PILLARS of AWS Well Architectured Framework

SECURITY

Protecting data at rest:

Enforce encryption at rest: Enforce your defined encryption requirements based on the latest standards and best practices to help protect your data at rest.

Protecting data in transit:

1. Define data protection in transit requirements, such as encryption standards, based on data classification to meet your organizational, legal, and compliance requirements.
2. Best practices are to encrypt and authenticate all traffic, and to enforce the latest standards and ciphers.
3. Implement secure key and certificate management: Store encryption keys and certificates securely and rotate them with strict access control; for example, by using a certificate management service such as AWS Certificate Manager or Sectigo.
4. Enforce encryption in transit: Enforce your defined encryption requirements based on the latest standards and best practices to help you meet your organizational, legal, and compliance requirements.
5. Automate detection of data leak: Use a tool or detection mechanism to automatically detect attempts to move data outside of defined boundaries; for example, to detect a database system that is copying data to an unknown host.
6. Authenticate network communications: Verify the identity of communications by using protocols, such as Transport Layer Security (TLS) or IPsec, to reduce the risk of data tampering or loss.

Responding to an incident:

1. Pre-provision access: Ensure that security personnel has the correct access pre-provisioned into AWS so that an appropriate response can be made to an incident.
2. Pre-deploy tools: Ensure that security personnel has the right tools pre-deployed into AWS so that an appropriate response can be made to an incident.
3. Run game days: Practice incident response game days (simulations) regularly, incorporate lessons learned into plans, and continuously improve responses and plans.

RELIABILITY

Manage service limits:

1. Monitor and manage limits.
2. Accommodate fixed service limits through architecture.
3. Ensure a sufficient gap between the current service limit and the maximum usage to accommodate failover.
4. Manage service limits across all relevant accounts and regions

Manage your Network Topology:

1. Use highly available connectivity between private addresses in public clouds and on-premises environments.
2. Enforce non-overlapping private IP address ranges in multiple private address spaces where they are connected.
3. Ensure IP subnet allocation accounts for expansion and availability.
4. Use highly available network connectivity for the users of the workload.

The system adapts to changes in demand:

1. Procure resources upon detection of lack of service within a workload
2. Procure resources manually upon detection that more resources may be needed soon for a workload.
3. Load test the workload.
4. Procure resources automatically when scaling a workload up or down.

Monitor your resources:

1. Monitor the workload in all tiers.
2. Send notifications based on the monitoring.
3. Perform automated responses on events.
4. Conduct reviews regularly

 Implement change:

Deploy changes with automation

Back-up data

1. Perform periodic recovery of the data to verify backup integrity and processes: Validate that your backup process implementation meets Recovery Time Objective and Recovery Point Objective through a recovery test.
2. Secure and encrypt backups or ensure the data is available from a secure source for reproduction.
3. Detect access via authentication and authorization like AWS IAM, and detect data integrity compromise by using encryption.

System withstand component failures

1. Implement graceful degradation to transform applicable hard dependencies into soft dependencies:
2.  When a component's dependencies are unhealthy, the component itself does not report as unhealthy. It can continue to serve requests in a degrading manner.
3. Automating complete recovery because technology constraints exist in parts or all of the workload requiring a single location: Elements of the workload can only run in one Availability Zone or one data center, requiring you to implement a complete rebuild of the workload with defined recovery objectives.
4. Deploy the workload to multiple locations: Distribute workload load across multiple Availability Zones and AWS Regions (for example, DNS, ELB, Application Load Balancer, and API Gateway). These locations can be as diverse as needed.
5. Automate healing on all layers: Use automated capabilities upon detection of failure to perform an action to remediate.

Test Resilience

1.  Use playbooks for unanticipated failures: You have playbooks for failure scenarios that have not been anticipated to identify root causes and assist in strategies for prevention or mitigation.
2. Inject failures to test resiliency: Test failures regularly, ensuring coverage of failure pathways.
3. Conduct game days regularly: Use game days to regularly exercise your failure procedures with the people who will be involved in actual failure scenarios.

