AWS Well-Architected Framework Demystified and Simplified

The AWS Well-Architected Framework provides general guidance and architectural best practices across the five pillars (explained in the next part of this article) for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. Copy of the architecture can be downloaded from the Link (https://aws.amazon.com/architecture/well-architected). The general guiding principles of the framework are summarized in the form of a mind map to understand easily.

Benefits of The AWS Well-Architected Framework

The AWS Well-Architected Framework helps you understand the benefits and risks of decisions you make while building workloads on AWS. By using the Framework, you will learn operational and architectural best practices for designing and operating reliable, secure, efficient, and cost-effective workloads in the cloud. It provides a way to consistently measure your operations and architectures against best practices and identify areas for improvement.

AWS Well-Architected Tool

I would suggest looking into the Well-Architected Tool while planning and designing the workload for your cloud applications. You can find it here (https://aws.amazon.com/well-architected-tool/). The tool is based on the AWS Well-Architected Framework, developed to help cloud architects build secure, high-performing, resilient, and efficient application infrastructure. It is simple and allows to define the workload and overtime measure the performance and evolve the architecture by comparing it to the latest AWS architectural best practices. The review is questionnaire-based, and a report is produced once performed, followed by improvement plans and milestones.

5 Pillars of The AWS Well-Architected Framework

The AWS well-architected framework is based on 5 pillars of operational excellence, security, reliability, performance efficiency, and cost optimization. While architecting, a synergy is sought among the 5 pillars. Details can be read on the given link (https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/). To aid and add value, I would like to share the experience (while explaining the pillars individually) about the services that you should consider for each pillar.

1. Operational Excellence

It enables the organization to run and monitor systems to deliver business value by continually improving the supporting process and procedures. It consists of five design principles (DP).

My recommendations:

Define good standards and automate where AWS Config and AWS CloudFormation Services can help, respectively. Training your development team to use AWS CodeBuild, AWS Code Commit, AWS CodeDeploy, and AWS CodePipeline to automate the development, build, and deployments. Moreover, monitor and track the performance over time using Amazon CloudWatch. Use AWS CloudTrail and AWS X-Ray to track the API and HTTP calls respectively to assess that nothing is deviating from the policies and changed manually. These services will contribute to operational excellence.

In AWS, you can generate dashboard views of your metrics collected from workloads and natively from AWS. You can leverage CloudWatch or third-party applications to aggregate and present business, workload, and operations level views of operations activities. AWS provides workload insights through logging capabilities including AWS X-Ray, CloudWatch, CloudTrail, and VPC Flow Logs enabling the identification of workload issues in support of root cause analysis and remediation.

Furthermore, you are recommended to review the AWS Operational Excellency Pillar (https://d1.awsstatic.com/whitepapers/architecture/AWS-Operational-Excellence-Pillar.pdf).

2. Security

It will add the ability to protect information systems and assets while delivering business values through risk assessments and mitigation strategies.

My recommendations:

For identity and access management, AWS IAM, AWS STS, MFA Token, and AWS Organization server can help. Implement detective control services like AWS Config, AWS CloudTrail, and Amazon CloudWatch. Infrastructure protection can be achieved using Amazon CloudFront, Amazon VPC, AWS Shield, AWS WAF, AWS Network Firewall, AWS Firewall Manager, and Amazon Inspector. Regarding data protection, consider the implementation of KMS, S3, Elastic Load Balancing, Amazon EBS and Amazon RDS, AWS CloudWatch (like alerts if someone deletes anything), AWS CloudFormation (to get back to running state), and IAM (block access) can help in incident detection and response.

Furthermore, you are recommended to review the following two AWS documents

• AWS Security Pillar (https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf)
• AWS Security Best Practices (https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf)

3. Reliability

An ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.

My Recommendations:

IAM, Amazon VPC, Service Limits, and AWS Trusted Advisor are the key services that can play the role for the foundations. Change management can be performed well using AWS Auto Scaling, Amazon CloudWatch, AWS CloudTrail, and AWS Config. Furthermore, services like Backups, AWS CloudFormation, Amazon S3, Amazon S3 Glacier, and Amazon Route 53 can help for failure management.

Furthermore, you are recommended to review the AWS Reliability Pillar (https://d1.awsstatic.com/whitepapers/architecture/AWS-Reliability-Pillar.pdf).

4. Performance Efficiency

This pillar includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.

My recommendations:

You can select the services like AWS Auto Scaling, AWS Lambda, Amazon Elastic Block Storage (change it to enhance IO and performance over time if required), Amazon S3, and Amazon RDS to meet the performance requirements. To review that the right set of services are in use and to stay up to date on AWS service, visit AWS News Blog regularly.

To monitor the performance, Amazon CloudWatch (dashboard, alarms, matrices, etc.) can help tremendously. Keep in mind the trade-offs while considering AWS SnowBall (a lot of data moving very fast but it may take a week for the data to arrive or use all the bandwidth and have the data in the cloud right away), AWS ElastiCashe (may have outdated data in the cache but improves performance) and CloudFront (same like ElastiChahe, your users may not get the update right away but better performance).

Furthermore, you are recommended to review the AWS Performance Efficiency Pillar to understand this pillar in detail. (https://d1.awsstatic.com/whitepapers/architecture/AWS-Performance-Efficiency-Pillar.pdf).

5. Cost Optimization

The ability to run systems to deliver business value at the lowest price point.

My recommendations:

For expenditure awareness, consider using AWS Budgets, AWS Cost and Usage Report, AWS Cost Explorer, and Reserved Instance Reporting. If you are using reserve instances, ensure that you are using them and not just paying to reserve them. Use cost-effective resources like Spot Instances (though there are trade-offs), Reserve Instances (if you are going to run for years for example), Amazon S3 Glaciers (lower price point possible for archives). To match supply and demand, make use of AWS Auto Scaling and AWS Lambda (if you have serverless components).

Optimize over time using information from AWS Trusted Advisor and by looking at AWS Cost and Usage Reports. On top of it, frequently visit AWS News Blog (https://aws.amazon.com/blogs/aws) to know about new products and feature sets that may help to reduce the cost.

Furthermore, you are recommended to review the AWS Cost Optimization Pillar (https://d1.awsstatic.com/whitepapers/architecture/AWS-Cost-Optimization-Pillar.pdf) and particularly the following URL. https://wa.aws.amazon.com/wat.question.COST_1.en.html

Reference Architectures from AWS

The AWS Architecture Center provides reference architecture diagrams, vetted architecture solutions, Well-Architected best practices, patterns, icons, and more.

You can find Reference Architectures and guidance contributed by AWS cloud architecture experts, including AWS Solutions Architects, Professional Services Consultants, and Partners.

Link: https://aws.amazon.com/architecture

Get maXimum out of it.

AWS also provides a service for reviewing your workloads at no charge. The AWS Well-Architected Tool (AWS WA Tool) is a service in the cloud that provides a consistent process for you to review and measure your architecture using the AWS Well-Architected Framework.

AWS has similarly created AWS Well-Architected Labs, which provides you with a repository of code and documentation to give you hands-on experience implementing best practices.

AWS as well have teamed up with select AWS Partner Network (APN) Partners, who are members of the AWS Well-Architected Partner program. These APN Partners have deep AWS knowledge and can help you review and improve your workloads.