SlideShare a Scribd company logo

AWS Well-Architected Framework Review

Download as PPTX, PDF
Henrique Mecking
Henrique Mecking

Are you Well-Architected?

Technology
1 of 23
AWS Well-Architected Framework Are you Well-Architected? 1 07/2017
Who I’m • Carlos Henrique Mecking • Solutions Architect • Twitter: @henriquemecking • Github: @mecking • 2
First: The Six advantages and Benefits 3 Trade capital expense for flexible expense Benefit from massive economies of scale Eliminate guessing on your capacity needs Increase speed and agility Stop spending money on running and maintaining data centers Go global in minutes
4 How can we do this?
Topics • History/Why we need • What’s it • Design principles • Pillars • Security • Reliability • Performance Efficiency • Cost Optimization • Operational Excellence 5
History “AWS Solutions Architects have years of experience architecting solutions across a wide variety of business verticals and use cases, and we have helped design and review thousands of customers’ architectures on AWS. From this experience, we have identified best practices and core strategies for architecting systems in the cloud.” 6
The AWS Well-Architected Framework Increases awareness of architectural best practices Address foundational areas that are often neglected Provides consistent approach to evaluating architectures 7 AWS Well- Architected Framework Design Principles Pillars Questions Best Practices
Design principles • Stop guessing your capacity needs: always use cloud’s scalability capabilities rather than guessing capacity needs and risking providing inadequate capacity. • Test systems at production scale: scale up the system to what it would be in production and test it to see how it works in the real environment. Decommission the extra resources once the test is over. • Automate to make architectural experimentation easier: automate the entire process of creating a system, enabling it to be replicated easily. Also, returning to a previous setup is simple that way. • Allow for evolutionary architectures: automation enables architects to evolve systems as needed, easily testing and setting up new configurations. • Data-driven architectures: collect needed operational data that can be used to evaluate how architectural changes impact the workloads. The data can also be used to tune up the automation code. • Improve through game days: inject failures to simulate operational events in production to understand how the system behaves when they take place and correct it if necessarily. 8
Pillars 9
Security Pillar: Principles 10 1. Apply security at all layers 2. Enable traceability 3. Implement a principle of least privilege 4. Focus on securing your system 5. Automate security best practices
Security Pillar: Question/Example SEC 1. How are you protecting access to and use of the AWS root account credentials? The AWS root account credentials are similar to root or local admin in other operating systems and should be used very sparingly. The current best practice is to create AWS Identity and Access Management (IAM) users, associate them to an administrator group, and use the IAM user to manage the account. The AWS root account should not have API keys, should have a strong password, and should be associated with a hardware multi- factor authentication (MFA) device. This forces the only use of the root identity to be via the AWS Management Console and does not allow the root account to be used for application programming interface (API) calls. Note that some resellers or regions do not distribute or support the AWS root account credentials. Best practices: • MFA and Minimal Use of Root The AWS root account credentials are only used for only minimal required activities. • No use of Root 11
Security Pillar: Questions • 1. Identity and access management • SEC 1. How are you protecting access to and use of the AWS root account credentials? • BP: MFA and Minimal Use of Root The AWS root account credentials are only used for only minimal required activities. • BP: No use of Root • SEC 2. How are you defining roles and responsibilities of system users to control human access to the AWS Management Console and API? • BP: Employee Life-Cycle Managed Employee life-cycle policies are defined and enforced. • BP: Least Privilege Users, groups, and roles are clearly defined and granted only the minimum privileges needed to accomplish business requirements. • SEC 3. How are you limiting automated access to AWS resources? • BP: Static Credentials used for Automated Access Stored these securely. • BP: Dynamic Authentication for Automated Access Manage using instance profiles or Amazon STS. • 2. Detective controls • SEC 4. How are you capturing and analyzing logs? • BP: Activity Monitored Appropriately Amazon CloudWatch logs, events, VPC flow logs, ELB logs, S3 bucket logs, AWS Cloud Trail Enabled, Monitored Operating System or Application Logs 12
