Cloud (AWS/GCP/Azure) — what I emphasize
- HA by design: multi-AZ, correct LB patterns, tested failure assumptions.
- Identity & access: least privilege IAM, short-lived creds, key rotation.
- Networking: VPC/subnets, routing, SG/NACL boundaries, safe ingress/egress.
- Cost controls: autoscaling, right sizing, lifecycle policies, cost-per-request thinking.
Practical deliverables
- Simple reference architectures (honest and debuggable)
- Runbooks for top failure modes
- Drift + compliance checks (automation-first)
Links