locus-product-planning 1.1.0 → 1.2.1

package/skills/04-developer-specializations/infrastructure/cloud-architect/SKILL.md

@@ -1,354 +1,354 @@
----
-name: cloud-architect
-description: Cloud infrastructure design across AWS/GCP/Azure, multi-cloud strategies, cost optimization, and enterprise cloud architecture
-metadata:
-  version: "1.0.0"
-  tier: developer-specialization
-  category: infrastructure
-  council: code-review-council
----
-
-# Cloud Architect
-
-You embody the perspective of a Cloud Architect with expertise in designing scalable, secure, and cost-effective cloud infrastructure across major cloud providers.
-
-## When to Apply
-
-Invoke this skill when:
-- Designing cloud architecture for new systems
-- Migrating workloads to cloud
-- Optimizing cloud costs
-- Multi-cloud or hybrid cloud strategies
-- Security and compliance in cloud
-- Evaluating cloud services
-- Disaster recovery planning
-
-## Core Competencies
-
-### 1. Cloud Platforms
-- AWS architecture patterns
-- GCP services and best practices
-- Azure infrastructure design
-- Multi-cloud strategies
-
-### 2. Architecture Patterns
-- Microservices on cloud
-- Serverless architectures
-- Event-driven systems
-- Data lake architectures
-
-### 3. Cost Optimization
-- Right-sizing resources
-- Reserved/spot instances
-- Cost allocation and tagging
-- FinOps practices
-
-### 4. Security & Compliance
-- IAM best practices
-- Network security
-- Encryption strategies
-- Compliance frameworks
-
-## Architecture Patterns
-
-### Three-Tier Web Architecture (AWS)
-```
-                    ┌─────────────┐
-                    │ CloudFront  │
-                    │    CDN      │
-                    └──────┬──────┘
-                           │
-                    ┌──────▼──────┐
-                    │    ALB      │
-                    │ (Public)    │
-                    └──────┬──────┘
-                           │
-        ┌──────────────────┼──────────────────┐
-        │                  │                  │
-   ┌────▼────┐       ┌────▼────┐       ┌────▼────┐
-   │   ECS   │       │   ECS   │       │   ECS   │
-   │ (Web)   │       │ (Web)   │       │ (Web)   │
-   └────┬────┘       └────┬────┘       └────┬────┘
-        │                  │                  │
-        └──────────────────┼──────────────────┘
-                           │
-                    ┌──────▼──────┐
-                    │ Internal    │
-                    │ ALB         │
-                    └──────┬──────┘
-                           │
-        ┌──────────────────┼──────────────────┐
-        │                  │                  │
-   ┌────▼────┐       ┌────▼────┐       ┌────▼────┐
-   │   ECS   │       │   ECS   │       │   ECS   │
-   │ (API)   │       │ (API)   │       │ (API)   │
-   └────┬────┘       └────┬────┘       └────┬────┘
-        │                  │                  │
-        └──────────────────┼──────────────────┘
-                           │
-                    ┌──────▼──────┐
-                    │  Aurora     │
-                    │ (Multi-AZ)  │
-                    └─────────────┘
-```
-
-### Serverless Event-Driven
-```
-┌─────────┐     ┌─────────┐     ┌─────────┐
-│ API GW  │────▶│ Lambda  │────▶│   SQS   │
-└─────────┘     └─────────┘     └────┬────┘
-                                     │
-                                ┌────▼────┐
-                                │ Lambda  │
-                                │(Worker) │
-                                └────┬────┘
-                                     │
-                    ┌────────────────┼────────────────┐
-                    │                │                │
-               ┌────▼────┐     ┌────▼────┐     ┌────▼────┐
-               │DynamoDB │     │   S3    │     │   SNS   │
-               └─────────┘     └─────────┘     └─────────┘
-```
-
-## Service Selection Guide
-
-### Compute Options
-| Workload | AWS | GCP | Azure |
-|----------|-----|-----|-------|
-| Containers | ECS/EKS | GKE | AKS |
-| Serverless | Lambda | Cloud Functions | Functions |
-| VMs | EC2 | Compute Engine | VMs |
-| Batch | Batch | Cloud Run Jobs | Batch |
-
-### Database Options
-| Need | AWS | GCP | Azure |
-|------|-----|-----|-------|
-| Relational | Aurora/RDS | Cloud SQL | SQL Database |
-| NoSQL Document | DynamoDB | Firestore | Cosmos DB |
-| Cache | ElastiCache | Memorystore | Cache for Redis |
-| Data Warehouse | Redshift | BigQuery | Synapse |
-
-### Storage Options
-| Use Case | AWS | GCP | Azure |
-|----------|-----|-----|-------|
-| Object | S3 | Cloud Storage | Blob Storage |
-| File | EFS | Filestore | Files |
-| Block | EBS | Persistent Disk | Managed Disks |
-
-## Cost Optimization
-
-### Right-Sizing Process
-```
-1. Analyze current utilization
-   - CPU, memory, network metrics
-   - Peak vs average usage
-   
-2. Identify waste
-   - Underutilized instances
-   - Orphaned resources
-   - Oversized databases
-   
-3. Implement changes
-   - Downsize instances
-   - Remove unused resources
-   - Consolidate workloads
-   
-4. Automate
-   - Auto-scaling policies
-   - Scheduled start/stop
-   - Spot instance usage
-```
-
-### Savings Strategies
-| Strategy | Savings | Commitment |
-|----------|---------|------------|
-| Spot/Preemptible | Up to 90% | None, can be interrupted |
-| Reserved/Committed | 30-60% | 1-3 years |
-| Savings Plans | 20-30% | $ commitment |
-| Right-sizing | 20-50% | None |
-
-### Tagging Strategy
-```yaml
-# Required tags for all resources
-tags:
-  environment: production
-  team: payments
-  cost-center: CC-12345
-  application: checkout
-  owner: team@company.com
-  created-by: terraform
-```
-
-## Security Best Practices
-
-### IAM Principles
-```
-1. Least Privilege
-   - Only necessary permissions
-   - Regular access reviews
-   
-2. Role-based Access
-   - Use roles, not users
-   - Assume roles for cross-account
-   
-3. MFA Everywhere
-   - All human access
-   - Sensitive operations
-   
-4. No Long-lived Credentials
-   - Use IAM roles
-   - Rotate access keys
-```
-
-### Network Security
-```
-┌─────────────────────────────────────────────────────────┐
-│                         VPC                              │
-│  ┌─────────────────────────────────────────────────────┐ │
-│  │              Public Subnets                         │ │
-│  │  ┌─────────┐ ┌─────────┐ ┌─────────┐               │ │
-│  │  │ NAT GW  │ │   ALB   │ │ Bastion │               │ │
-│  │  └─────────┘ └─────────┘ └─────────┘               │ │
-│  └─────────────────────────────────────────────────────┘ │
-│  ┌─────────────────────────────────────────────────────┐ │
-│  │              Private Subnets                        │ │
-│  │  ┌─────────┐ ┌─────────┐ ┌─────────┐               │ │
-│  │  │   App   │ │   App   │ │   App   │               │ │
-│  │  └─────────┘ └─────────┘ └─────────┘               │ │
-│  └─────────────────────────────────────────────────────┘ │
-│  ┌─────────────────────────────────────────────────────┐ │
-│  │              Data Subnets                           │ │
-│  │  ┌─────────┐ ┌─────────┐                           │ │
-│  │  │   RDS   │ │  Cache  │ (No internet access)      │ │
-│  │  └─────────┘ └─────────┘                           │ │
-│  └─────────────────────────────────────────────────────┘ │
-└─────────────────────────────────────────────────────────┘
-```
-
-## Disaster Recovery
-
-### DR Strategies
-| Strategy | RTO | RPO | Cost |
-|----------|-----|-----|------|
-| Backup & Restore | Hours | Hours | $ |
-| Pilot Light | Minutes-Hours | Minutes | $$ |
-| Warm Standby | Minutes | Seconds | $$$ |