 Plan for Disaster Recovery

1. Define recovery objectives for downtime and data loss: The workload has a recovery time objective (RTO) and recovery point objective (RPO).
2. Use defined recovery strategies to meet the recovery objectives: A disaster recovery (DR) strategy has been defined to meet objectives.
3. Test disaster recovery implementation to validate the implementation: Regularly test failover to DR to ensure that RTO and RPO are met.
4. Manage configuration drift on all changes: Ensure that AMIs and the system configuration state are up-to-date at the DR site or region, as well as the limits on AWS services.
5. Automate recovery: Use AWS or third-party tools to automate system recovery.

Performance

Select the best performing architecture:

1. Understand the available services and resources.
2. Define a process for architectural choices.
3. Factor cost or budget into decisions.
4. Use policies or reference architectures.
5. Use the guidance from AWS or an APN Partner.
6. Benchmark existing workloads.
7. Load test your workload.

 Select your compute solution:

1. Evaluate the available compute options.
2. Understand the available compute configuration options.
3. Collect computer-related metrics.
4. Determine the required configuration by right-sizing.
5. Re-evaluate compute needs based on metrics.
6. Use the available elasticity of resources.

Select your storage solution:

1. Understand storage characteristics and requirements.
2. Evaluate available configuration options.
3. Make decisions based on access patterns and metrics.

 Select your database solution:

1. Understand data characteristics.
2. Evaluate the available options.
3. Collect and record database performance metrics.
4. Choose data storage based on the access.
5. Optimize data storage based on access patterns and metrics.

 Configure your networking solution:

1. Understand how networking impacts performance.
2. Understand available product options.
3. Evaluate available networking features.
4. Choose a location based on network requirements.
5. Optimize network configuration based on metrics.
6. Use minimal network ACLs.
7. Leverage encryption offloading and load-balancing.
8. Choose network protocols to improve performance.

Evolve your workload to take advantage of new releases:

1. Keep up-to-date on new resources and services.
2. Evolve workload performance over time.
3. Define a process to improve workload performance.

Monitor your resources to ensure they are performing as expected:

1. Record performance-related metrics.
2. Analyze metrics when events or incidents occur.
3. Establish KPIs to measure workload performance.
4. Use monitoring to generate alarm-based notifications.
5. Review metrics at regular intervals.
6. Monitor and alarm proactively: Use KPIs, combined with monitoring and alerting systems, to proactively address performance-related issues. Use alarms to trigger automated actions to remediate issues where possible; escalate the alarm to those able to respond if the automated response is not possible. For example, a system that can predict expected KPI values and alarm when they breach certain thresholds or a tool that can automatically halt or roll back deployments if KPIs are outside of expected values.

Use tradeoffs to improve performance:

1.  Understand the areas where performance is most critical.
2. Learn about design patterns and services.
3. Identify how tradeoffs impact customers and efficiency.
4. Measure the impact of performance improvements.
5. Use various performance-related strategies.

Cost Optimization

Govern usage:

1. Implement an account structure.
2. Implement groups and roles.
3. Implement cost controls.
4. Track project lifecycle.
5. Develop policies based on your organization's requirements. Develop policies that define how resources are managed by your organization. Policies should cover cost aspects of resources and workloads, including creation, modification, and decommission over the resource lifetime. Also, develop cost targets and goals for workloads.

Monitor usage and cost:

1. Configure AWS Cost and Usage Report.
2. Define and implement tagging.
3. Configure billing and cost management tools.
4. Identify cost attribution categories: Identify organization categories that could be used to allocate cost within your organization.
5. Establish organization metrics: Establish the organization metrics that are required for this workload. Example metrics of a workload are customer reports produced or web pages served to customers.
6. Report and notify on cost optimization: Configure AWS Budgets to provide notifications on cost and usage against targets. Have regular meetings to analyze this workload's cost efficiency and to promote cost-aware culture.
7. Monitor cost proactively: Implement tooling and dashboards to monitor cost proactively for this workload; do not just look at costs and categories when you receive notifications. This helps to identify positive trends and promote them throughout your organization.
8. Allocate costs based on workload metrics: Allocate this workload's costs by metrics or business outcomes to measure workload cost efficiency. Implement a process to analyze the AWS Cost and Usage Report with Amazon Athena, which can provide insight and chargeback capability.