Security Pillar: Questions 3. Infrastructure protection • SEC 5. How are you enforcing network and host-level boundary protection? • BP: Controlled Network Traffic in VPC For example, use firewalls, security groups, NACLS, a bastion host, etc. • BP: Controlled Network Traffic at the Boundary For example use AWS WAF, host based firewalls, security groups, NACLS, etc. • SEC 6. How are you leveraging AWS service level security features? • BP: Using Additional Features Where Appropriate • SEC 7. How are you protecting the integrity of the operating systems on your Amazon EC2 instances? • BP: File Integrity File integrity controls are used for EC2 instances. • BP: EC2 Intrusion Detection Host-based intrusion detection controls are used for EC2 instances. • BP: AWS Marketplace or Partner Solution A solution from the AWS Marketplace or from a Partner. • BP: Configuration Management Tool Use of a custom Amazon Machine Image (AMI) or configuration management tools (such as Puppet or Chef) that are secured by default. 13
Security Pillar: Questions 4. Data protection • SEC 8. How are you classifying your data? • BP: Using Data Classification Schema • BP: All data is Treated as Sensitive • SEC 9. How are you encrypting and protecting your data at rest? • BP: Not Required Data at rest encryption is not required • BP: Encrypting at Rest • SEC 10. How are you managing keys? • BP: AWS CloudHSM , Using AWS Service Controls, Using Client Side, AWS Marketplace or Partner Solution • SEC 11. How are you encrypting and protecting your data in transit? • Not Required Encryption not required on data in transit. • Encrypted Communications TLS or equivalent is used for communication as appropriate. 5. Incident response • SEC 12. How do you ensure you have the appropriate incident response? • Pre-Provisioned Access, Pre-Deployed Tools, Non-Production Game Days, Production Game 14
Reliability Pillar: Principles 1. Test recovery procedures 2. Automatically recover from failure 3. Scale horizontally to increase aggregate system availability 4. Stop guessing capacity 5. Manage change in automation 15
Reliability Pillar: Questions 1. Foundations • REL 1. How do you manage AWS service limits for your accounts? • BP: Monitor and Manage Limits • BP: Set Up Automated Monitoring • REL 2. How are you planning your network topology on AWS? • BP: Highly Available Connectivity Between AWS and On-Premises Environment (as Applicable) 2. Change Management • REL 3. How does your system adapt to changes in demand? • BP: Automated Scaling • BP: Load Tested • REL 4. How are you monitoring AWS resources? • … • REL 5. How are you executing change? 3. Failure Management • REL 6. How are you backing up your data? • REL 7. How does your system withstand component failures? • REL 8. How are you testing for resiliency? • REL 9. How are you planning for disaster recovery? 16
Performance Efficiency 1. Democratize advanced technologies 2. Go global in minutes 3. Use serverless architectures 4. Experiment more often 5. Mechanical sympathy 17
Performance Efficiency 1. Selection • PERF 1. How do you select the best performing architecture? • PERF 2. How do you select your compute solution? • PERF 3. How do you select your storage solution? • PERF 4. How do you select your database solution? • PERF 5. How do you select your network solution? 2. Review • PERF 6. How do you ensure that you continue to have the most appropriate resource type as new resource types and features are introduced? 3. Monitoring • PERF 7. How do you monitor your resources post-launch to ensure they are performing as expected? 4. Tradeoffs • PERF 8. How do you use tradeoffs to improve performance? 18
Cost Optimization: Principles 1. Adopt a consumption model 2. Benefit from economies of scale 3. Stop spending money on data center operations 4. Analyze and attribute expenditure 5. Use managed services to reduce cost of ownership 19
Cost Optimization 1. Cost-Effective Resources • COST 1. Are you considering cost when you select AWS services for your solution? • COST 2. Have you sized your resources to meet your cost targets? • COST 3. Have you selected the appropriate pricing model to meet your cost targets? 2. Matching Supply and Demand • COST 4. How do you make sure your capacity matches but does not substantially exceed what you need? 3. Expenditure Awareness • COST 5. Did you consider data-transfer charges when designing your architecture? • COST 6. How are you monitoring usage and spending? • COST 7. Do you decommission resources that you no longer need or stop resources that are temporarily not needed? • COST 8. What access controls and procedures do you have in place to govern AWS usage? 4. Optimizing Over Time • COST 9. How do you manage and/or consider the adoption of new services? 20
Operational Excellence: Principles 1. Perform operations with code 2. Align operations processes to business objectives 3. Make regular, small, incremental changes 4. Test for responses to unexpected events 5. Learn from operational events and failures 6. Keep operations procedures current 21
Operational Excellence 1. Preparation • OPS 1. What best practices for cloud operations are you using? • OPS 2. How are you doing configuration management for your workload? 2. Operations • OPS 3. How are you evolving your workload while minimizing the impact of change? • OPS 4. How do you monitor your workload to ensure it is operating as expected? 3. Responses • OPS 5. How do you respond to unplanned operational events? • OPS 6. How is escalation managed when responding to unplanned operational events? 22
• Link: https://aws.amazon.com/pt/architecture/well-architected/ • Whitepaper: http://d0.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf 23 Links 

