Back to Details

azure-cloud-architect

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Azure Cloud Architect

Azure云架构师

Design scalable, cost-effective Azure architectures for startups and enterprises with Bicep infrastructure-as-code templates.
使用Bicep基础设施即代码模板,为初创企业和企业设计可扩展、具成本效益的Azure架构。

Workflow

工作流程

Step 1: Gather Requirements

步骤1:收集需求

Collect application specifications:
- Application type (web app, mobile backend, data pipeline, SaaS, microservices)
- Expected users and requests per second
- Budget constraints (monthly spend limit)
- Team size and Azure experience level
- Compliance requirements (GDPR, HIPAA, SOC 2, ISO 27001)
- Availability requirements (SLA, RPO/RTO)
- Region preferences (data residency, latency)
收集应用规格:
- 应用类型(Web应用、移动后端、数据流水线、SaaS、微服务)
- 预期用户数和每秒请求数
- 预算限制(月度支出上限)
- 团队规模和Azure使用经验水平
- 合规要求(GDPR、HIPAA、SOC 2、ISO 27001)
- 可用性要求(SLA、RPO/RTO)
- 区域偏好(数据驻留、延迟)

Step 2: Design Architecture

步骤2:设计架构

Run the architecture designer to get pattern recommendations:
bash
python scripts/architecture_designer.py \
  --app-type web_app \
  --users 10000 \
  --requirements '{"budget_monthly_usd": 500, "compliance": ["SOC2"]}'
Example output:
json
{
  "recommended_pattern": "app_service_web",
  "service_stack": ["App Service", "Azure SQL", "Front Door", "Key Vault", "Entra ID"],
  "estimated_monthly_cost_usd": 280,
  "pros": ["Managed platform", "Built-in autoscale", "Deployment slots"],
  "cons": ["Less control than VMs", "Platform constraints", "Cold start on consumption plans"]
}
Select from recommended patterns:
  • App Service Web: Front Door + App Service + Azure SQL + Redis Cache
  • Microservices on AKS: AKS + Service Bus + Cosmos DB + API Management
  • Serverless Event-Driven: Functions + Event Grid + Service Bus + Cosmos DB
  • Data Pipeline: Data Factory + Synapse Analytics + Data Lake Storage + Event Hubs
See 
references/architecture_patterns.md
for detailed pattern specifications.
Validation checkpoint: Confirm the recommended pattern matches the team's operational maturity and compliance requirements before proceeding to Step 3.
运行架构设计器以获取模式建议:
bash
python scripts/architecture_designer.py \
  --app-type web_app \
  --users 10000 \
  --requirements '{"budget_monthly_usd": 500, "compliance": ["SOC2"]}'
示例输出:
json
{
  "recommended_pattern": "app_service_web",
  "service_stack": ["App Service", "Azure SQL", "Front Door", "Key Vault", "Entra ID"],
  "estimated_monthly_cost_usd": 280,
  "pros": ["Managed platform", "Built-in autoscale", "Deployment slots"],
  "cons": ["Less control than VMs", "Platform constraints", "Cold start on consumption plans"]
}
从推荐模式中选择:
  • App Service Web:Front Door + App Service + Azure SQL + Redis Cache
  • AKS上的微服务:AKS + Service Bus + Cosmos DB + API Management
  • 无服务器事件驱动:Functions + Event Grid + Service Bus + Cosmos DB
  • 数据流水线:Data Factory + Synapse Analytics + Data Lake Storage + Event Hubs
详见
references/architecture_patterns.md
获取详细模式说明。
验证检查点: 在进入步骤3之前,确认推荐模式符合团队的运维成熟度和合规要求。

Step 3: Generate IaC Templates

步骤3:生成IaC模板

Create infrastructure-as-code for the selected pattern:
bash
undefined
为选定的模式创建基础设施即代码:
bash
undefined

Web app stack (Bicep)

