This article is part of a series.


As a Security Architect, my role encompasses reviewing existing architectures as well as designing brand new ones from scratch. The opportunity to apply Security principles during the design phase and develop an entirely new infrastructure with Security as the core focus is truly exceptional.

Designing a secure cloud architecture is not only vital for achieving scalability, reliability, and compliance with regulations. It allows businesses to optimize their cloud infrastructure while maintaining the highest levels of data security.

Being able to prototype and visualize a draft for the upcoming architecture will greatly support making thought-out decisions. In this blog post, I will present some technologies and tools that I have come across.

What to design

First let’s define the cornerstones for the architecture we would like to design. For the sake of simplicity and because I am most familiar with it, we will be using AWS.

In order to have a concrete example, let’s implement a self-destructing Email service that allows users to send self-destructing emails a la “Mission Impossible” 😎. The software architecture for the self-destructing email service consists of following components:

Let’s add more complexity and use microservices along with AWS EKS. The infrastructure for the self-destructing email service, using AWS and EKS could consist of following components:

From an organizational point of view there will be multiple organizational units (OUs) which include tech, devops and security.

Within each organizational unit, there will be multiple accounts. This allows us to have different deployment environments such as production (prod) and development (dev).

Draft using pen & paper

As described above, there will be multiple organizational units. I did not include any accounts on paper, as doing so would have overcomplicated the entire drawing:


In the next post, I’ll show how to draw the architecture using PlantUML.

This article is part of a series.