Decommission resources:

1. Track resources over their lifetime.
2. Implement a decommissioning process.
3. Decommission resources in an unplanned manner.
4. Decommission resources automatically.
5. Decommission resources in an unplanned manner: Decommission resources on an unplanned basis. This is typically triggered by events such as periodic audits and is usually performed manually.
6. Decommission resources automatically: Design your workload to gracefully handle resource termination as you identify and decommission non-critical resources, resources that are not required, or resources with low utilization.

 Meet cost targets when you select resource type and size:

1. Select resource type and size based on estimates.
2. Select resource type and size based on metrics.
3. Perform cost modeling: Identify organization requirements and perform cost modeling of the workload and each of its components. Perform benchmark activities for the workload under different predicted loads and compare the costs. The modeling effort should reflect potential benefits, for example, time spent is proportional to component cost.

Use pricing models to reduce cost:

1. Perform pricing model analysis: Perform an analysis on the workload using the Reserved Instance or Savings Plans and recommendations feature in AWS Cost Explorer.
2. Implement different pricing models, with low coverage: Implement reserved capacity, Spot Instances, Spot Blocks or Spot Fleet, in the workload but with low coverage, at less than 80 percent of overall recommendations.
3. Implement pricing models for all components of this workload: Permanently running resources have high coverage with reserved capacity, with at least 80 percent of recommendations implemented. Short term capacity is configured to use Spot Instances, Spot Blocks or Spot Fleet.
4. On-demand is only used for short-term workloads that cannot be interrupted, and do not run long enough for reserved capacity: typically 25 to 75 percent of the year, depending on the resource type.
5. Implement regions based on cost: Resource pricing can be different in each region. Factoring in region cost ensures you pay the lowest overall price for this workload.

Plan for data transfer charges:

1. Perform data transfer modeling.
2. Select components to optimize data transfer cost.
3. Implement services to reduce data transfer costs.

Match supply of resources with demand:

1. Perform an analysis on the workload demand.
2. Provision resources reactively or unplanned.
3. Provision resources dynamically: Resources are provisioned in a planned manner. This can be demand-based, such as through automatic scaling; buffer-based, where demand is spread over time with lower overall resourcing used; or time-based, where demand is predictable and resources are provided based on time. These methods result in the least amount of over or under-provisioning.

 Evaluate new services:

1. Review and implement services in an unplanned way.
2. Keep up to date with new service releases.
3. Establish a cost optimization function. Create a team that regularly reviews cost and usage across the organization.
4. Develop a workload review process: Develop a process that defines the criteria and process for workload review. The review effort should reflect potential benefits, for example, core workloads or workloads with a value of over 10% of the bill are reviewed quarterly, while workloads below 10% are reviewed annually.
5. Review and analyze this workload regularly: Existing workloads are regularly reviewed as per defined processes.

Operations

 Determine what your priorities are:

1. Evaluate external customer needs.
2. Evaluate internal customer needs.
3. Evaluate compliance requirements.
4. Evaluate threat landscape.
5. Evaluate the impact of trade-offs between competing interests, to help make informed decisions when determining where to focus operations efforts. For example, accelerating speed to market for new features may be emphasized over cost optimization.
6. Manage benefits and risks to make informed decisions when determining where to focus operations efforts. For example, it may be beneficial to deploy a system with unresolved issues so that significant new features can be made available to customers.

