Designing and running workloads in the cloud is complex. Many services need to fit together in just the right way for optimal performance. The opportunity for error lurks around every corner. This is a high-stakes game with a huge premium on getting things right from the beginning. Even small mistakes can snowball.
To help, AWS studied the architectures of thousands of its customers and supplemented that learning with insights from experts. That process led to the Well-Architected Framework, a set of principles, recommendations, and best practices for building systems in the cloud.
The AWS Well-Architected Framework includes key questions, across five pillars:
- Operational excellence
- Performance efficiency
- Cost optimization
Your answers will reveal how closely your architecture follows cloud best practices and will identify areas for improvement. From there, the Well-Architected Framework provides guidance for improvement in any deficient areas. The framework can be used to evaluate an existing architecture or a new one.
In this article, we’ll take a closer look at the AWS Well-Architected Framework’s purpose, principles and pillars, along with tools that can expand its effectiveness.
AWS developed the Well-Architected Framework to help teams build high-performing cloud infrastructures that are reliable, secure, efficient, and cost-effective. It can help everyone understand the tradeoffs and pros and cons that come with the dozens of intricate decisions required to build systems on AWS.
The framework can be especially helpful for teams moving to the cloud from a more traditional, on-premises, data-center background. In these cases, the Well-Architected Framework helps repay technical debt and gets everyone on the same page with a common set of cloud best practices to follow. As the gold standard for cloud guidance, it can also align the infrastructure team with other stakeholders throughout the organization, including business executives and those from security and compliance teams.
Let’s face it. There’s no shortage of things that can go wrong when building cloud-based applications on AWS. Once adopted, the Well-Architected Framework can help you proactively identify areas of weakness in your architecture and provide guidance on how to fix them before more serious consequences kick in.
The AWS Well-Architected Framework includes an overall set of design principles to help you build high-quality, modern cloud architectures. These principles are embedded in the five pillars, each of which also has its own unique set of principles and best practices.
While all the pillars are important, at times you may need to prioritize and make tradeoffs between them based on your business needs. That said, it’s usually not recommended to make any tradeoff that might deprioritize operational excellence or security.
We’ll highlight one or more design principles for each pillar, along with Stackery recommended best practices.
This pillar focuses on improving processes and procedures so that workloads run as effectively as possible and support desired business outcomes.
Highlighted design principle: Make frequent, small, reversible changes
This is where innovation in the cloud comes from. Try new things. Test them out. Make continuous small improvements that turn into big wins over time. But do it in a step-by-step, iterative fashion and always with the ability to hit the undo button and revert to the previous version quickly. That way, if something goes awry, the blast radius is minimal.
Stackery’s take:Your system needs the ability to make, validate and maintain fast-paced, small changes without losing what was in place before. This is where continuous integration and deployment comes into play. Learn how Stackery can help.
Continually improve your cloud security measures to protect your data, systems, assets, and users.
Highlighted design principle: Implement a strong identity foundation
Implement strong identity controls and permissions management. Only grant least privileged access.
Stackery's take:Stackery can help by automatically generating tightly-scoped IAM roles between the resources you specify in our Design Canvas.
Highlighted design principle: Enable traceability
Gain and maintain real-time visibility of your environment. Integrate logging and track metrics, so you can be notified when issues arise.
Stackery's take:Enable traceability by configuring service and application logging. Stackery enables logging for many services. For example, we provide deep-links into AWS logging services like CloudWatch.
Highlighted design principle: Protect data in transit and at rest
Not all data types are equally critical and should be handled differently. To do so requires assigning a sensitivity level to each piece of data. Then, you’ll know when it’s necessary to use encryption, tokenization and access control.
Stackery's take: Stackery will enable encryption for many supported resources on our Design Canvas, including S3 buckets. Stackery can also disable public access, unless a customer expresses a need to host a public website via S3 vs. Amazon CloudFront.
Cloud workloads should perform intended functions as expected. To ensure this, workloads should be tested throughout their lifecycles.