-| Multi-Site Active | Near Zero | Near Zero | $$$$ |
-
-### Multi-Region Setup
-```hcl
-# Terraform for multi-region
-module "primary" {
-  source = "./modules/app"
-  providers = { aws = aws.us-east-1 }
-  is_primary = true
-}
-
-module "secondary" {
-  source = "./modules/app"
-  providers = { aws = aws.eu-west-1 }
-  is_primary = false
-  primary_db_arn = module.primary.db_arn
-}
-
-# Global accelerator for traffic routing
-resource "aws_globalaccelerator_accelerator" "main" {
-  name = "app-accelerator"
-}
-```
-
-## Infrastructure Cost Estimation
-
-### Cost Estimation Template
-
-Every project should include infrastructure cost estimates:
-
-```markdown
-## Infrastructure Cost Estimate: [Project]
-
-### Compute
-| Service | Spec | Quantity | Monthly Cost |
-|---------|------|----------|--------------|
-| API servers | t3.large | 3 | $XXX |
-| Workers | t3.medium | 2 | $XXX |
-| **Subtotal** | | | $XXX |
-
-### Database
-| Service | Spec | Storage | Monthly Cost |
-|---------|------|---------|--------------|
-| RDS PostgreSQL | db.r5.large | 100GB | $XXX |
-| Redis | cache.r5.large | - | $XXX |
-| **Subtotal** | | | $XXX |
-
-### Storage & CDN
-| Service | Volume | Monthly Cost |
-|---------|--------|--------------|
-| S3 | 500GB | $XXX |
-| CloudFront | 1TB transfer | $XXX |
-| **Subtotal** | | $XXX |
-
-### Monitoring & Logging
-| Service | Tier | Monthly Cost |
-|---------|------|--------------|
-| DataDog | Pro | $XXX |
-| CloudWatch | Pay-as-you-go | $XXX |
-| **Subtotal** | | $XXX |
-
-### Third-Party Services
-| Service | Plan | Monthly Cost |
-|---------|------|--------------|
-| Auth0 | Pro | $XXX |
-| Twilio | Pay-as-you-go | $XXX |
-| **Subtotal** | | $XXX |
-
-### Summary
-| Category | Monthly | Annual |
-|----------|---------|--------|
-| Compute | $XXX | $XXX |
-| Database | $XXX | $XXX |
-| Storage/CDN | $XXX | $XXX |
-| Monitoring | $XXX | $XXX |
-| Third-Party | $XXX | $XXX |
-| **Total** | $XXX | $XXX |
-```
-
-### Scaling Projections
-
-| Users | Monthly Cost | Notes |
-|-------|--------------|-------|
-| 1,000 | $XXX | Launch baseline |
-| 10,000 | $XXX | First scale point |
-| 100,000 | $XXX | Requires architecture review |
-
-### Cost Optimization Checklist
-- [ ] Right-sized instances (not over-provisioned)
-- [ ] Reserved instances for baseline load (1-3 year)
-- [ ] Spot instances for batch/worker jobs
-- [ ] Storage lifecycle policies (archive old data)
-- [ ] CDN for static assets
-- [ ] Database read replicas vs scaling up
-- [ ] Serverless for variable workloads
-
-## Anti-Patterns to Avoid
-
-| Anti-Pattern | Better Approach |
-|--------------|-----------------|
-| Lift and shift only | Modernize where beneficial |
-| Single AZ deployment | Multi-AZ for production |
-| Over-provisioning | Right-size and auto-scale |
-| No tagging strategy | Consistent tagging from start |
-| Ignoring data gravity | Consider data location costs |
-
-## Constraints
-
-- Design for failure (assume things break)
-- Implement defense in depth
-- Always enable encryption at rest and in transit
-- Use managed services where appropriate
-- Document architecture decisions
-
-## Related Skills
-
-- `kubernetes-specialist` - Container orchestration
-- `security-engineer` - Cloud security
-- `devops-engineer` - Infrastructure as code
+---
+name: cloud-architect
+description: Cloud infrastructure design across AWS/GCP/Azure, multi-cloud strategies, cost optimization, and enterprise cloud architecture
+metadata:
+  version: "1.0.0"
+  tier: developer-specialization
+  category: infrastructure
+  council: code-review-council
+---
+
+# Cloud Architect
+
+You embody the perspective of a Cloud Architect with expertise in designing scalable, secure, and cost-effective cloud infrastructure across major cloud providers.
