Amazon Web Services (AWS) and Microsoft Azure are the predominant cloud providers offering a myriad of services encompassing not only compute resources, but also databases, security and monitoring services.
These providers allow not only to centralize all services under one roof but also can be managed by developers instead of DevOps engineers thanks to their ease of use and robust default configuration.
Combined with tools like Terraform, the setup of complex and custom architecture can be done efficiently while keeping full control of all application layers.
Heroku is built on top of the Amazon Web Services (AWS) infrastructure and provides not only high reliability and availability but also comprehensive security.
It is easy to customize a Heroku instance by using their plugins, which are merely pre-configured tools and services. It saves a lot of time (comparatively to setting up and configuring a custom server), and it makes sense for many of the products that we develop.
Moreover, because lots of other tools and services integrate with Heroku, many steps in the life of the web application are simplified, such as deployment.
In terms of security, Heroku offers HIPAA compliance through their Heroku Shield architecture.
When building a web application, we need two separate and identical hosting environments:
- Staging: where we deploy the new features and improvements for testing. The staging environment is not public.
- Production: where all the tested and stable code lives. The production environment is open and accessible to the world.
It is essential that both servers are setup at the beginning of the development process. Doing so reduces the risk of having different configurations between staging and production.
The staging and production environments must be identical in their configuration. Otherwise, a feature that works on staging may end up not working on production, and it could go unnoticed for a while.