Security
Architecture Design
Security becomes easier to organize by separating what to protect, limiting permissions, and keeping records. Build it into the design from the start, not as an afterthought.
The 3 items in this chapter

Separate what to protect
Organize data, identity, permissions, secrets, and logs from separate perspectives. Clarifying what to protect makes choosing measures easier.
Limit permissions and keep records
Identity and permissions are the entry to security. Grant least privilege, elevate temporarily for critical actions, and keep operation records.


Audit and governance
Reduce risky configurations and keep things traceable with Policy, RBAC, and audit logs.

Network defense
Narrow the entry, control the path, and segment the interior.