Web应用栈(Bicep)

python scripts/bicep_generator.py --arch-type web-app --output main.bicep

**Example Bicep output (core web app resources):**

```bicep
@description('The environment name')
param environment string = 'dev'

@description('The Azure region for resources')
param location string = resourceGroup().location

@description('The application name')
param appName string = 'myapp'

// App Service Plan
resource appServicePlan 'Microsoft.Web/serverfarms@2023-01-01' = {
  name: '${environment}-${appName}-plan'
  location: location
  sku: {
    name: 'P1v3'
    tier: 'PremiumV3'
    capacity: 1
  }
  properties: {
    reserved: true // Linux
  }
}

// App Service
resource appService 'Microsoft.Web/sites@2023-01-01' = {
  name: '${environment}-${appName}-web'
  location: location
  properties: {
    serverFarmId: appServicePlan.id
    httpsOnly: true
    siteConfig: {
      linuxFxVersion: 'NODE|20-lts'
      minTlsVersion: '1.2'
      ftpsState: 'Disabled'
      alwaysOn: true
    }
  }
  identity: {
    type: 'SystemAssigned'
  }
}

// Azure SQL Database
resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = {
  name: '${environment}-${appName}-sql'
  location: location
  properties: {
    administrators: {
      azureADOnlyAuthentication: true
    }
    minimalTlsVersion: '1.2'
  }
}

resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-05-01-preview' = {
  parent: sqlServer
  name: '${appName}-db'
  location: location
  sku: {
    name: 'GP_S_Gen5_2'
    tier: 'GeneralPurpose'
  }
  properties: {
    autoPauseDelay: 60
    minCapacity: json('0.5')
  }
}
Full templates including Front Door, Key Vault, Managed Identity, and monitoring are generated by 
bicep_generator.py
and also available in 
references/architecture_patterns.md
.
Bicep is the recommended IaC language for Azure. Prefer Bicep over ARM JSON templates: Bicep compiles to ARM JSON, has cleaner syntax, supports modules, and is first-party supported by Microsoft.
python scripts/bicep_generator.py --arch-type web-app --output main.bicep

**示例Bicep输出(核心Web应用资源):**

```bicep
@description('The environment name')
param environment string = 'dev'

@description('The Azure region for resources')
param location string = resourceGroup().location

@description('The application name')
param appName string = 'myapp'

// App Service Plan
resource appServicePlan 'Microsoft.Web/serverfarms@2023-01-01' = {
  name: '${environment}-${appName}-plan'
  location: location
  sku: {
    name: 'P1v3'
    tier: 'PremiumV3'
    capacity: 1
  }
  properties: {
    reserved: true // Linux
  }
}

// App Service
resource appService 'Microsoft.Web/sites@2023-01-01' = {
  name: '${environment}-${appName}-web'
  location: location
  properties: {
    serverFarmId: appServicePlan.id
    httpsOnly: true
    siteConfig: {
      linuxFxVersion: 'NODE|20-lts'
      minTlsVersion: '1.2'
      ftpsState: 'Disabled'
      alwaysOn: true
    }
  }
  identity: {
    type: 'SystemAssigned'
  }
}

// Azure SQL Database
resource sqlServer 'Microsoft.Sql/servers@2023-05-01-preview' = {
  name: '${environment}-${appName}-sql'
  location: location
  properties: {
    administrators: {
      azureADOnlyAuthentication: true
    }
    minimalTlsVersion: '1.2'
  }
}

resource sqlDatabase 'Microsoft.Sql/servers/databases@2023-05-01-preview' = {
  parent: sqlServer
  name: '${appName}-db'
  location: location
  sku: {
    name: 'GP_S_Gen5_2'
    tier: 'GeneralPurpose'
  }
  properties: {
    autoPauseDelay: 60
    minCapacity: json('0.5')
  }
}
完整模板包括Front Door、Key Vault、托管标识和监控功能,由
bicep_generator.py
生成,也可在
references/architecture_patterns.md
中获取。
Bicep是Azure推荐的IaC语言。 优先选择Bicep而非ARM JSON模板:Bicep可编译为ARM JSON,语法更简洁,支持模块,且由微软官方支持。

Step 4: Review Costs

步骤4:成本评估

Analyze estimated costs and optimization opportunities:
bash
python scripts/cost_optimizer.py \
  --config current_resources.json \
  --json
Example output:
json
{
  "current_monthly_usd": 2000,
  "recommendations": [
    { "action": "Right-size SQL Database GP_S_Gen5_8 to GP_S_Gen5_2", "savings_usd": 380, "priority": "high" },
    { "action": "Purchase 1-year Reserved Instances for AKS node pools", "savings_usd": 290, "priority": "high" },
    { "action": "Move Blob Storage to Cool tier for objects >30 days old", "savings_usd": 65, "priority": "medium" }
  ],
  "total_potential_savings_usd": 735
}
Output includes:
  • Monthly cost breakdown by service
  • Right-sizing recommendations
  • Reserved Instance and Savings Plan opportunities
  • Potential monthly savings
分析预估成本和优化机会:
bash
python scripts/cost_optimizer.py \
  --config current_resources.json \
  --json
示例输出:
json
{
  "current_monthly_usd": 2000,
  "recommendations": [
    { "action": "Right-size SQL Database GP_S_Gen5_8 to GP_S_Gen5_2", "savings_usd": 380, "priority": "high" },
    { "action": "Purchase 1-year Reserved Instances for AKS node pools", "savings_usd": 290, "priority": "high" },
    { "action": "Move Blob Storage to Cool tier for objects >30 days old", "savings_usd": 65, "priority": "medium" }
  ],
  "total_potential_savings_usd": 735
}
输出内容包括:
  • 按服务划分的月度成本明细
  • 资源合理配置建议
  • 预留实例和节省计划机会
  • 潜在月度节省金额

Step 5: Configure CI/CD

步骤5:配置CI/CD

Set up Azure DevOps Pipelines or GitHub Actions with Azure:
yaml
undefined
搭建Azure DevOps流水线或GitHub Actions与Azure的集成:
yaml
undefined

GitHub Actions — deploy Bicep to Azure

GitHub Actions — 部署Bicep至Azure

name: Deploy Infrastructure on: push: branches: [main]
permissions: id-token: write contents: read
jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4
  - uses: azure/login@v2
    with:
      client-id: ${{ secrets.AZURE_CLIENT_ID }}
      tenant-id: ${{ secrets.AZURE_TENANT_ID }}
      subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

  - uses: azure/arm-deploy@v2
    with:
      resourceGroupName: rg-myapp-dev
      template: ./infra/main.bicep
      parameters: environment=dev

```yaml
name: Deploy Infrastructure on: push: branches: [main]
permissions: id-token: write contents: read
jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4
  - uses: azure/login@v2
    with:
      client-id: ${{ secrets.AZURE_CLIENT_ID }}
      tenant-id: ${{ secrets.AZURE_TENANT_ID }}
      subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

  - uses: azure/arm-deploy@v2
    with:
      resourceGroupName: rg-myapp-dev
      template: ./infra/main.bicep
      parameters: environment=dev

```yaml

Azure DevOps Pipeline

Azure DevOps Pipeline

trigger: branches: include: - main
pool: vmImage: 'ubuntu-latest'
steps:
  • task: AzureCLI@2 inputs: azureSubscription: 'MyServiceConnection' scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment group create
    --resource-group rg-myapp-dev
    --template-file infra/main.bicep
    --parameters environment=dev
undefined
trigger: branches: include: - main
pool: vmImage: 'ubuntu-latest'
steps:
  • task: AzureCLI@2 inputs: azureSubscription: 'MyServiceConnection' scriptType: 'bash' scriptLocation: 'inlineScript' inlineScript: | az deployment group create
    --resource-group rg-myapp-dev
    --template-file infra/main.bicep
    --parameters environment=dev
undefined