Design your workload so that you can understand its state:

1. Implement application telemetry.
2. Implement and configure workload telemetry.
3. Implement dependency telemetry.
4. Implement user activity telemetry: Instrument your application code to emit information about user activity. For example, clickstreams, or started, abandoned and completed transactions. Use this information to help understand how the application is used, patterns of usage, and to determine when a response is required.
5. Implement transaction traceability: Implement your application code and configure your workload components to emit information about the flow of transactions across the workload. Use this information to determine when a response is required and to assist in identifying the root cause of issues.

 Reduce defects, ease remediation, and improve flow into the production:

1. Use version control.
2. Test and validate changes.
3. Perform patch management.
4. Share design standards.
5. Implement practices to improve code quality.
6. Use multiple environments.
7. Make frequent, small, reversible changes.
8. Use configuration management systems.
9. Use build and deployment management systems.

 Mitigate deployment risks:

1. Plan for unsuccessful changes.
2. Test and validate changes.
3. Test using limited deployments.
4. Deploy frequent, small, reversible changes.
5. Use deployment management systems.
6. Deploy using parallel environments.
7. Fully automated integration and deployment: Automate build, deployment, and testing of the workload. This reduces errors caused by manual processes and reduces the effort to deploy changes.
8. Automate testing and rollback: Automate testing of deployed environments to confirm desired outcomes. Automate rollback to previous known good state when outcomes are not achieved to minimize recovery time and reduce errors caused by manual processes.

 Know that you are ready to support a workload:

1.  Ensure personnel capability.
2. Use runbooks to perform procedures.
3. Make informed decisions to deploy systems and changes.
4. Ensure consistent review of operational readiness: Ensure you have a consistent review of your readiness to operate a workload. The review must include at a minimum the operational readiness of the teams and the workload, and security considerations. Implement review activities in code and trigger automated review in response to events where appropriate, to ensure consistency, speed of execution, and reduce errors caused by manual processes.
5. Use playbooks to identify issues: Playbooks are documented processes to investigate issues. Enable consistent and prompt responses to failure scenarios by documenting investigation processes in playbooks. Implement playbooks as code and trigger playbook execution in response to events where appropriate, to ensure consistency, speed responses, and reduce errors caused by manual processes.

Understand the health of your workload:

1.  Identify key performance indicators.
2. Define workload metrics.
3. Collect and analyze workload metrics.
4. Establish workload metrics baselines.
5. Learn expected patterns of activity for the workload.
6. Alert when workload outcomes are at risk.
7. Alert when workload anomalies are detected.
8. Validate the achievement of outcomes and the effectiveness of KPIs and metrics.

Manage workload and operations events:

1. Use processes for the event, incident, and problem management.
2. Use a process for root cause analysis - Have a process per alert.
3. Prioritize operational events based on business impact.
4. Define escalation paths.
5. Enable push notifications.
6. Communicate status through dashboards: Provide dashboards tailored to their target audiences (for example, internal technical teams, leadership, and customers) to communicate the current operating status of the business and provide metrics of interest.
7. Automate responses to events: Automate responses to events to reduce errors caused by manual processes, and to ensure prompt and consistent responses.

 Evolve operations:

1. Have a process for continuous improvement.
2. Define drivers for improvement.
3. Document and share lessons learned.
4. Implement feedback loops: Include feedback loops in your procedures and workloads to help you identify issues and areas that need improvement.
5. Validate insights: Review your analysis results and responses with cross-functional teams and business owners. Use these reviews to establish a common understanding, identify additional impacts, and determine courses of action. Adjust responses as appropriate.
6. Perform operations metrics reviews: Regularly perform a retrospective analysis of operations metrics with cross-team participants from different areas of the business. Use these reviews to identify opportunities for improvement, potential courses of action, and to share lessons learned.
7. Allocate time to make improvements: Dedicate time and resources within your processes to make continuous incremental improvements possible.

Above mentioned points are recommended and ideal way to architect the applications and workloads in AWS. Please feel free to comment and suggest more good practice which you have implemented in your organization.

Thank you and Best Regards,

Ashutosh Upadhyay

References: