AWS Well-Architected Framework
What is the Well-Architected Framework?
Amazon’s Well-Architected Framework is made up of Five Pillars (Operational Excellence, Security, Reliability, Performance Efficiency and Cost Optimization) which help to provide a stable and consistent base from which to initially design your infrastructure, and to keep referring back to as the infrastructure evolves. The Five Pillars of the Well-Architected Framework are there to serve and guide users from the very start of their AWS cloud journey. Within each pillar the constant theme is monitoring and challenging the current set up and process on a regular basis, as your infrastructure and organization continues evolves.
Why should I use the architected framework?
By using the five AWS pillars, you can continue to challenge your designs and logic from different views as your organization’s needs change. They can also help you to look at your environments more holistically and objectively pinpoint where significant priorities and actions need to be made.
The Pillars
Operational Excellence
It was introduced to encourage cloud architects to continually re-evaluate their existing environments and the processes around them. This pillar also encourages teams to get into good process habits such as commentary for audit trails, only making small, easily-reversible changes and always considering potential failure when building.
A great way to start with this pillar is to increase your usage of automation and get into the routine of using CloudFormation for all operations and configurations. The benefit of using Infrastructure as Code (IaC) is its consistency, speediness and the lower costs for projects to be created and deployed. To help with this pillar and instill more confidence in using IaC, we launched the CloudFormation Template Scanner in beta for Cloud Conformity customers. The tool tests your CloudFormation scripts before deployment so only the cleanest and most secure templates make it to your environments.
It’s also important to regularly review and challenge the operations behind your environments and team.
AWS instead want to keep security high up on the agenda and do this by using the Shared-Responsibility Model. Ultimately it is the user’s responsibility when it comes to the security in the cloud. It’s important that security is looked at from all angles and on multiple levels: before construction with security-led design, during use with proactive risk assessments and after incident mishaps with well-rehearsed and practiced plans.
Have a look at your own infrastructure to see how well you’re following security best practice. For example when using AWS IAM
- How much activity is there on the root user account?
- How often are you your access keys automatically rotated?
- Which IAM users can be deleted now?
Reliability
The pillar of reliability seems like a bit of a no-brainer but you’d be surprised at how often it’s not thought about in its entirety. Not only does it involve recovery from failure or service disruptions, but it also includes the issue of capacity management and scalability. Once again, AWS wants to encourage architects to start from a solid foundation from which changes can be easily and dynamically made.
The use of CloudFormation scripts can help in recovery by creating a Clean Room for deeper and more secure investigation, as can scheduling time to practice and test these very processes.
Performance Efficiency
This pillar is all about computing resources, their ability to meet requirements and to evolve as needs change. Allowing your architecture to be flexible and creative will open up more possibilities, and more than likely you’ll find yourself employing various approaches to suit different workloads.
It’s important to collect data for frequent review to check your infrastructure is working as efficiently as it can. Using any of the AWS monitoring services will help you to know if performance is below the expected and any calls need immediate action. Setting limits here is another great way to heighten performance ability.
Serverless architecture can be a great win for this pillar, as can the use of AWS Lambda and AWS CloudFront to reduce latency. Experiment often to see what works best where — it’s through this continuous review and testing that you’ll be shown where some easy compromises can be made for the benefit of the entire infrastructure.
Cost Optimization
One of the greatest benefits of using AWS Cloud is the lower costs vs on-prem or data centre setups. However as we’ve often seen, this hasn’t always followed through in reality simply because of oversights and short-term plans.
The best cost optimization model is the utilization and consumption approach. With this you’ll be better equipped to understand what a realistic and economical spend should look like for your projects and workloads. Once again, taking the time to monitor and allocate costs and data will be your friend in the long term here.
While there may be times of compromise or trade-offs such as lengthier processing times for lower costs (or vice versa), by understanding how services like AWS Glacier (archived data) and CloudFormation (automation) can ultimately give you the more significant economical impact, you can prioritize more easily. It’s also hugely beneficial to be aware of the various instance types available as AWS continue to introduce varying versions with cost benefits dependent on your workloads.
Reference: https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf