A choice of an architecture should start with an honest assessment of the application. Questions that need to be asked include, but isn't limited to:

• Is my application stateless?
• Are my DB migrations backward compatible?
• What kind of local development would my team want to have?
• In what kind of architecture advantages (scalability, cost-efficiency, reliability) is your business most willing to invest?

A common challenge during architecture design is to find a right balance between speed of implementation, cost effectiveness and flexibility that allows further painless development.
The best approach that Alpacked team has developed so far is to invest into the basis of the architecture at the very beginning even if it seems like an overhead at first sight. Best way to understand it is to dig into the real case.
A common case is an architecture design of a monolith PHP application. First thing that comes to mind is to spin up an EC2 instance under the Autoscaling configuration, deploy it there, configure backups and other best practices. What is wrong with this approach one might ask.
Problems emerge when continuous development takes its place. "It works on my machine" issues, tremendous losses during onboarding processes, laggy scaling and security issues appear from nowhere.
If the one had taken a decision to go with a dockzerized solution like Kubernetes, Docker Swarm or ECS, it would have pre-solved these problems. No need to apply all the best practices when you are just getting started, but the right direction chosen at the design stage will make the team and business to align to the best practices automatically which will pay off eventually.
Docker will automate local provisioning, make onboarding easier while orchestration tools like Kubernetes will prepare you for unexpected events

One of the biggest challenges during the Cloud architecture design is to prepare a legacy application for the cloud. Different unexpected issues emerge. Inability to support backward compatible migrations, performance issues, slow and difficult updates, you name it.
This is where Cloud providers and teams of professionals come to the rescue!
Utilization of cloud services for even 50% of their capabilities provides you with a better setup. Use CDN solution for better content delivery, automate environment provisioning, implement full control over resource usage - this is just a short list of a free-of-cost improvements that available nowadays.
Even 50% of the full capacity is better than continuous struggle after all, right?

While various new opportunities provide you with a better infrastructure, each of them bring new challenges, as instead of taking care of a single system one needs to manage a list of new potential sources of break-ins. Any system needs to keep a certain level of security which leads to more and more limitations, protocols and processes. At some point it becomes way too difficult to integrate new technologies, approaches, to share accesses and provide fast onboardings. One can say it's what you need to deal with. But what if there's a way to lighten a burden?
It may sound counter-intuitive, but a good solution lays in application architecture, not in process management.
With current technologies it is possible to delegate a lion's share of security processes to the cloud services! Unification and standardisation do that for you!
EC2 instance connect allows you to stop managing SSH accesses
Identity federation provides a single sign-on features with your beloved provides - Google GSuite, Microsoft Active Directory, even custom ones!
Each major cloud provider gives you the ability to develop your own integrations based on serverless technology - AWS Lambda, Google CloudFunctions, Azure functions - develop'em all!