDB
  • Cognito身份认证
  • S3 + CloudFront托管前端

Growth Stage ($500-2000/month)

增长阶段(每月500-2000美元)

  • Add ElastiCache
  • Aurora Serverless for complex queries
  • CloudWatch dashboards and alarms
  • CI/CD pipeline
  • Multi-AZ deployment
  • 添加ElastiCache缓存
  • 使用Aurora Serverless处理复杂查询
  • CloudWatch仪表盘与告警
  • CI/CD流水线
  • 多可用区部署

Scale-Up ($3000-10000/month)

规模化阶段(每月3000-10000美元)

  • Multi-region deployment
  • DynamoDB Global Tables
  • WAF and Shield
  • Advanced monitoring (X-Ray)
  • Reserved capacity
  • 多区域部署
  • DynamoDB全局表
  • WAF与Shield防护
  • 高级监控(X-Ray)
  • 预留容量

Common Pitfalls

常见陷阱

  • Over-engineering early - Don't build for 10M users with 100
  • Public S3 buckets - Block public access
  • Overly permissive IAM - Avoid 
    *
    permissions
  • No caching - Add CloudFront early
  • NAT Gateway costs - Use VPC endpoints
  • 过早过度设计 - 不要在只有100用户时就为1000万用户做架构
  • 公共S3存储桶 - 禁止公共访问
  • 过度宽松的IAM权限 - 避免使用
    *
    权限
  • 未配置缓存 - 尽早添加CloudFront
  • NAT网关成本过高 - 使用VPC终端节点