Substrate is an opinionated suite of tools that manage secure and reliable cloud infrastructure in AWS. These tools create strict security boundaries and limit the blast radius of changes through control of AWS resources themselves as well as the networks through which applications communicate. They're built for users with stringent security and reliability requirements and can operate within rigid compliance regimes.

Here's what customers get from Substrate: At the most basic levels, they know they’re using AWS properly. They maximize the security benefits they reap from AWS. They maximize the potential reliability of their software. They avoid having to read every release note and bit of documentation AWS writes. They have tools they're very unlikely to outgrow and yet are easy to stop using if they do. And they avoid taking on difficult-to-pay-down ("high interest") technical debt in their AWS implementation.

The public cloud is not without its drawbacks: Security mistakes there are quickly noticed and exploited. And yet the cost and elasticity of the public cloud is too compelling to ignore because availability expectations continue to grow. The public cloud, especially AWS, is the obvious place to host the next generation of software. Substrate sets customers up to deliver that software securely and reliably.

Glossary

These terms are used precisely in this document so it’s best to define them early.

Substrate-managed infrastructure is categorized as follows:

• Domain: Names a service or tightly coupled collection of services; use more of these to reduce the blast radius of changes so that one service can't take down every service
• Environment (development, ci, test, qa, staging, production, ...): Identifies a data set (for example, users of a website and all the content the website's storing on their behalf) and the controls (for example, restricting employees' ability to read user data) that must apply to that data set so that e.g. code in development can't reach data in production
• Quality (alpha, beta, gamma): States the quality of a collection of infrastructure; useful as steps in deployment so that a change doesn't impact all capacity immediately

Domain, Environment, and Quality are fundamental. Almost every resource has exactly one value for each of these parameters; a few exceptional resources have none. Most AWS accounts in an Organization will be annotated with values for all three and all resources within that AWS account will match.

• Organization: An AWS organization managed by Substrate; encompasses all Domains, Environments, and Qualities
• Traffic (dogfood, canary, …): Describes the disposition of the traffic that reaches certain infrastructure, used mostly when discussing routing and load-balancing policies

More terminology will be added as it becomes necessary.

Principles

• Substrate should express strong opinions when there is an objectively right way to do something. A user who wants to do that thing the wrong way is free to do so in their own code. Other aspects of Substrate may not function properly in that case.
• Substrate should not be prescriptive when there are multiple reasonable approaches. For example: EC2, ECS, and EKS are all valid hosting environments for an application and Substrate will not advantage or disadvantage any one in favor of any other.
• All else being equal, less software is better.
• Frequent instance (and container) replacement is good hygiene. This is true even for databases and other stateful systems.