Cloud Architecture: Best Practices for Deploying New Environments in the Cloud for the First Time – Part 3

  • In Part 1 and Part 2 of this three-part blog series, we reviewed Resource Allocation Planning, Tagging Resources, Authentication, Authorization and Password Policy, Audit Trail, Budget Control, Secure Access to cloud environments, Managing Compute Resources and Storing Sensitive Information.In the third, and final part of the series, we review additional best practices for building new environments in the cloud.

    Object Storage

    When using Object Storage, it is recommended to follow the following guidelines:

    • Avoid allowing public access to services such as Amazon S3, Azure Blob Storage, Google Cloud Storage, Oracle Cloud Object Storage, etc.
    • Enable audit access on Object Storage and store the access logs in a central account in the cloud environment (which will be accessible only for a limited amount of user accounts).
    • It is highly recommended to encrypt data at rest on all data inside Object Storage and when there is a business or regulatory requirement, and encrypt data using customer managed keys.
    • It is highly recommended to enforce HTTPS/TLS for access to object storage (users, computers and applications).
    • Avoid creating object storage bucket names with sensitive information, since object storage bucket names are unique and saved inside the DNS servers worldwide.


    Advanced use of cloud environments

    • Prefer to use managed services instead of manually managing virtual machines (services such as Amazon RDSAzure SQL DatabaseGoogle Cloud SQL, etc.).
      It allows consumption of services, rather than maintaining servers, operating systems, updates/patches, backup and availability, assuming managed services in cluster or replica mode is chosen.
    • Use Infrastructure as a Code (IoC) in-order to ease environment deployments, lower human errors and standardize deployment on multiple environments (Prod, Dev, Test).
      Common Infrastructure as a Code alternatives:


    To sum up:

    Plan. Know what you need. Think scale.

    If you use the best practices outlined here, taking off to the cloud for the first time will be an easier, safer and smoother ride then you might expect.

    Additional references

    Part 1, Part 2

This series was originally posted on the GÉANT Cloud team web portal at

Skip to content