42 lines
1.3 KiB
Markdown
42 lines
1.3 KiB
Markdown
---
|
||
title: "Cloud Guardrails"
|
||
type: concept
|
||
tags: [Cloud, Security, Guardrails, Enterprise-Architecture]
|
||
last_updated: 2026-04-18
|
||
---
|
||
|
||
## Definition
|
||
云守护栏(Cloud Guardrails)捕获可扩展性、成本最小化和灵活性的强制性要求和最佳实践。
|
||
|
||
## Key Attributes
|
||
- **Purpose**:确保云环境符合企业安全和治理标准
|
||
- **Scope**:应用于所有云工作负载
|
||
- **Implementation**:通过 Landing Zone 框架自动执行
|
||
|
||
## Core Components
|
||
- 设计概念(Design Concepts)
|
||
- 能力(Capabilities)
|
||
- 最佳实践(Best Practices)
|
||
|
||
## Design Principles
|
||
- Cloud-First:优先使用云原生服务
|
||
- Well-Architected Frameworks:遵循架构最佳实践
|
||
- Infrastructure as Code (Terraform):基础设施即代码
|
||
- Resource Tagging:资源标签策略
|
||
|
||
## Executable Packaging
|
||
优先使用现有云服务和托管服务,最小化自定义代码。
|
||
|
||
## Functional Partitioning
|
||
将单体应用分解为更小的独立块或无服务器功能。
|
||
|
||
## Relationships
|
||
- [[Enterprise Architecture]] → defines → [[Cloud Guardrails]]
|
||
- [[Cloud Guardrails]] → enforces → [[Landing Zone]]
|
||
- [[Terraform]] → implements → [[Cloud Guardrails]]
|
||
|
||
## See Also
|
||
- [[Landing Zone]]
|
||
- [[Enterprise Architecture]]
|
||
- [[Terraform]]
|
||
- [[Zero Trust Architecture]] |