Step 6: Security Review

步骤6:安全审查

Validate security posture before production:
  • Identity: Entra ID (Azure AD) with RBAC, Managed Identity for service-to-service auth — never store credentials in code
  • Secrets: Key Vault for all secrets, certificates, and connection strings
  • Network: NSGs on all subnets, Private Endpoints for PaaS services, Application Gateway with WAF
  • Encryption: TLS 1.2+ in transit, Azure-managed or customer-managed keys at rest
  • Monitoring: Microsoft Defender for Cloud enabled, Azure Policy for guardrails
  • Compliance: Azure Policy assignments for SOC 2 / HIPAA / ISO 27001 initiatives
If deployment fails:
  1. Check the deployment status:
    bash
    az deployment group show \
  --resource-group rg-myapp-dev \
  --name main \
  --query 'properties.error'
  2. Review Activity Log for RBAC or policy errors.
  3. Validate the Bicep template before deploying:
    bash
    az bicep build --file main.bicep
az deployment group validate \
  --resource-group rg-myapp-dev \
  --template-file main.bicep
Common failure causes:
  • RBAC permission errors — verify the deploying principal has Contributor on the resource group
  • Resource provider not registered — run 
    az provider register --namespace Microsoft.Web
  • Naming conflicts — Azure resource names are often globally unique (storage accounts, web apps)
  • Quota exceeded — request quota increase via Azure Portal > Subscriptions > Usage + quotas
上线前验证安全状态:
  • 身份管理:使用Entra ID(Azure AD)结合RBAC,服务间认证采用托管标识——切勿在代码中存储凭证
  • 密钥管理:所有密钥、证书和连接字符串均存储在Key Vault中
  • 网络安全:所有子网配置NSG,PaaS服务使用私有端点,应用网关配置WAF
  • 加密:传输中使用TLS 1.2+,静态数据使用Azure托管或客户托管密钥加密
  • 监控:启用Microsoft Defender for Cloud,使用Azure Policy作为防护规则
  • 合规性:为SOC 2 / HIPAA / ISO 27001合规需求配置Azure Policy分配
如果部署失败:
  1. 检查部署状态:
    bash
    az deployment group show \
  --resource-group rg-myapp-dev \
  --name main \
  --query 'properties.error'
  2. 查看活动日志排查RBAC或策略错误。
  3. 部署前验证Bicep模板:
    bash
    az bicep build --file main.bicep
az deployment group validate \
  --resource-group rg-myapp-dev \
  --template-file main.bicep
常见失败原因:
  • RBAC权限错误——验证部署主体对资源组拥有Contributor权限
  • 资源提供者未注册——运行
    az provider register --namespace Microsoft.Web
  • 命名冲突——Azure资源名称通常需全局唯一(存储账户、Web应用)
  • 配额超限——通过Azure门户 > 订阅 > 使用情况+配额申请配额提升

Tools

工具

architecture_designer.py

architecture_designer.py

Generates architecture pattern recommendations based on requirements.
bash
python scripts/architecture_designer.py \
  --app-type web_app \
  --users 50000 \
  --requirements '{"budget_monthly_usd": 1000, "compliance": ["HIPAA"]}' \
  --json
Input: Application type, expected users, JSON requirements Output: Recommended pattern, service stack, cost estimate, pros/cons
根据需求生成架构模式建议。
bash
python scripts/architecture_designer.py \
  --app-type web_app \
  --users 50000 \
  --requirements '{"budget_monthly_usd": 1000, "compliance": ["HIPAA"]}' \
  --json
输入: 应用类型、预期用户数、JSON格式的需求 输出: 推荐模式、服务栈、成本预估、优缺点

cost_optimizer.py

cost_optimizer.py

Analyzes Azure resource configurations for cost savings.
bash
python scripts/cost_optimizer.py --config resources.json --json
Input: JSON file with current Azure resource inventory Output: Recommendations for:
  • Idle resource removal
  • VM and database right-sizing
  • Reserved Instance purchases
  • Storage tier transitions
  • Unused public IPs and load balancers
分析Azure资源配置以节省成本。
bash
python scripts/cost_optimizer.py --config resources.json --json
输入: 包含当前Azure资源清单的JSON文件 输出: 以下优化建议:
  • 移除闲置资源
  • VM和数据库合理配置
  • 购买预留实例
  • 存储层级转换
  • 清理未使用的公网IP和负载均衡器

bicep_generator.py

bicep_generator.py

Generates Bicep template scaffolds from architecture type.
bash
python scripts/bicep_generator.py --arch-type microservices --output main.bicep
Output: Production-ready Bicep templates with:
  • Managed Identity (no passwords)
  • Key Vault integration
  • Diagnostic settings for Azure Monitor
  • Network security groups
  • Tags for cost allocation
根据架构类型生成Bicep模板框架。
bash
python scripts/bicep_generator.py --arch-type microservices --output main.bicep
输出: 生产就绪的Bicep模板,包含:
  • 托管标识(无密码)
  • Key Vault集成
  • Azure Monitor诊断设置
  • 网络安全组
  • 成本分配标签

Quick Start

快速开始

Web App Architecture (< $100/month)

Web应用架构(月度成本< $100)

Ask: "Design an Azure web app for a startup with 5000 users"