Highlighted design principle: Manage change in automation
Use automation to make changes to your infrastructure, but don’t forget to manage, track and review changes to the automation itself.
Stackery's take:Deploy using an immutable infrastructure and implement change with automation. Predictable, repeatable, infrastructure changed through automation provides a stable platform for your apps. If you’re using a managed API service like HTTP Gateway instead of a custom EC2 instance, you can easily ensure the same API behavior across every environment you have, and changes to the API can be rolled out through a deployment, not manual clicks in the AWS Mangement Console.
Meet or surpass requirements while using computing resources as efficiently as possible, even when demand shifts or technologies change.
Highlighted design principle: Use serverless architectures
Serverless architectures come with many advantages, including removing the burden and cost of running and maintaining physical servers.
Stackery's take:When [selecting] (https://docs.aws.amazon.com/wellarchitected/latest/performance-efficiency-pillar/compute-architecture-selection.html) a compute architecture, you can offload server management to AWS while retaining a choice between containers and microservice functions. With AWS Fargate and AWS Lambda, both long-lived container-based services and short-burst function-based services can be consumed on-demand with built-in scaling controls to ensure your workload is only consuming what it needs to perform.
Meet or exceed business objectives at the lowest possible price point.
Highlighted design principle: Stop spending money on undifferentiated heavy lifting
Whenever possible and it makes financial sense, offload infrastructure work that is outside your company’s core competency.
Stackery's take:Similar to shifting the responsibility for physical space, power, cooling, and networking to AWS for VMs, you can also offload the creation, maintenance, and operation of services from the compute, storage, database, and application layers. Read more
Managed services can extend these benefits, allowing you to predictably deploy and modify architectures, all within a performance and scaling profile that meets your needs. These shifts let you focus your energy and time on your customers and business. Don’t let sticker shock scare you. Using managed services often makes a lot of sense once you consider the hidden costs of operating cloud VMs or running your own data center from the ground up. As Corey Quinn often points out, you’ll miss the forest for the trees.
Stackery makes it simple to connect managed services together and automate the deployment and management of them over any number of environments.
Amazon offers tools to help your organization follow Well-Architected Framework best practices.
Free to use, the AWS Well-Architected Tool prompts you to define your workload and answer questions across the framework’s five pillars. You can complete this exercise alone or work with an AWS Solutions Architect or expert from a validated AWS Partner who will lead you through the questions and capture your answers. The tool will identify risk areas and provide a plan to shore them up. From that point, you can use milestones to track your improvements. Some companies establish internal pass-rate thresholds they must meet, such as 90 percent, before launch. This way, they have more assurance they are getting the most out of their AWS infrastructures before they go live. Sign in to the AWS Management Console to give the Well-Architected Tool a try.
Lenses provide additional guidance tailored to specific industry and technology use cases.
Each lens includes its own questions, best practices and improvement plan. Combine the lens or lenses most applicable to your workload with the Well-Architected Framework and the Well-Architected Tool for a comprehensive evaluation.
Stack.new is a public tool from Stackery that automatically produces visualization and audit of your Infrastructure as Code when you paste in the link to one of your AWS CloudFormation templates. Stack.new performs several checks to make sure your template is following best practices, including some based on the AWS Well-Architected Framework.
For example, stack.new will use the Well-Architected Framework security pillar best practices to ensure your IAM roles, policies and permissions are set up correctly. When issues are identified, stack.new provides links to learning materials that will help you fix them.
Now, there’s nothing stopping you from designing and building best-practice-based modern, cloud architectures that are secure, resilient, efficient and cost-effective. The AWS Well-Architected Framework’s design principles, best practices and guidance provided across five key pillars gives you a clear map to find your way. You can refine your workloads even more by using the AWS Well-Architected Tool and Lenses. When you build stable and high-performing systems from the start, you’ll have more time to focus on functional requirements and development.
Before jumping into a full evaluation of your infrastructure, use stack.new for a quick visualization and audit. Just drop-in the link to one of your CloudFormation templates and stack.new will automatically check it against several best practices, so you can quickly see how you’re doing.
How CCD falls short for developers and teams