AWS Well-Architected Framework
The AWS Well-Architected Framework is the set of best practices used by AWS Solutions Architects and other engineers on a daily basis to design efficient applications on the cloud. Amazon has designed this framework based on six pillars - operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability. Let's understand what makes up this framework and how you can use tools like the AWS Well-Architected Tool to measure your efficiency.
The AWS Well-Architected Framework is a set of guidelines created by Amazon to help you understand the pros and cons while developing systems on AWS. The Framework enables you to use the best practices for designing and operating secure, reliable, efficient, cost-effective, and sustainable workloads in AWS. It documents a set of foundational questions that allows you to check if your system is aligned with the Framework's guidelines, and provides suggestions to remediate any deviations.
The AWS Well-Architected Framework can be used by chief technology officers, architects, developers, and operations team members. AWS provides a tool called the AWS Well-Architected Tool to help evaluate and review your workloads at no charge. We will be discussing how to use this tool in later sections.
Before we jump into the depths of the AWS Well-Architected Framework, let's first understand some standard definitions AWS uses:
- Component: The code, configuration, and AWS Resource that collectively make up a single requirement in your system.
- Workload: A set of components that together deliver business value.
- Architecture: Describes how components work together in a workload. Helps one understand how components communicate and interact.
- Milestones: Key changes in your architecture as you continue to develop and improve your system.
- Technology Portfolio: Collection of workloads within an organization that is required for the business to operate.
The AWS Well-Architected Framework consists of six pillars. We will be describing these pillars in detail later, but for now, here is a short description of each pillar.
|Support development and run workloads effectively. Gain insight into their operations and continuously improve.
|Protect data, systems, and assets to improve security posture.
|Ability of workload to perform its intended function correctly and consistently when it's expected to.
|Ability to use computing resources efficiently to meet system requirements.
|Ability to run systems cost-effectively and deliver business value at the lowest price point.
|Ability to improve sustainability impacts by reducing energy consumption, maximizing the benefits from previous resources, and minimizing the total resources required.
General Design Principles
The AWS Well-Architected Framework defines a set of general design principles:
- Stop Guessing Your Capacity Needs: Instead of guessing your capacity needs, with the power of cloud computing you can use as much or as little capacity as you need, and scale up and down automatically.
- Test Systems At Production Scale: In the cloud, create a production-scale test environment on demand, test your workloads, and then decommission the resources. You can simulate your live environment for a fraction of the cost of testing on premises.
- Automate To Make Architectural Experimentation Easier: Automation will enable you to create and replicate your workloads at a low cost and avoid the expense of manual effort. It also enables you to track historical changes and revert to previous versions.
- Allow For Evolutionary Architecture: Instead of slow architectural decisions, use the cloud to automate and test on demand with lower risk. This allows systems to evolve over time as the business scales and take advantage of the latest innovations.
- Drive Architectures Using Data: You can collect data on how architectural choices affect the behavior of your workload and then use this data to make decisions on how to improve your workload.
- Improve Through Game Days: Test your architecture by scheduling "game days" to simulate events in production. Use this data to help you understand where improvements can be made.
The Six Pillars of AWS Well-Architected Framework
Let's explore the six pillars of the AWS Well-Architected Framework in detail. For each pillar, we will be covering the definition, design principles, and best practices with an example question.
For each "pillar", create one image similar to the above picture. So for example for "Operational Excellence", create one image which has a gear or something like that.
Definition: The Operational Excellence pillar is about supporting the development and running of workloads effectively. It enables you to gain insight into your workload's operations and continuously improve.
- Perform operations as code
- Make frequent, small, reversible changes
- Refine operations procedures frequently
- Anticipate failure
- Learn from all operational failures
- Organization: Ensure that your team understands your workloads and that the architecture is organized systematically. Ex: OPS 2: How do you structure your organization to support your business outcomes?
- Prepare: Design your workloads so that it provides the information necessary to track internal state-like health metrics. This should enable you to anticipate issues and rapidly overcome them. Ex: OPS 5: How do you reduce defects, ease remediation, and improve flow into production?
- Operate: Establish health metric baselines for improvement, collect and analyze your metrics, and then validate your understanding of operations success and how it changes over time. Ex: OPS 8: How do you understand the health of your workload?
- Evolve: Continuously improve your workloads by adopting improved procedures and enhancing operations. Ex: OPS 11: How do you evolve operations?
Definition: The Security pillar is dedicated to guidelines on how to protect data, systems, and assets and improve security posture.
- Implement a strong identity and access foundation
- Enable traceability of your resources with monitoring and logging
- Apply security at all layers
- Automate security best practices
- Protect data in transit and at rest
- Keep people away from data
- Prepare for security events
- Security: Ensure you have accounted for the industry's best practices in every area of security while designing your workloads. Ex: SEC 1: How do you securely operate your workload?