Result:
- App Service (B1 Linux) for the application
- Azure SQL Serverless for relational data
- Azure Blob Storage for static assets
- Front Door (free tier) for CDN and routing
- Key Vault for secrets
- Estimated: $40-80/month
提问:"为拥有5000用户的初创企业设计Azure Web应用"

结果:
- 使用App Service(B1 Linux)托管应用
- 使用Azure SQL Serverless存储关系型数据
- 使用Azure Blob Storage存储静态资源
- 使用Front Door(免费层)实现CDN和路由
- 使用Key Vault管理密钥
- 预估成本:$40-80/月

Microservices on AKS ($500-2000/month)

AKS上的微服务(月度成本$500-2000)

Ask: "Design a microservices architecture on Azure for a SaaS platform with 50k users"

Result:
- AKS cluster with 3 node pools (system, app, jobs)
- API Management for gateway and rate limiting
- Cosmos DB for multi-model data
- Service Bus for async messaging
- Azure Monitor + Application Insights for observability
- Multi-zone deployment
提问:"为拥有5万用户的SaaS平台设计Azure上的微服务架构"

结果:
- 包含3个节点池(系统、应用、任务)的AKS集群
- 使用API Management实现网关和限流
- 使用Cosmos DB存储多模型数据
- 使用Service Bus实现异步消息传递
- 使用Azure Monitor + Application Insights实现可观测性
- 多区域部署

Serverless Event-Driven (< $200/month)

无服务器事件驱动(月度成本< $200)

Ask: "Design an event-driven backend for processing orders"

Result:
- Azure Functions (Consumption plan) for compute
- Event Grid for event routing
- Service Bus for reliable messaging
- Cosmos DB for order data
- Application Insights for monitoring
- Estimated: $30-150/month depending on volume
提问:"设计一个用于处理订单的事件驱动后端"

结果:
- 使用Azure Functions(消费计划)作为计算资源
- 使用Event Grid实现事件路由
- 使用Service Bus实现可靠消息传递
- 使用Cosmos DB存储订单数据
- 使用Application Insights实现监控
- 预估成本:$30-150/月(取决于业务量)

Data Pipeline ($300-1500/month)

数据流水线(月度成本$300-1500)

Ask: "Design a data pipeline for ingesting 10M events/day"

Result:
- Event Hubs for ingestion
- Stream Analytics or Functions for processing
- Data Lake Storage Gen2 for raw data
- Synapse Analytics for warehouse
- Power BI for dashboards
提问:"设计一个用于每日摄入1000万条事件的数据流水线"

结果:
- 使用Event Hubs实现数据摄入
- 使用Stream Analytics或Functions实现数据处理
- 使用Data Lake Storage Gen2存储原始数据
- 使用Synapse Analytics构建数据仓库
- 使用Power BI制作仪表盘

Input Requirements

输入要求

Provide these details for architecture design:
RequirementDescriptionExample
Application typeWhat you're buildingSaaS platform, mobile backend
Expected scaleUsers, requests/sec10k users, 100 RPS
BudgetMonthly Azure limit$500/month max
Team contextSize, Azure experience3 devs, intermediate
ComplianceRegulatory needsHIPAA, GDPR, SOC 2
AvailabilityUptime requirements99.9% SLA, 1hr RPO
JSON Format:
json
{
  "application_type": "saas_platform",
  "expected_users": 10000,
  "requests_per_second": 100,
  "budget_monthly_usd": 500,
  "team_size": 3,
  "azure_experience": "intermediate",
  "compliance": ["SOC2"],
  "availability_sla": "99.9%"
}
提供以下细节以进行架构设计:
需求描述示例
应用类型您要构建的应用类型SaaS平台、移动后端
预期规模用户数、每秒请求数1万用户、100 RPS
预算Azure月度支出上限最高$500/月
团队背景规模、Azure使用经验3名开发人员、中等经验
合规性监管要求HIPAA、GDPR、SOC 2
可用性停机时间要求99.9% SLA、1小时RPO
JSON格式:
json
{
  "application_type": "saas_platform",
  "expected_users": 10000,
  "requests_per_second": 100,
  "budget_monthly_usd": 500,
  "team_size": 3,
  "azure_experience": "intermediate",
  "compliance": ["SOC2"],
  "availability_sla": "99.9%"
}