Recommended

Living the AWS Well Architected Framework
Living the AWS Well Architected FrameworkLiving the AWS Well Architected Framework
Living the AWS Well Architected FrameworkAdam Dillman
 
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSAmazon Web Services
 
Reduce Costs and Build a Strong Operational Foundation with the AWS Migration...
Reduce Costs and Build a Strong Operational Foundation with the AWS Migration...Reduce Costs and Build a Strong Operational Foundation with the AWS Migration...
Reduce Costs and Build a Strong Operational Foundation with the AWS Migration...Amazon Web Services
 
AWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughAWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughKaushik Mohanraj
 
Making a cloud first strategy a practical reality
Making a cloud first strategy a practical realityMaking a cloud first strategy a practical reality
Making a cloud first strategy a practical realityAmazon Web Services
 

Recommended

Living the AWS Well Architected Framework
Living the AWS Well Architected FrameworkLiving the AWS Well Architected Framework
Living the AWS Well Architected FrameworkAdam Dillman
 
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSAmazon Web Services
 
Reduce Costs and Build a Strong Operational Foundation with the AWS Migration...
Reduce Costs and Build a Strong Operational Foundation with the AWS Migration...Reduce Costs and Build a Strong Operational Foundation with the AWS Migration...
Reduce Costs and Build a Strong Operational Foundation with the AWS Migration...Amazon Web Services
 
AWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughAWS Well Architected Framework - Walk Through
AWS Well Architected Framework - Walk ThroughKaushik Mohanraj
 
Making a cloud first strategy a practical reality
Making a cloud first strategy a practical realityMaking a cloud first strategy a practical reality
Making a cloud first strategy a practical realityAmazon Web Services
 
So you want to be Well-Architected?
So you want to be Well-Architected?So you want to be Well-Architected?
So you want to be Well-Architected?Amazon Web Services
 
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
FinOps - AWS Cost and Operational Efficiency - Pop-up Loft Tel Aviv
FinOps - AWS Cost and Operational Efficiency - Pop-up Loft Tel AvivFinOps - AWS Cost and Operational Efficiency - Pop-up Loft Tel Aviv
FinOps - AWS Cost and Operational Efficiency - Pop-up Loft Tel AvivAmazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
Application Portfolio Migration
Application Portfolio MigrationApplication Portfolio Migration
Application Portfolio MigrationAmazon Web Services
 
Cloud Migration: A How-To Guide
Cloud Migration: A How-To GuideCloud Migration: A How-To Guide
Cloud Migration: A How-To GuideAmazon Web Services
 
Cloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCAST
 
Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Tom Laszewski
 
AWS Initiate Day Dublin 2019 – Cost Optimization on AWS
AWS Initiate Day Dublin 2019 – Cost Optimization on AWSAWS Initiate Day Dublin 2019 – Cost Optimization on AWS
AWS Initiate Day Dublin 2019 – Cost Optimization on AWSAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
Building Your Cloud Strategy
Building Your Cloud StrategyBuilding Your Cloud Strategy
Building Your Cloud StrategyAmazon Web Services
 
Building Data Lakes and Analytics on AWS
Building Data Lakes and Analytics on AWSBuilding Data Lakes and Analytics on AWS
Building Data Lakes and Analytics on AWSAmazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design Amazon Web Services
 
AWS Cloud Adoption Framework
AWS Cloud Adoption Framework AWS Cloud Adoption Framework
AWS Cloud Adoption Framework Amazon Web Services
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration WorkshopAmazon Web Services
 
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Amazon Web Services
 
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...Amazon Web Services
 

More Related Content

What's hot

So you want to be Well-Architected?
So you want to be Well-Architected?So you want to be Well-Architected?
So you want to be Well-Architected?Amazon Web Services
 
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
FinOps - AWS Cost and Operational Efficiency - Pop-up Loft Tel Aviv
FinOps - AWS Cost and Operational Efficiency - Pop-up Loft Tel AvivFinOps - AWS Cost and Operational Efficiency - Pop-up Loft Tel Aviv
FinOps - AWS Cost and Operational Efficiency - Pop-up Loft Tel AvivAmazon Web Services
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
Cloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCAST
 
Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Tom Laszewski
 
AWS Initiate Day Dublin 2019 – Cost Optimization on AWS
AWS Initiate Day Dublin 2019 – Cost Optimization on AWSAWS Initiate Day Dublin 2019 – Cost Optimization on AWS
AWS Initiate Day Dublin 2019 – Cost Optimization on AWSAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
Building Data Lakes and Analytics on AWS
Building Data Lakes and Analytics on AWSBuilding Data Lakes and Analytics on AWS
Building Data Lakes and Analytics on AWSAmazon Web Services
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
 

What's hot (20)

So you want to be Well-Architected?
So you want to be Well-Architected?So you want to be Well-Architected?
So you want to be Well-Architected?
 
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
Cloud Adoption Framework Define Your Cloud Strategy and Accelerate Results
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
FinOps - AWS Cost and Operational Efficiency - Pop-up Loft Tel Aviv
FinOps - AWS Cost and Operational Efficiency - Pop-up Loft Tel AvivFinOps - AWS Cost and Operational Efficiency - Pop-up Loft Tel Aviv
FinOps - AWS Cost and Operational Efficiency - Pop-up Loft Tel Aviv
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
 
Application Portfolio Migration
Application Portfolio MigrationApplication Portfolio Migration
Application Portfolio Migration
 
Cloud Migration: A How-To Guide
Cloud Migration: A How-To GuideCloud Migration: A How-To Guide
Cloud Migration: A How-To Guide
 
Cloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case StudyCloud Migration: Cloud Readiness Assessment Case Study
Cloud Migration: Cloud Readiness Assessment Case Study
 
Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security Cloud Migration, Application Modernization, and Security
Cloud Migration, Application Modernization, and Security
 
AWS Initiate Day Dublin 2019 – Cost Optimization on AWS
AWS Initiate Day Dublin 2019 – Cost Optimization on AWSAWS Initiate Day Dublin 2019 – Cost Optimization on AWS
AWS Initiate Day Dublin 2019 – Cost Optimization on AWS
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
 
Building Your Cloud Strategy
Building Your Cloud StrategyBuilding Your Cloud Strategy
Building Your Cloud Strategy
 
Building Data Lakes and Analytics on AWS
Building Data Lakes and Analytics on AWSBuilding Data Lakes and Analytics on AWS
Building Data Lakes and Analytics on AWS
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
AWS Cloud Adoption Framework
AWS Cloud Adoption Framework AWS Cloud Adoption Framework
AWS Cloud Adoption Framework
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - Webinar
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
 

Similar to AWS Well-Architected Framework Review

Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Amazon Web Services
 
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...Amazon Web Services
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools Amazon Web Services
 
A Well Architected SaaS - A Holistic Look at Cloud Architecture - Pop-up Loft...
A Well Architected SaaS - A Holistic Look at Cloud Architecture - Pop-up Loft...A Well Architected SaaS - A Holistic Look at Cloud Architecture - Pop-up Loft...
A Well Architected SaaS - A Holistic Look at Cloud Architecture - Pop-up Loft...Amazon Web Services
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
 
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...AWS Germany
 
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You ScaleENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You ScaleAmazon Web Services
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Amazon Web Services
 
