AWS, GCP, Azure — locked down, monitored, and on a budget you can predict at month-end. Terraform on day one, your account, your keys, our least-privilege role. Need GPU, vector DB, or an inference pipeline? We can spin it up — and we'll tell you if it's overkill for your case. AWS、GCP、Azure —— 权限收紧、监控就位、月底账单可预测。第一天就上 Terraform,基础设施在你账号下、用你的密钥、我们以最小权限加入。需要 GPU、向量数据库、推理流水线? 我们能搭 —— 但如果你的场景用不上,我们也会直说。
Most engagements blend a few of these. Tell us where you are; we'll tell you which two patterns matter most for the next quarter. 大多数项目都是这些组合。告诉我们你现在的状态,我们告诉你下个季度最该做哪两件。
VPC, IAM baseline, secrets manager, CI/CD bootstrap — done right on day one so you don't have to redo it in year three.VPC、IAM 底座、密钥管理、CI/CD 引导 —— 第一天就做对,免得三年后再来一遍。
Lift-and-shift or refactor from on-prem, shared hosts, or another cloud. Blue/green cutover, zero or minimal downtime.从机房 / 共享主机 / 别的云搬运或重构。蓝绿切换,零停机或极低停机。
Right-size, reserved / savings plans, S3 tiering, idle clean-up. Average 25–40% off the first month's bill.右配规格、预留 / 节省计划、S3 分层、空闲资源清理。首月账单平均下降 25–40%。
Multi-stage builds, preview environments per PR, automated rollbacks, signed releases. Deploy 12 times a day or once a week — your call.多阶段构建、每个 PR 一个预览环境、自动回滚、签名发版。一天 12 次或一周 1 次,你说了算。
Logs + metrics + traces + alerts that fire on real problems, not on dashboards-as-art. The on-call human gets a useful page, not a useless one.日志 + 指标 + 链路 + 告警,只在真有问题时响 —— 不是"看板艺术"。值班的人收到的页面是有用的,不是噪音。
Bring existing manual cloud setup under Terraform. Drift checks, state file ownership, modular structure your team can extend.把已有的"手点"基础设施纳入 Terraform 管理。漂移检查、State 归属清晰、模块化结构方便团队后续扩展。
Every phase has a written artifact: a doc, a diagram, a Terraform module, a runbook. Stop the engagement at any phase boundary — clean handoff, fixed bill. 每个阶段都有书面产出:文档、架构图、Terraform 模块、值班手册。任何阶段都可以中止,我们干净交接、账单清晰。
We catalogue every resource currently running, every IAM role with admin, every secret in plain text, and every "we don't know what this is doing" item. Output: a markdown inventory, a 12-month cost forecast, and a risk register sorted by blast radius.把当前每个资源、每个有管理员权限的 IAM 角色、每个明文密钥、以及每个"不知道在干嘛"的项目都登记下来。产出:Markdown 清册、12 个月成本预测、按"爆炸半径"排序的风险登记表。
A 10–20 page shaping doc: target diagram, region choice, network design, IAM matrix, secret strategy, cutover sequence. Reviewed in a 60-min call. Fixed price for the next phase appears at the end.10–20 页的塑型文档:目标架构图、区域选型、网络设计、IAM 矩阵、密钥策略、切换序列。开 60 分钟会过一遍。文档末尾就是下一阶段的固定报价。
Staging deploys first, then a 10% canary, then full. Friday demos on the staging URL. Cutover dry-run two weeks before prod day. Nothing ships on a Friday at 5pm.先 staging,再 10% 灰度,再全量。每周五在 staging 演示。生产切换前两周做一次完整演练。我们不在周五下午 5 点上线。
Every resource lives under code. Adding a new service is a PR your team can review. We write the dev-docs that explain how to extend, not just how to run.所有资源都在代码里。新加服务就是一个你团队可以 review 的 PR。我们写的开发者文档讲清楚"怎么扩",不只是"怎么跑"。
Least-privilege everywhere, secrets in a vault, MFA mandatory, CloudTrail / Cloud Audit Logs piped to a queryable destination. The auditor's checklist is half-done before they ask.处处最小权限,密钥进 Vault,MFA 强制,CloudTrail / Audit Logs 接入可查询的存储。审计师没开口,清单已经做完一半。
Business-hours on-call by default, 24/7 add-on with 15-min response SLA. Cost report on the 5th of every month. Quarterly architecture review where we kill what isn't earning its keep.默认工时值班,24/7 增配 15 分钟响应 SLA。每月 5 号成本报告。季度架构复盘 —— 不再值得留的东西就砍掉。
If you're already on a cloud, we work in it. If we're picking — these are what we reach for, because they'll still be around in 2031. 已经在用某个云,我们就用你的。让我们选 —— 这些是顺手的,因为它们 2031 年还会在。
If yours isn't here, write to [email protected]. A real engineer answers within 4 business hours. 没列到的问题,发给 [email protected]。真人工程师 4 小时内回。
No. IaC is portable, infrastructure lives in your cloud accounts, code in your repo. We hand over keys and walk if you ever want to. We've never had a client unable to leave with everything.不会。IaC 是可移植的,基础设施在你账号里、代码在你仓库里。任何时候你说停,我们交钥匙就走。从没有客户离开时拿不走全部。
25–40% in the first 90 days for clients migrating off shared hosts or first-year-AWS bills. After that, 5–15% per year from continuous tuning. We send a monthly cost report, so you can verify.从共享主机或"AWS 第一年没人管"的状态出来,前 90 天通常省 25–40%。此后每年继续调优能再省 5–15%。每月有成本报告,能自己核。
Default: no. Pick one cloud, do it well. Multi-cloud only when there's a real reason — regional law, vendor risk, or a specific service that's only on one provider. We'll tell you honestly which case you're in.默认:不做。选一朵云做好。只有真有理由才上多云 —— 地区法规、单一供应商风险、或者某项服务只在某家有。我们会直说你属于哪种。
No. Most SMBs are better with serverless (Cloud Run, Lambda, Fly.io). Kubernetes is a complexity tax most teams under 50 engineers don't need to pay. We'll only recommend it when team size and traffic justify it.不必。中小企业大多用无服务器更合适(Cloud Run、Lambda、Fly.io)。K8s 是一笔"复杂度税",50 人以下的团队基本不需要交。只有团队规模和流量真撑起,我们才推荐。
Usually yes via blue/green + feature flags + DNS warm-up. Some legacy DB cutovers genuinely need a 5–30 minute window — we'll tell you up front, schedule it for a Sunday morning, and rehearse it twice.大多可以,用蓝绿 + feature flag + DNS 预热。部分老数据库切换真的需要 5–30 分钟窗口 —— 我们会提前讲清楚,排在周日早晨,演练两遍。
Business hours included in the retainer (Mon–Fri 8a–7p PT). 24/7 add-on with a 15-minute response SLA. Median first reply over the last 30 days: 47 minutes.月费默认含工时值班(周一至五 PT 8 点至 19 点)。可加 24/7 值班(15 分钟响应 SLA)。过去 30 天首次回复中位数 47 分钟。