Using Enterprise Deployment Design Patterns

The Introduction

Software deployment is an integral part of the Software Development Life Cycle (SDLC). With the advent of cloud based architectures, the understanding of strategies and patterns around this is very important to any software professional.

We tend to build a proper deployment strategy mainly to:

Deployment Patterns

There are multiple deployment strategies / patterns, which are widely used in the modern enterprise design.

[Setting up a VM cluster within an Availability Set]

The Scope

In Azure, we can discuss Virtual Machine (VM) availability mainly in three levels within the scope of a single Azure region.

In this blog, I will be focusing only on “Availability Sets” and how it can help to improve availability of your cloud applications.

Availability Sets

Availability Sets make sure that the Azure VMs are deployed across multiple isolated hardware nodes in a…

[A step by step guide to secure your CloudFront endpoints using AWS Certification Manager]

In part 01 and part 02 of AWS Route53 blog series, we discussed all possible routing policies with AWS Route 53. This blog will take this discussion further by integrating a secure CloudFront endpoint to a Route 53 registered domain.

The discussion will be explained using five (05) main tasks.

Task 1: Host a dummy web site in S3

Task 2: Create a CloudFront distribution and route to the web site hosted in S3

Task 3: Generate a public certificate using AWS Certification Manager (ACM)


[Part 02 — Routing Policies]

This blog is the Part 02 of AWS Route 53 series. The Part 01 explained about Route 53 features, Domain Registrations and Record Set creation. To continue the discussion further, this blog will explain the routing policies in detail.

A “Routing Policy” explains how the routing should be handled within Route 53.

There are multiple Routing Policies facilitated.

1. Simple Routing Policy

This is the default Routing Policy. This routing policy randomly selects the routing path and does not take the…

[Part 01 — Domain Registration and creating a Record Set]

This blog will discuss how we can leverage AWS Route 53 to register a Domain and to do a simple routing by creating a “A” Record Set.

What is Route 53?

Route 53 is highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications. It is fully compliant with IPV6 as well.

However, it is more than a DNS service, which can basically do:

Finding Details about a Domain


[Part 01 — AWS Identity Management Advanced Concepts Series]

SAML 2.0 — An Overview

The Security Assertion Markup Language (SAML) standard defines an XML based framework for describing and exchanging security information between business entities [1]. These security information is expressed in the form of portable SAML assertions that applications working across security domain boundaries which can trust.

SAML primarily being used in multiple use cases in terms of exchanging security information in a typical enterprise setting.

In this blog post, I will be focusing on the Identity Federation aspect in…

[Part 02 — Access between two AWS Accounts]

In the Part 01 of the AWS cross account access blog series, I discussed the cross account access between AWS accounts within an AWS organizational hierarchy.

In this blog article, I will be concentrating on the other aspect of cross account switching, which is role switching between two AWS accounts.

Scenario : You are required to have two AWS accounts (Account A and Account B) with ROOT user access. A user from AWS Account A should be able to access Account B resources (Lets say ReadOnlyAccess))

Step 1: Sign-in to Account A and create an IAM user (“userA”) with required…

For all Linux users, who need a proper Linux shell on your Windows machine!

The Background

As you may aware the latest Windows 10 version(s) do support in built Linux distros for your own experiments. As a native Linux user, this has been a god send to me when I tend to use Windows machines occasionally. Mainly because of this feature, I use Windows nowadays more than I ever used it :)

Over the years, I have been used to use native SSH command, which by default comes with Linux distros to connect to cloud virtual instances. …

[Part 02 — Patch Manager and Inventory]

This is the second part of my AWS Systems Manager (SSM) blog series. The first blog primarily talked about how we can use RUN command and how to create a SSM Managed instance.

This blog primarily will be focusing on another capability of SSM, which is the Patch Manager.


AWS Patch Manager automates the process of patching your managed instances with both security and other types of updates.

It enables you to scan instances for missing patches and apply missing patches individually or to a patch group.

For security patches, Patch Manager uses patch baselines that include rules for auto-approving…

[Part 01 — Part Accessing accounts within an AWS Organization]

AWS Cross Account Access is all about its ability to access resources of one AWS account from another AWS account.

This is possible using a feature called Role Switching. The Role Switching can happen between AWS Accounts within an AWS organization or between AWS organizations.

However, in this blog, we limit our discussion only between AWS accounts within a single AWS organization.

Lets discuss these steps in bit more detail now.

AWS Organizations

Before we dive into more details of AWS cross account access, lets discuss a little bit about AWS organizations and its hierarchy (See Figure 01).

Figure 01— A typical AWS organization

AWS organizations helps you…

Crishantha Nanayakkara 🇱🇰

VP Technology @ One Billion Tech, Software Architect, AWS Certified, Azure Certified, RedHat Certified

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store