AWS Well Architected Framework

What We Will Cover

• The Well-Architected Framework

• Key Best Practices

• How to Get Started

• Resources

Main Pillars

Security Reliability Performance

Efficiency

Cost

Optimization

Account

Access Keys

Network

Services

High Availability

Load Balancing

Backup and DR

Auto Scaling

Right-Sizing

Benchmarking

Load Testing

Monitoring

Managed-

Services

Cost Awareness

Tagging

General Design Principles

• Secure from the Start

• Stop Guessing your Capacity Needs

• Test Systems at Production Scale

• Lower the Risk of Architecture Change

• Automate to make Architectural Experimentation Easier

• Allow for Evolutionary Architectures

Security

Security Reliability Performance

Efficiency

Cost

Optimization

Security

The ability to protect information, systems and assets while

delivering business value through risk assessments and

mitigation strategies.

• Data Protection

• Privilege Management

• Infrastructure Protection

• Detective Controls

Security: Shared Responsibility

AWS Foundation Services

Compute Storage Database Networking

AWS Global

InfrastructureRegions

Availability ZonesEdge

Locations

Client-side Data

Encryption

Server-side Data

EncryptionNetwork Traffic

Protection

Platform, Applications, Identity & Access Management

Operating System, Network, and Firewall Configuration

Customer applications & contentC

usto

mers

Security: Credentials

• As soon as you Create a new AWS Account Enable MFA

• Use Identity and Access Management Service (IAM) to

Create Users, even if its only 1

• Protect all of your Credentials

• DO NOT place Access Keys in Code…EVER!

'key' => '1111-2222-3333-4444-5555’,'secret' => 'aaaa-bbbb-cccc-dddd-eeee',

Security: EC2 Role

1: Create EC2 roleCreate role in IAM service with

limited policy2: Launch EC2 instanceLaunch instance with role

3: App retrieves credentialsUsing AWS SDK application

retrieves temporary credentials

4: App accesses AWS resource(s)Using AWS SDK application uses

credentials to access resource(s)

Instance

Security: Network and Boundary

• Security Groups are Built-in Stateful Firewalls

• Divide Layers of the Stack into Subnets

• Use a Bastion Host for Access

• Implement Host Based Controls

Two Layers with Security Groups

Availability Zone A

User

Availability Zone B

WEB

Server

RDS DB Instance

Web Subnet A

DB Subnet A

WEB

Security Group

DB

Security Group

Security: Instance, Monitoring and Auditing

• Configure Encryption Everywhere Possible

• Configure CloudTrail Service

• Configure VPC Flow Logs

• Collect all Logs Centrally and Alert

Virtual Private

Cloud

Identity &

Access

Manager

Key

Management

Service

CloudTrail AWS

Config

Reliability

Security Reliability Performance

Efficiency

Cost

Optimization

Reliability

The ability of a system to recover from infrastructure or

service failures, dynamically acquire computing resources

to meet demand and mitigate disruptions such as

misconfigurations or transient network issues.

• Foundations

• Change Management

• Failure Management

Reliability: High Availability

• No Single Point of Failure

• Multiple Availability Zones

• Load Balancing

• Auto Scaling and Healing

Multi AZ, Load Balanced, Auto Scaled

Availability Zone A

Amazon

Route 53User

Availability Zone B

Elastic Load

Balancing

WEB

ServerWEB

Server

WEB

Server

WEB

ServerWEB

Server

WEB

Server

RDS DB Instance

StandbyRDS DB Instance

Active

Auto Scaling

Group

Web Subnet A Web Subnet B

DB Subnet A DB Subnet B

Amazon

S3

Amazon

CloudWatch

Reliability: Monitoring and Alerting

• Monitoring

• Notification

• Automated Response

• Review

Amazon

CloudWatch

CloudWatch

Alarm

Amazon

SNS

Amazon

CloudWatch

Logs

AWS

Lambda

Reliability: Backup and DR

• Define Objectives

• Backup Strategy

• Periodic Recovery Testing

• Automated Recovery

• Periodic Reviews

Performance Efficiency

Security Reliability Performance

Efficiency

Cost

Optimization

Performance Efficiency

The ability to use computing resources efficiently to meet

system requirements and to maintain that efficiency as

demand changes and technologies evolve.

• Compute

• Storage

• Database

Performance Efficiency: Right Sizing

• Reference Architecture

• Quick Start Reference Deployments

• Benchmarking

• Load Testing

• Cost / Budget

• Monitoring and Notification

Performance Efficiency: Proximity and Caching

• Content Delivery Network (CDN)

• Database Caching

• Reduce Latency

• Pro-active Monitoring and Notification

Amazon

CloudFront

Amazon

ElastiCache

RDS DB

instance read

replica

Multi AZ, Load Balanced, Auto Scaled, Caching

Availability Zone A

Amazon

Route 53UserAmazon

CloudFront

Availability Zone B

Elastic Load

Balancing

RDS DB Instance

Read Replica

WEB

ServerWEB

Server

WEB

Server

ElastiCache RDS DB Instance

Read Replica

WEB

ServerWEB

Server

WEB

Server

ElastiCacheRDS DB Instance

StandbyRDS DB Instance

Active

Auto Scaling

Group

Web Subnet A Web Subnet B

DB Subnet A

AWS WAF

Amazon

S3

Amazon

CloudWatch

DB Subnet B

Cost Optimization

Security Reliability Performance

Efficiency

Cost

Optimization

Cost Optimization

The ability to avoid or eliminate unneeded cost or

suboptimal resources.

• Matching Capacity and Demand

• Cost-effective Resources

• Expenditure Awareness

• Optimising Over Time

Cost Optimization: Capacity Matching

• Demand Based

• Queue Based

• Schedule Based

• Appropriately Provisioned

• Instance Matching

• Pro-active Monitoring and Action

Amazon

SQS

Optimized

instance

Amazon

SWF

Cost Optimization: Pricing Model

• On Demand

• Reserved

• Spot

• Automated Turn Off

Cost Optimization: Managed Services

• Analyze Available Services

• Appropriate Databases

• Consider Application Level Services

• Automation: CloudFormation, Elastic Beanstalk

Amazon

RDS

Amazon

DynamoDB

Amazon

Redshift

Amazon

ElastiCache

AWS

CloudFormation

AWS

Elastic

Beanstalk

Amazon

Elastisearch

Service

Cost Optimization: Manage Expenditure

• Tag Resources

• Track Project Lifecycle and Profile Applications

• Monitor Usage and Spend

• Cost Explorer

• Partner Tools

Trusted Advisor

Trusted Advisor

Enterprise-Level Support

Offers resources for customers running business & mission-

critical workloads on AWS, as well as any customers who:

• Focus on proactive management to increase efficiency and

availability

• Build well-architected, well-operated solutions

• Leverage AWS expertise to support launches and

migrations