AWS re:Invent 2016: Cost Optimization at Scale (ENT209)
AWS re:Invent 2016: Cost Optimization at Scale (ENT209)AWS re:Invent 2016: Cost Optimization at Scale (ENT209)
AWS re:Invent 2016: Cost Optimization at Scale (ENT209)Amazon Web Services
 
Server and application monitoring webinars [Applications Manager] - Part 4
Server and application monitoring webinars [Applications Manager] - Part 4Server and application monitoring webinars [Applications Manager] - Part 4
Server and application monitoring webinars [Applications Manager] - Part 4ManageEngine, Zoho Corporation
 
RightScale Webinar: Hybrid-IT: Connecting Your On-Premises Infrastructure Wit...
RightScale Webinar: Hybrid-IT: Connecting Your On-Premises Infrastructure Wit...RightScale Webinar: Hybrid-IT: Connecting Your On-Premises Infrastructure Wit...
RightScale Webinar: Hybrid-IT: Connecting Your On-Premises Infrastructure Wit...RightScale
 
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyPragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyAmazon Web Services
 
Service quality monitoring system architecture
Service quality monitoring system architectureService quality monitoring system architecture
Service quality monitoring system architectureMatsuo Sawahashi
 
ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesAmazon Web Services
 
Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018Outpost24
 
AWS 201 Webinar Series - Rightsizing and Cost Optimizing your Deployment
AWS 201 Webinar Series - Rightsizing and Cost Optimizing your DeploymentAWS 201 Webinar Series - Rightsizing and Cost Optimizing your Deployment
AWS 201 Webinar Series - Rightsizing and Cost Optimizing your DeploymentAmazon Web Services
 
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You ScaleENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You ScaleAmazon Web Services
 
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...Amazon Web Services
 

Similar to AWS Well-Architected Framework Review (20)

Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017
 
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
 
A Well Architected SaaS - A Holistic Look at Cloud Architecture - Pop-up Loft...
A Well Architected SaaS - A Holistic Look at Cloud Architecture - Pop-up Loft...A Well Architected SaaS - A Holistic Look at Cloud Architecture - Pop-up Loft...
A Well Architected SaaS - A Holistic Look at Cloud Architecture - Pop-up Loft...
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
Automatisierte Kontrolle und Transparenz in der AWS Cloud – Autopilot für Com...
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You ScaleENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
 
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...Scaling Security Operations and Automating Governance: Which AWS Services Sho...
Scaling Security Operations and Automating Governance: Which AWS Services Sho...
 
AWS re:Invent 2016: Cost Optimization at Scale (ENT209)
AWS re:Invent 2016: Cost Optimization at Scale (ENT209)AWS re:Invent 2016: Cost Optimization at Scale (ENT209)
AWS re:Invent 2016: Cost Optimization at Scale (ENT209)
 
Server and application monitoring webinars [Applications Manager] - Part 4
Server and application monitoring webinars [Applications Manager] - Part 4Server and application monitoring webinars [Applications Manager] - Part 4
Server and application monitoring webinars [Applications Manager] - Part 4
 
RightScale Webinar: Hybrid-IT: Connecting Your On-Premises Infrastructure Wit...
RightScale Webinar: Hybrid-IT: Connecting Your On-Premises Infrastructure Wit...RightScale Webinar: Hybrid-IT: Connecting Your On-Premises Infrastructure Wit...
RightScale Webinar: Hybrid-IT: Connecting Your On-Premises Infrastructure Wit...
 
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyPragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
 
Service quality monitoring system architecture
Service quality monitoring system architectureService quality monitoring system architecture
Service quality monitoring system architecture
 
ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New Launches
 
Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018
 
AWS 201 Webinar Series - Rightsizing and Cost Optimizing your Deployment
AWS 201 Webinar Series - Rightsizing and Cost Optimizing your DeploymentAWS 201 Webinar Series - Rightsizing and Cost Optimizing your Deployment
AWS 201 Webinar Series - Rightsizing and Cost Optimizing your Deployment
 
Governance at Scale
Governance at Scale Governance at Scale
Governance at Scale
 
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You ScaleENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
ENT316 Keeping Pace With The Cloud: Managing and Optimizing as You Scale
 