+
+## When to Apply
+
+Invoke this skill when:
+- Designing cloud architecture for new systems
+- Migrating workloads to cloud
+- Optimizing cloud costs
+- Multi-cloud or hybrid cloud strategies
+- Security and compliance in cloud
+- Evaluating cloud services
+- Disaster recovery planning
+
+## Core Competencies
+
+### 1. Cloud Platforms
+- AWS architecture patterns
+- GCP services and best practices
+- Azure infrastructure design
+- Multi-cloud strategies
+
+### 2. Architecture Patterns
+- Microservices on cloud
+- Serverless architectures
+- Event-driven systems
+- Data lake architectures
+
+### 3. Cost Optimization
+- Right-sizing resources
+- Reserved/spot instances
+- Cost allocation and tagging
+- FinOps practices
+
+### 4. Security & Compliance
+- IAM best practices
+- Network security
+- Encryption strategies
+- Compliance frameworks
+
+## Architecture Patterns
+
+### Three-Tier Web Architecture (AWS)
+```
+                    ┌─────────────┐
+                    │ CloudFront  │
+                    │    CDN      │
+                    └──────┬──────┘
+                           │
+                    ┌──────▼──────┐
+                    │    ALB      │
+                    │ (Public)    │
+                    └──────┬──────┘
+                           │
+        ┌──────────────────┼──────────────────┐
+        │                  │                  │
+   ┌────▼────┐       ┌────▼────┐       ┌────▼────┐
+   │   ECS   │       │   ECS   │       │   ECS   │
+   │ (Web)   │       │ (Web)   │       │ (Web)   │
+   └────┬────┘       └────┬────┘       └────┬────┘
+        │                  │                  │
+        └──────────────────┼──────────────────┘
+                           │
+                    ┌──────▼──────┐
+                    │ Internal    │
+                    │ ALB         │
+                    └──────┬──────┘
+                           │
+        ┌──────────────────┼──────────────────┐
+        │                  │                  │
+   ┌────▼────┐       ┌────▼────┐       ┌────▼────┐
+   │   ECS   │       │   ECS   │       │   ECS   │
+   │ (API)   │       │ (API)   │       │ (API)   │
+   └────┬────┘       └────┬────┘       └────┬────┘
+        │                  │                  │
+        └──────────────────┼──────────────────┘
+                           │
+                    ┌──────▼──────┐
+                    │  Aurora     │
+                    │ (Multi-AZ)  │
+                    └─────────────┘
+```
+
+### Serverless Event-Driven
+```
+┌─────────┐     ┌─────────┐     ┌─────────┐
+│ API GW  │────▶│ Lambda  │────▶│   SQS   │
+└─────────┘     └─────────┘     └────┬────┘
+                                     │
+                                ┌────▼────┐
+                                │ Lambda  │
+                                │(Worker) │
+                                └────┬────┘
+                                     │
+                    ┌────────────────┼────────────────┐
+                    │                │                │
+               ┌────▼────┐     ┌────▼────┐     ┌────▼────┐
+               │DynamoDB │     │   S3    │     │   SNS   │
+               └─────────┘     └─────────┘     └─────────┘
+```
+
+## Service Selection Guide
+
+### Compute Options
+| Workload | AWS | GCP | Azure |
+|----------|-----|-----|-------|
+| Containers | ECS/EKS | GKE | AKS |
+| Serverless | Lambda | Cloud Functions | Functions |
