The AWS Cloud
The explosive growth of AWS services has unleashed unparalleled opportunities for developing new products and applications with reach into global markets. Never before has it been so quick to enable new services and environments. However, with great power, comes great responsibility. Are you building and configuring those services the right way? How are you managing them? Are you following Cloud native principles or trying to apply traditional thinking to the Cloud? “Best practice” is an often (some would say over) used term in IT. After experience with 1000s of workloads, migrations and implementation, you’d think AWS would know a thing or two about best practice? Hence, well architected!
If you aren’t following AWS’s best practices – then whose practices are you following?
A new year is always a good time for reflection. After all, are you well architected?
What is Well Architected?
The AWS Well Architected Framework (WAF) was developed by AWS is response to customer queries for architectural advice. AWS took years of their experience in designing solutions for the AWS Cloud and created the WAF. It started out as a single whitepaper but now has multiple pillars, lenses and even a tool in the AWS Console.
The WAF is based around the following 5 pillars. By answering foundational questions in each pillar, you can access how well your architecture aligns with AWS Cloud best practices. Improvements to your solutions can be implemented using the provided guidance. You can even track your improvements over time and with each iteration of the review.
The operational excellence pillar focuses on running and monitoring systems to deliver business value. It places and emphasis on continually improving processes and procedures. Key topics include automating changes, responding to events, and defining standards to manage daily operations.
The security pillar focuses on protecting information and systems. Key topics include confidentiality and integrity of data, identifying and managing who can do what with privilege management, protecting systems, and establishing controls to detect security events.
The reliability pillar focuses on ensuring a workload performs its intended function correctly and consistently. A resilient workload quickly recovers from failures to meet business and customer demand. Key topics include distributed system design, recovery planning, and how to handle change.
The performance efficiency pillar focuses on using IT and computing resources efficiently. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.
The cost optimization pillar focuses on avoiding unnecessary costs. Key topics include
- understanding and controlling where costs are occuring;
- selecting the most appropriate and right number of resource types;
- analyzing spend over time, and;
- scaling to meet business needs without overspending.
What about the lenses?
In addition to asking questions across the pillars, lens can also be applied. Lens add specific questions and guidance across an industry or technology vertical. An assessment of a workload should include the standard WAF pillars and any appropriate lens for full coverage. There are currently seven different lens available, such as a SaaS and a Financial Service lens.
An example of where a lens extends the WAF is under the Security Pillar of the SaaS lens. SaaS delivery models have some unique challenges as they seek to adopt a shared infrastructure model to achieve cost and operational efficiency.
SaaS SEC 2: How are you ensuring that tenant resources are protected from cross-tenant access?
In a SaaS model, tenant isolation is critical to a successful business. There are, however, many models that can be used. Your compliance obligations will guide some of the architectural choices. Other key decision points include cost and the domain in which the solution operates. While the Security pillar includes questions related to identity and access, this question is specific to a multi-tenant solution.
The Well Architected tool
The AWS console now includes a Well Architected Tool. You can use this tool to run through the questions across the pillars and lenses for your workloads. To use the tool, you first need to define the workload. Then, you can run through the pillars and questions at your own pace. Each answer will result in a score for that question along with recommendations. Any issues found will be summarised along with their risk rating.
Note that in our experience, the best result comes from approaching each pillar as a whole. We recommend getting the right domain experts into the room so that you can facilitate a run through of the entire pillar in one go. If you need to go away and research the answer, it will stretch the exercise out. Distribute the questions in advance so that people can come prepared. Having an independent facilitator can really help to get the right answers. However, make sure it is someone who understands the question and what it is really asking!
Why I should care?
AWS releases new services and updates services all the time. In fact, AWS has been exponentially growing the rate of release of new services and updates.
How do your solutions keep pace with these updates? How do they evolve to deal with an ever changing threat landscape? Help to keep your AWS solution as current, safe and efficient as possible by running a well architected review! In fact, by continuously running this kind of review, you can hopefully avoid an expensive re-architecture, security breach or undesired outage to your service!
When should I run a review?
For your key workloads, we recommend performing a review at least annually. Any major design change in your solution should also trigger a review. It’s far quicker and cheaper to make changes before you go live with any major overhaul or new solution! Don’t forget your people. A change in work practices or personnel should also be a trigger for a review on how you are supporting your workloads in the AWS Cloud. You don’t have to perform a review against all the pillars as you may want to address a specific area. For example, with a personnel change, you may want to focus on Operational Excellence.
If you would like to know more about running your first review, please get in contact with us at RedBear. We are trained in the Well Architected review process. RedBear can help you to assess your key workloads against AWS’s best practice!