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
AWS re:Invent 2016: How News UK Centralized Cloud Governance Through Policy M...
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 

AWS Well-Architected Framework Review

  • 1. AWS Well-Architected Framework Are you Well-Architected? 1 07/2017
  • 2. Who I’m • Carlos Henrique Mecking • Solutions Architect • Twitter: @henriquemecking • Github: @mecking • 2
  • 3. First: The Six advantages and Benefits 3 Trade capital expense for flexible expense Benefit from massive economies of scale Eliminate guessing on your capacity needs Increase speed and agility Stop spending money on running and maintaining data centers Go global in minutes
  • 4. 4 How can we do this?
  • 5. Topics • History/Why we need • What’s it • Design principles • Pillars • Security • Reliability • Performance Efficiency • Cost Optimization • Operational Excellence 5
  • 6. History “AWS Solutions Architects have years of experience architecting solutions across a wide variety of business verticals and use cases, and we have helped design and review thousands of customers’ architectures on AWS. From this experience, we have identified best practices and core strategies for architecting systems in the cloud.” 6
  • 7. The AWS Well-Architected Framework Increases awareness of architectural best practices Address foundational areas that are often neglected Provides consistent approach to evaluating architectures 7 AWS Well- Architected Framework Design Principles Pillars Questions Best Practices
  • 8. Design principles • Stop guessing your capacity needs: always use cloud’s scalability capabilities rather than guessing capacity needs and risking providing inadequate capacity. • Test systems at production scale: scale up the system to what it would be in production and test it to see how it works in the real environment. Decommission the extra resources once the test is over. • Automate to make architectural experimentation easier: automate the entire process of creating a system, enabling it to be replicated easily. Also, returning to a previous setup is simple that way. • Allow for evolutionary architectures: automation enables architects to evolve systems as needed, easily testing and setting up new configurations. • Data-driven architectures: collect needed operational data that can be used to evaluate how architectural changes impact the workloads. The data can also be used to tune up the automation code. • Improve through game days: inject failures to simulate operational events in production to understand how the system behaves when they take place and correct it if necessarily. 8
  • 10. Security Pillar: Principles 10 1. Apply security at all layers 2. Enable traceability 3. Implement a principle of least privilege 4. Focus on securing your system 5. Automate security best practices
  • 11. Security Pillar: Question/Example SEC 1. How are you protecting access to and use of the AWS root account credentials? The AWS root account credentials are similar to root or local admin in other operating systems and should be used very sparingly. The current best practice is to create AWS Identity and Access Management (IAM) users, associate them to an administrator group, and use the IAM user to manage the account. The AWS root account should not have API keys, should have a strong password, and should be associated with a hardware multi- factor authentication (MFA) device. This forces the only use of the root identity to be via the AWS Management Console and does not allow the root account to be used for application programming interface (API) calls. Note that some resellers or regions do not distribute or support the AWS root account credentials. Best practices: • MFA and Minimal Use of Root The AWS root account credentials are only used for only minimal required activities. • No use of Root 11
  • 12. Security Pillar: Questions • 1. Identity and access management • SEC 1. How are you protecting access to and use of the AWS root account credentials? • BP: MFA and Minimal Use of Root The AWS root account credentials are only used for only minimal required activities. • BP: No use of Root • SEC 2. How are you defining roles and responsibilities of system users to control human access to the AWS Management Console and API? • BP: Employee Life-Cycle Managed Employee life-cycle policies are defined and enforced. • BP: Least Privilege Users, groups, and roles are clearly defined and granted only the minimum privileges needed to accomplish business requirements. • SEC 3. How are you limiting automated access to AWS resources? • BP: Static Credentials used for Automated Access Stored these securely. • BP: Dynamic Authentication for Automated Access Manage using instance profiles or Amazon STS. • 2. Detective controls • SEC 4. How are you capturing and analyzing logs? • BP: Activity Monitored Appropriately Amazon CloudWatch logs, events, VPC flow logs, ELB logs, S3 bucket logs, AWS Cloud Trail Enabled, Monitored Operating System or Application Logs 12