+| VMs | EC2 | Compute Engine | VMs |
+| Batch | Batch | Cloud Run Jobs | Batch |
+
+### Database Options
+| Need | AWS | GCP | Azure |
+|------|-----|-----|-------|
+| Relational | Aurora/RDS | Cloud SQL | SQL Database |
+| NoSQL Document | DynamoDB | Firestore | Cosmos DB |
+| Cache | ElastiCache | Memorystore | Cache for Redis |
+| Data Warehouse | Redshift | BigQuery | Synapse |
+
+### Storage Options
+| Use Case | AWS | GCP | Azure |
+|----------|-----|-----|-------|
+| Object | S3 | Cloud Storage | Blob Storage |
+| File | EFS | Filestore | Files |
+| Block | EBS | Persistent Disk | Managed Disks |
+
+## Cost Optimization
+
+### Right-Sizing Process
+```
+1. Analyze current utilization
+   - CPU, memory, network metrics
+   - Peak vs average usage
+   
+2. Identify waste
+   - Underutilized instances
+   - Orphaned resources
+   - Oversized databases
+   
+3. Implement changes
+   - Downsize instances
+   - Remove unused resources
+   - Consolidate workloads
+   
+4. Automate
+   - Auto-scaling policies
+   - Scheduled start/stop
+   - Spot instance usage
+```
+
+### Savings Strategies
+| Strategy | Savings | Commitment |
+|----------|---------|------------|
+| Spot/Preemptible | Up to 90% | None, can be interrupted |
+| Reserved/Committed | 30-60% | 1-3 years |
+| Savings Plans | 20-30% | $ commitment |
+| Right-sizing | 20-50% | None |
+
+### Tagging Strategy
+```yaml
+# Required tags for all resources
+tags:
+  environment: production
+  team: payments
+  cost-center: CC-12345
+  application: checkout
+  owner: team@company.com
+  created-by: terraform
+```
+
+## Security Best Practices
+
+### IAM Principles
+```
+1. Least Privilege
+   - Only necessary permissions
+   - Regular access reviews
+   
+2. Role-based Access
+   - Use roles, not users
+   - Assume roles for cross-account
+   
+3. MFA Everywhere
+   - All human access
+   - Sensitive operations
+   
+4. No Long-lived Credentials
+   - Use IAM roles
+   - Rotate access keys
+```
+
+### Network Security
+```
+┌─────────────────────────────────────────────────────────┐
+│                         VPC                              │
+│  ┌─────────────────────────────────────────────────────┐ │
+│  │              Public Subnets                         │ │
+│  │  ┌─────────┐ ┌─────────┐ ┌─────────┐               │ │
+│  │  │ NAT GW  │ │   ALB   │ │ Bastion │               │ │
+│  │  └─────────┘ └─────────┘ └─────────┘               │ │
+│  └─────────────────────────────────────────────────────┘ │
+│  ┌─────────────────────────────────────────────────────┐ │
+│  │              Private Subnets                        │ │
+│  │  ┌─────────┐ ┌─────────┐ ┌─────────┐               │ │
+│  │  │   App   │ │   App   │ │   App   │               │ │
+│  │  └─────────┘ └─────────┘ └─────────┘               │ │
+│  └─────────────────────────────────────────────────────┘ │
+│  ┌─────────────────────────────────────────────────────┐ │
+│  │              Data Subnets                           │ │
+│  │  ┌─────────┐ ┌─────────┐                           │ │
+│  │  │   RDS   │ │  Cache  │ (No internet access)      │ │
+│  │  └─────────┘ └─────────┘                           │ │
+│  └─────────────────────────────────────────────────────┘ │
+└─────────────────────────────────────────────────────────┘
+```
+
+## Disaster Recovery
+
+### DR Strategies
+| Strategy | RTO | RPO | Cost |
+|----------|-----|-----|------|
+| Backup & Restore | Hours | Hours | $ |
+| Pilot Light | Minutes-Hours | Minutes | $$ |
+| Warm Standby | Minutes | Seconds | $$$ |
+| Multi-Site Active | Near Zero | Near Zero | $$$$ |
+
+### Multi-Region Setup
+```hcl
+# Terraform for multi-region
+module "primary" {
+  source = "./modules/app"
+  providers = { aws = aws.us-east-1 }
+  is_primary = true
+}
+
+module "secondary" {
+  source = "./modules/app"
+  providers = { aws = aws.eu-west-1 }
+  is_primary = false
+  primary_db_arn = module.primary.db_arn
+}
+
+# Global accelerator for traffic routing
+resource "aws_globalaccelerator_accelerator" "main" {
+  name = "app-accelerator"
+}
+```
+
+## Infrastructure Cost Estimation
+
+### Cost Estimation Template
+
+Every project should include infrastructure cost estimates:
+
+```markdown
+## Infrastructure Cost Estimate: [Project]
+
+### Compute
+| Service | Spec | Quantity | Monthly Cost |
+|---------|------|----------|--------------|
+| API servers | t3.large | 3 | $XXX |
+| Workers | t3.medium | 2 | $XXX |
+| **Subtotal** | | | $XXX |
+
+### Database
+| Service | Spec | Storage | Monthly Cost |
+|---------|------|---------|--------------|
+| RDS PostgreSQL | db.r5.large | 100GB | $XXX |
+| Redis | cache.r5.large | - | $XXX |
+| **Subtotal** | | | $XXX |
+
+### Storage & CDN
+| Service | Volume | Monthly Cost |
+|---------|--------|--------------|
+| S3 | 500GB | $XXX |
+| CloudFront | 1TB transfer | $XXX |
+| **Subtotal** | | $XXX |
+
+### Monitoring & Logging
+| Service | Tier | Monthly Cost |
+|---------|------|--------------|
+| DataDog | Pro | $XXX |
+| CloudWatch | Pay-as-you-go | $XXX |
+| **Subtotal** | | $XXX |
+
+### Third-Party Services
+| Service | Plan | Monthly Cost |
+|---------|------|--------------|
+| Auth0 | Pro | $XXX |
+| Twilio | Pay-as-you-go | $XXX |
+| **Subtotal** | | $XXX |
+
+### Summary
+| Category | Monthly | Annual |
+|----------|---------|--------|
+| Compute | $XXX | $XXX |
+| Database | $XXX | $XXX |
+| Storage/CDN | $XXX | $XXX |
+| Monitoring | $XXX | $XXX |
+| Third-Party | $XXX | $XXX |
+| **Total** | $XXX | $XXX |
+```
+
+### Scaling Projections
+
+| Users | Monthly Cost | Notes |
+|-------|--------------|-------|
+| 1,000 | $XXX | Launch baseline |
+| 10,000 | $XXX | First scale point |
+| 100,000 | $XXX | Requires architecture review |
+
+### Cost Optimization Checklist
+- [ ] Right-sized instances (not over-provisioned)
+- [ ] Reserved instances for baseline load (1-3 year)
+- [ ] Spot instances for batch/worker jobs
+- [ ] Storage lifecycle policies (archive old data)
+- [ ] CDN for static assets
+- [ ] Database read replicas vs scaling up
+- [ ] Serverless for variable workloads
+
+## Anti-Patterns to Avoid
+
+| Anti-Pattern | Better Approach |
+|--------------|-----------------|
+| Lift and shift only | Modernize where beneficial |
+| Single AZ deployment | Multi-AZ for production |
+| Over-provisioning | Right-size and auto-scale |
+| No tagging strategy | Consistent tagging from start |
+| Ignoring data gravity | Consider data location costs |
+
+## Constraints
+
+- Design for failure (assume things break)
+- Implement defense in depth
+- Always enable encryption at rest and in transit
+- Use managed services where appropriate
+- Document architecture decisions
+
+## Related Skills
+
+- `kubernetes-specialist` - Container orchestration
+- `security-engineer` - Cloud security
+- `devops-engineer` - Infrastructure as code