TechnicalArchitectureMind MapTechnical Best PracticeCloud FirstInfra as CodeTerraformCloudformationAutomated PipelinesLintingTestingDeploymentsReleasesVersioning (Semantic)Auto Merge patch and minor dependenciesLintingContainer Security ScanningEphemeral EnvironmentsCheap to runDev and CI consistencyAuto destroyUptime GuarenteesAuto scalingMulti Region vs AZAZ is multiple data centers in a region, for example IrelandMulti Region is Ireland and London for exampleOn Demand BackupsRetention PolicyThing as a ServiceInfrastructure as a ServicePlatform as a ServiceSoftware as a ServiceSecurityWeb Application Firewall (WAF)Brute Force ProtectionCommon exploit protectionAccess PoliciesSelf managed key rotationThreat ModellingASVS (OWASP Application Security Verification Standard)Regular Independent Security Health CheckDynamic Application Security Testing (DAST)Static Application Security Testing (SAST)Dependency ScanningRenovate or DependabotMaintain security patchingAutomated detection of vulnerabilitiesNCSC WebcheckSelf managed automatically rotated keysTLS and HTTPS throughoutPrinciple of Least Privilege throughoutTechnologyFrontendAccessibilityYearly AuditsAutomated tooling checks in pipelineWAVEpa11yAxeWCAG 2.1 AAATest with built in OS software e.g.VoiceOver on MacCross Browser TestingDefine what you supportcaniuse.comBrowserstackProgressive Enhancementprefers-color-schemeNetwork Information APIService Workers APIwhatdoesmysitecost.comStatic or DynamicCDNHTTP/2RegionsPerformanceReal User Metrics (RUM)BenchmarksJavascript Error ReportingCSS, JS max sizesBrotli compressionWebVitalsAutomated TestingGoogle LighthouseDesign SystemDriven by UX and DesignReusable patternComponent based designFaster iterationsDataRetention PolicySecurityEncryption at RestCustomer Managed Encryption KeysAccess PoliciesEthicsOnly store what is neededGDPR - Right to forgetConsent ModelsVersioning of Data ModelsBackupsAvailabilityObservabilityServer Side MetricsTracingAWS X-RayAlertingLoggingAnonymised DataClient Side MetricsUser MetricsWeb VitalsAutomated Business KPIsCentralised DashboardsTechnical Best PracticeReusabilityIdentify common componentsReduce replication of codeDocumentation (In Repo where possible)Diagrams as CodeC4 Models (Structurizr)UML (PUML)Auto Generate low level diagrams from code base (If there is value)RunbooksREADMEsArchitectural Decision Records (ADRs)Contribution GuidelinesTestingUnitTesting of all domain and service layer components with mocked dependenciesIntegrationTesting of domain and service layer components with real external dependenciesAcceptance/UITesting of full application with mocked external dependenciesSmokeEnd to end testing of full application with development/production infrastructureTooling should be open source and industry standardApplication loggingLintingOpenAPI SpecificationsAuthenticationArchitectureAuthenticationOIDCCloud ProviderSocial LoginDomain Boundaries of servicesDomain Boundaries of DataAPIRESTfulOpenAPI SpecificationsSecurityAPI KeyOIDCMock ServersAPI StandardsVersioningResponse StatusValidationNaming conventionsGraphQLWebsocketsMultilingualI18NWeblateDiagrams as CodeC4 Models (Structurizr)UML (PUML)Disaster RecoveryRecovery time objective (RTO)Recovery point objective (RPO)Agreed recovery option vs costUser NeedsUser ResearchDo we have any already?Schedule research for regular release cyclesDemographicAgeBackgroundGenderKnowledgeAccessibilityProblemWhat is the problem we are trying to solve?High level user needsWhat does good look likeHow to measure successConstraintsTechEthicalInclusiveData NeedsData PrivacyConsent ModelEnvironmentalBusinessCustomerBudgetAgileSprint Reviews to stakeholdersDocumentation publishedDecision RecordsRegular feedback cycles