Amazon Web Services (AWS) and Microsoft Azure are the predominant cloud providers offering a myriad of services encompassing not only compute resources, but also databases, security and monitoring services.
These providers allow not only to centralize all services under one roof but also can be managed by developers instead of DevOps engineers thanks to their ease of use and robust default configuration.
Combined with tools like Terraform, the setup of complex and custom architecture can be done efficiently while keeping full control of all application layers.
Heroku is built on top of the Amazon Web Services (AWS) infrastructure and provides not only high reliability and availability but also comprehensive security.
Customizing a Heroku instance using their plugins, which are merely pre-configured tools and services is easy. It saves a lot of time (comparatively to setting up and configuring a custom server), and it makes sense for many of the products developed by the team.
Moreover, because lots of other tools and services integrate with Heroku, many steps in the life of the web application are simplified, such as deployment.
In terms of security, Heroku offers HIPAA compliance through their Heroku Shield architecture.
When building a web application, the team needs two separate and identical hosting environments:
- Staging: where to deploy the new features and improvements for testing. The staging environment is not public.
- Production: where all the tested and stable code lives. The production environment is open and accessible to the world.
It is essential that both servers are set up at the beginning of the development process. Doing so reduces the risk of having different configurations between staging and production.
The staging and production environments must be identical in their configuration. Otherwise, a feature that works on staging may end up not working on production, and it could go unnoticed for a while.