- Identity and Access Management: Ensure you follow the principle of least privilege and provide security permissions only when required. Use AWS IAM to manage permissions. Ex: SEC 3: How do you manage permissions for people and machines?
- Detection: Perform internal audits and monitor events using AWS CloudTrail logs to detect security threats or incidents. Ex: SEC 4: How do you detect and investigate security events?
- Infrastructure Protection: Ensure your infrastructure is protected from unauthorized security threats with appropriate network protocols. Ex: SEC 5: How do you protect your network resources?
- Data Protection: Encrypt your data at rest and in transit. Ex: SEC 8: How do you protect your data at rest? `
- Incident Response: Have a plan in place for security incidents. Ex: SEC 10: How do you anticipate, respond to, and recover from incidents?
Definition: The Reliability pillar deals with the ability of your workload to perform its intended function correctly and consistently when it's expected to.
- Automatically recover from failure
- Test recovery procedures
- Scale horizontally to increase aggregate workload availability
- Stop guessing capacity
- Manage change through automation
- Foundations: Understand your foundational requirements and design constraints beforehand. Ex: REL 1: How do you manage service quotas and constraints?
- Workload Architecture: Follow the standard patterns to ensure stable workload architecture and use tools like the AWS SDKs to take the complexity out of coding for AWS Services. Ex: REL 3: How do you design your workload service architecture?
- Change Management: Accommodate for changes imposed on your workloads such as spikes in demand or security patches. Ex: REL 7: How do you design your workload to adapt to changes in demand?
- Failure Management: Anticipate failures and ensure your workloads have failure management systems in place. Ex: REL 11: How do you design your workload to withstand component failures?
Definition: The Performance Efficiency pillar deals with the ability of your workloads to use computing resources efficiently to meet system requirements.
- Democratize advanced technologies by delegating complex tasks to your external vendor
- Go global in minutes
- Use serverless architectures
- Experiment more often
- Understand how your cloud services are consumed and align technology accordingly
- Selection: Select the most optimal compute, storage, database, and network resources based on your workload's requirements. Ex: PERF 1: How do you select the best-performing architecture?
- Review: Continuously review your workload's architecture and evolve your selection based on the current needs. Ex: PERF 6: How do you evolve your workload to take advantage of new releases?
- Monitoring: Ensure you have the right monitoring tools in place and take advantage of AWS Services like AWS CloudWatch. Ex: PERF 7: How do you monitor your resources to ensure they are performing?
- Tradeoffs: Depending on your workload, you could trade consistency, durability, and space for time or latency, to deliver higher performance. Ex: PERF 8: How do you use tradeoffs to improve performance?
Definition: The Cost Optimization pillar pertains to running systems cost-effectively and delivering business value at the lowest price point.
- Implement Cloud Financial Management
- Adopt a consumption model, where you pay only for what you use
- Measure the overall efficiency of the workload and the cost associated
- Stop spending money on undifferentiated heavy lifting, like data center operations
- Analyze and attribute expenditure
- Practice Cloud Financial Management: Use tools like AWS Cost Explorer and Amazon QuickSight to find optimization in your monthly billing. Ex: COST 1: How do you implement cloud financial management?
- Expenditure and usage awareness: Add tags and other tracking tools to AWS resources to track the usage and expenses across different teams and accounts. Ex: COST 3: How do you monitor usage and cost?
- Cost-effective resources: Select the AWS resources that provide the best performance for the dollar. Use "Savings Plans" and "Spot Instances" to save on monthly billing. COST 7: How do you use pricing models to reduce cost?
- Manage demand and supply resources: Supply resources to match the workload demand at the time they're needed and do not over-provision. Use tools like auto-scaling and throttling to manage supply and demand. Ex: COST 9: How do you manage demand, and supply resources?
- Optimize over time: Evaluate new services and switch to more cost-effective AWS resources over time. COST 10: How do you evaluate new services?
Definition: The Sustainability pillar defines how to improve sustainability impacts by reducing energy consumption, maximizing the benefits from previous resources, and minimizing the total resources required.
- Understand your resource impact
- Establish sustainability goals
- Maximize utilization of resources
- Anticipate and adopt new, more efficient hardware and software offerings
- Use managed services
- Reduce the downstream impact of your cloud workloads
- Region selection: Select the AWS Regions based on both business requirements and sustainability goals. Ex: SUS 1: How do you select Regions to support your sustainability goals?
- User behavior patterns: Scale infrastructure to continually match user load and ensure that only the minimum resources required to support users are deployed. Ex: SUS 2: How do you take advantage of user behavior patterns to support your sustainability goals?
- Software and architecture patterns: Implement designs for maintaining consistent high utilization of deployed resources, to minimize the resources consumed. Ex: SUS 3: How do you take advantage of software and architecture patterns to support your sustainability goals?
