Cloud Fundamentals

Key cloud concepts for Solution Architects. Understanding the services, patterns, and architectural decisions that matter most in government.

The UK government's Cloud First policy means that cloud hosting should be the default for new services. As a Solution Architect, you need to understand cloud services well enough to make informed decisions about hosting, architecture patterns, cost management, and security — without necessarily being a cloud engineer.

The architect's cloud role: You don't need to configure VPCs or write Terraform. You need to understand what's possible, what's appropriate, what the trade-offs are, and how to have informed conversations with cloud engineers and vendors.

Amazon Web Services (AWS)

AWS is the most widely used cloud platform in UK government, available through the Crown Commercial Service framework. Understanding its core services is essential for any government Solution Architect.

Compute

AWS offers multiple compute options, each suited to different architectural patterns:

  • EC2 (Elastic Compute Cloud): Virtual machines. Maximum control, maximum responsibility. Use when you need specific OS configurations or long-running processes.
  • Lambda: Serverless functions. No servers to manage, pay only for execution time. Ideal for event-driven architectures and APIs with variable traffic.
  • ECS/Fargate: Container orchestration. Good middle ground — containerised workloads without managing the underlying infrastructure.
  • Elastic Beanstalk: Platform-as-a-Service. Simplest deployment model for web applications. Good for teams with limited cloud expertise.

Storage

  • S3 (Simple Storage Service): Object storage. Virtually unlimited, highly durable. Use for files, backups, static website hosting, and data lakes.
  • EBS (Elastic Block Store): Block storage attached to EC2 instances. Use for databases and applications that need filesystem access.
  • EFS (Elastic File System): Managed file storage shared across multiple instances. Use when multiple services need access to the same files.

Databases

  • RDS (Relational Database Service): Managed relational databases (PostgreSQL, MySQL, SQL Server). Handles backups, patching, and failover.
  • DynamoDB: Managed NoSQL database. Excellent for high-throughput, low-latency workloads with simple access patterns.
  • Aurora: AWS's cloud-native relational database. Higher performance and availability than standard RDS, at higher cost.

Networking

  • VPC (Virtual Private Cloud): Your isolated network in AWS. Understanding VPC design is critical for security and compliance.
  • CloudFront: Content delivery network. Caches content at edge locations for faster delivery to users.
  • Route 53: DNS service. Manages domain names and routes traffic.
  • API Gateway: Managed API front door. Handles authentication, rate limiting, and routing for APIs.

Security & Identity

  • IAM (Identity and Access Management): Controls who can do what in your AWS account. The foundation of cloud security.
  • KMS (Key Management Service): Manages encryption keys. Essential for data protection compliance.
  • WAF (Web Application Firewall): Protects web applications from common attacks.
  • GuardDuty: Threat detection service. Monitors for suspicious activity in your account.

Key Architectural Decisions for Government

  • Region selection: UK government data typically must stay in the UK (eu-west-2, London region). Understand data residency requirements.
  • Multi-account strategy: Separate environments (dev, staging, production) into different AWS accounts for security isolation.
  • Managed vs. self-managed: Default to managed services. They reduce operational burden and are usually more secure out of the box.
  • Cost management: Cloud costs can spiral. Design with cost awareness — right-size instances, use reserved capacity for predictable workloads, and implement cost monitoring.

Microsoft Azure

Coming soon. Azure content is being developed. Azure is increasingly used in government, particularly where departments have existing Microsoft licensing agreements. Key topics will include Azure Government, Azure AD integration, and comparison with equivalent AWS services.

Google Cloud Platform (GCP)

Coming soon. GCP content is being developed. While less common in UK government than AWS or Azure, GCP offers strong data analytics and machine learning capabilities that are relevant for certain use cases.

Cloud Architecture Patterns

Regardless of which cloud provider you use, certain architectural patterns recur:

  • Serverless-first: Start with serverless and only move to containers or VMs when you have a specific reason. Less to manage, less to secure.
  • Event-driven: Decouple components using events and queues. Improves resilience and scalability.
  • Infrastructure as Code: Define your infrastructure in version-controlled templates. Enables repeatability, auditability, and disaster recovery.
  • Immutable infrastructure: Don't patch servers — replace them. Reduces configuration drift and simplifies rollback.
  • Defence in depth: Multiple layers of security controls. Network isolation, encryption at rest and in transit, least-privilege access, monitoring and alerting.