Anti-Patterns

反模式

Anti-PatternWhy It FailsDo This Instead
ARM JSON templates for new projectsVerbose, hard to read, no modulesUse Bicep — compiles to ARM, cleaner syntax
Storing secrets in App SettingsSecrets visible in portal, no rotationUse Key Vault references in App Settings
Single large AKS node poolCannot optimize for different workloadsUse multiple node pools: system, app, jobs
Public endpoints on PaaS servicesExposed attack surfaceUse Private Endpoints + VNet integration
Over-provisioning "just in case"Wastes budget month oneStart small, use autoscale, right-size monthly
Shared resource groups for everythingBlast radius, RBAC nightmaresOne resource group per environment per workload
No tagging strategyCannot track costs or ownershipTag: environment, owner, cost-center, app-name
Using classic resourcesDeprecated, limited featuresUse ARM/Bicep resources exclusively
反模式失败原因正确做法
新项目使用ARM JSON模板冗长、可读性差、无模块支持使用Bicep——可编译为ARM,语法更简洁
在应用设置中存储密钥密钥在门户中可见,无法自动轮换在应用设置中使用Key Vault引用
单一大型AKS节点池无法针对不同工作负载优化使用多个节点池:系统、应用、任务
PaaS服务使用公网端点暴露攻击面使用私有端点 + VNet集成
“以防万一”过度配置从第一个月就浪费预算从小规模开始,使用自动扩缩容,每月合理调整资源配置
所有资源共享同一资源组故障影响范围大、RBAC管理混乱每个环境每个工作负载使用独立资源组
无标签策略无法跟踪成本或归属添加标签:环境、所有者、成本中心、应用名称
使用经典资源已弃用、功能有限仅使用ARM/Bicep资源

Output Formats

输出格式

Architecture Design

架构设计

  • Pattern recommendation with rationale
  • Service stack diagram (ASCII)
  • Monthly cost estimate and trade-offs
  • 带理由的模式建议
  • ASCII格式的服务栈图
  • 月度成本预估和权衡说明

IaC Templates

IaC模板

  • Bicep: Recommended — first-party, module support, clean syntax
  • ARM JSON: Generated from Bicep when needed
  • Terraform HCL: Multi-cloud compatible using azurerm provider
  • Bicep:推荐使用——官方支持、模块支持、简洁语法
  • ARM JSON:根据Bicep生成(按需使用)
  • Terraform HCL:使用azurerm provider实现多云兼容

Cost Analysis

成本分析

  • Current spend breakdown with optimization recommendations
  • Priority action list (high/medium/low) and implementation checklist
  • 当前支出明细及优化建议
  • 优先级操作列表(高/中/低)和实施清单

Cross-References

交叉引用

SkillRelationship
engineering-team/aws-solution-architect
AWS equivalent — same 6-step workflow, different services
engineering-team/gcp-cloud-architect
GCP equivalent — completes the cloud trifecta
engineering-team/senior-devops
Broader DevOps scope — pipelines, monitoring, containerization
engineering/terraform-patterns
IaC implementation — use for Terraform modules targeting Azure
engineering/ci-cd-pipeline-builder
Pipeline construction — automates Azure DevOps and GitHub Actions
技能关系
engineering-team/aws-solution-architect
AWS等效技能——相同的6步工作流程,不同服务
engineering-team/gcp-cloud-architect
GCP等效技能——覆盖三大云厂商
engineering-team/senior-devops
更广泛的DevOps范围——流水线、监控、容器化
engineering/terraform-patterns
IaC实现——用于面向Azure的Terraform模块
engineering/ci-cd-pipeline-builder
流水线构建——自动化Azure DevOps和GitHub Actions

Reference Documentation

参考文档

DocumentContents
references/architecture_patterns.md
5 patterns: web app, microservices/AKS, serverless, data pipeline, multi-region
references/service_selection.md
Decision matrices for compute, database, storage, messaging, networking
references/best_practices.md
Naming conventions, tagging, RBAC, network security, monitoring, DR
文档内容
references/architecture_patterns.md
5种模式:Web应用、微服务/AKS、无服务器、数据流水线、多区域
references/service_selection.md
计算、数据库、存储、消息传递、网络服务的决策矩阵
references/best_practices.md
命名规范、标签、RBAC、网络安全、监控、灾难恢复