- Data patterns: Monitor data usage patterns, then eliminate redundancies and unused data. This saves both compute and storage resources. Ex: SUS 4: How do you take advantage of data access and usage patterns to support your sustainability goals?
- Hardware patterns: Look for opportunities to reduce workload sustainability impacts by making modifications to your hardware management practices. Ex: SUS 5: How do your hardware management and usage practices support your sustainability goals?
- Development and deployment patterns: Try to find optimizations to reduce your sustainability impact by making changes to your development, test, and deployment practices. Ex: SUS 6: How do your development and deployment processes support your sustainability goals?
Need for AWS Well-Architected Framework
The AWS Well-Architected Framework provides the best practices for developing applications on the cloud. Here are a few points that highlight the importance of the AWS Well-Architected Framework:
- Standard Guidelines From Amazon: The AWS Well-Architected Framework is the official, standard guideline from Amazon, which has years of experience in building cloud applications and systems from the ground up. These guidelines serve as a common point of reference for all engineers.
- On-Prem To Cloud Migration: The AWS Well-Architected Framework can assist teams who are moving on-prem workloads to the cloud, and provide the most efficient path for the migration.
- Security And Compliance: AWS Well-Architected Framework provides security guidelines that improve the security posture of your application. This enables you to secure your application and protect your customers from cyber threats.
AWS Well-Architected Tool
The AWS Well-Architected Tool is a service that enables you to measure your architecture against AWS best practices.
Its main functions include:
- Documenting the architectural decisions you make
- Providing recommendations for improving your workload based on best practices
- Guiding you in making your workload more efficient, secure, reliable, and cost-effective
Here are a few definitions that are associated with the AWS Well-Architected Tool:
- Workload: Set of components that deliver business value. Workloads can be as simple as a static website or as complex as a microservice architecture with multiple data stores.
- Milestone: Key changes in your architecture as it evolves throughout the product lifecycle - design, testing, and production.
- Lens: The guidelines to consistently measure your architectures against best practices and identify areas for improvement.
- High-Risk Issues (HRIs): Architectural and operational decisions that AWS has found might result in a significant negative impact to a business.
- Medium Risk Issues (MRIs): Architectural and operational decisions that AWS has found might negatively impact a business, but lesser than HRIs.
How to Use AWS Well-Architected Tool?
The AWS Well-Architected Tool can be accessed from the AWS Console. In the tool, you define your workload by answering a few questions which are drawn from the AWS Well-Architected Framework. Once you have completed answering all the questions, AWS will utilize the AWS Well-Architected Lens and provide you with a list of High-Risk Issues and a list of Medium Risk Issues, like below:
Once you have addressed these issues in your workload, you can create a new milestone to mark these improvements and update your answers. AWS will then automatically clear the associated risks and update the improvement plan.
For a more detailed tutorial, you can refer to AWS Official Documentation, linked here.
Example of AWS Well-Architected Tool
Let's understand how the AWS Well-Architected Tool can enhance your workloads with a few example improvements:
|Deploy code automatically using AWS CodeDeploy and AWS CloudFormation Templates.
|Use IAM Roles to secure resource and API access; provide granular permissions.
|Implement AWS CloudWatch Alarms and Logging to alert you of critical incidents and enable you to take action quickly.
|Add Compute resources under an Auto Scaling Group with a defined policy to your workloads, so that they can meet the demand but not be over-provisioned.
|Move infrequently accessed data and files to cheaper storage solutions like snapshots or AWS S3 Glacier.
|Update workloads to use more power-efficient resources which can be cheaper but provide the same performance.
AWS Well-Architected Lenses
The AWS Well-Architected Lens is the set of guidelines that use the AWS Well-Architected Framework to define how your architecture measures up against the best practices and illustrates how your workloads can be improved.
Along with the AWS Well-Architected Lens, there are a few other lenses available as well like AWS Serverless Application Lens (for serverless applications), AWS SaaS Lens (for Software as a Service applications), and the AWS Foundational Technical Review (FTR) Lens (for independent software vendors).
- The AWS Well-Architected Framework is a set of guidelines created by Amazon to help you understand the pros and cons while developing systems on AWS.
- There are six pillars in the AWS Well-Architected Framework - operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability.
- The AWS Well-Architected Framework has many uses like - being the Standard Guidelines from Amazon, helping to navigate an On-Prem To Cloud Migration, and enabling best practices in Security And Compliance.
- The AWS Well-Architected Lenses is a way to use the AWS Well-Architected Framework systematically.
- The AWS Well-Architected Tool uses the AWS Well-Architected Lenses to analyze your workloads, provides a list of High-Risk Issues and Medium Risk Issues, and suggests improvements.