  • 13. Security Pillar: Questions 3. Infrastructure protection • SEC 5. How are you enforcing network and host-level boundary protection? • BP: Controlled Network Traffic in VPC For example, use firewalls, security groups, NACLS, a bastion host, etc. • BP: Controlled Network Traffic at the Boundary For example use AWS WAF, host based firewalls, security groups, NACLS, etc. • SEC 6. How are you leveraging AWS service level security features? • BP: Using Additional Features Where Appropriate • SEC 7. How are you protecting the integrity of the operating systems on your Amazon EC2 instances? • BP: File Integrity File integrity controls are used for EC2 instances. • BP: EC2 Intrusion Detection Host-based intrusion detection controls are used for EC2 instances. • BP: AWS Marketplace or Partner Solution A solution from the AWS Marketplace or from a Partner. • BP: Configuration Management Tool Use of a custom Amazon Machine Image (AMI) or configuration management tools (such as Puppet or Chef) that are secured by default. 13
  • 14. Security Pillar: Questions 4. Data protection • SEC 8. How are you classifying your data? • BP: Using Data Classification Schema • BP: All data is Treated as Sensitive • SEC 9. How are you encrypting and protecting your data at rest? • BP: Not Required Data at rest encryption is not required • BP: Encrypting at Rest • SEC 10. How are you managing keys? • BP: AWS CloudHSM , Using AWS Service Controls, Using Client Side, AWS Marketplace or Partner Solution • SEC 11. How are you encrypting and protecting your data in transit? • Not Required Encryption not required on data in transit. • Encrypted Communications TLS or equivalent is used for communication as appropriate. 5. Incident response • SEC 12. How do you ensure you have the appropriate incident response? • Pre-Provisioned Access, Pre-Deployed Tools, Non-Production Game Days, Production Game 14
  • 15. Reliability Pillar: Principles 1. Test recovery procedures 2. Automatically recover from failure 3. Scale horizontally to increase aggregate system availability 4. Stop guessing capacity 5. Manage change in automation 15
  • 16. Reliability Pillar: Questions 1. Foundations • REL 1. How do you manage AWS service limits for your accounts? • BP: Monitor and Manage Limits • BP: Set Up Automated Monitoring • REL 2. How are you planning your network topology on AWS? • BP: Highly Available Connectivity Between AWS and On-Premises Environment (as Applicable) 2. Change Management • REL 3. How does your system adapt to changes in demand? • BP: Automated Scaling • BP: Load Tested • REL 4. How are you monitoring AWS resources? • … • REL 5. How are you executing change? 3. Failure Management • REL 6. How are you backing up your data? • REL 7. How does your system withstand component failures? • REL 8. How are you testing for resiliency? • REL 9. How are you planning for disaster recovery? 16
  • 17. Performance Efficiency 1. Democratize advanced technologies 2. Go global in minutes 3. Use serverless architectures 4. Experiment more often 5. Mechanical sympathy 17
  • 18. Performance Efficiency 1. Selection • PERF 1. How do you select the best performing architecture? • PERF 2. How do you select your compute solution? • PERF 3. How do you select your storage solution? • PERF 4. How do you select your database solution? • PERF 5. How do you select your network solution? 2. Review • PERF 6. How do you ensure that you continue to have the most appropriate resource type as new resource types and features are introduced? 3. Monitoring • PERF 7. How do you monitor your resources post-launch to ensure they are performing as expected? 4. Tradeoffs • PERF 8. How do you use tradeoffs to improve performance? 18
  • 19. Cost Optimization: Principles 1. Adopt a consumption model 2. Benefit from economies of scale 3. Stop spending money on data center operations 4. Analyze and attribute expenditure 5. Use managed services to reduce cost of ownership 19
  • 20. Cost Optimization 1. Cost-Effective Resources • COST 1. Are you considering cost when you select AWS services for your solution? • COST 2. Have you sized your resources to meet your cost targets? • COST 3. Have you selected the appropriate pricing model to meet your cost targets? 2. Matching Supply and Demand • COST 4. How do you make sure your capacity matches but does not substantially exceed what you need? 3. Expenditure Awareness • COST 5. Did you consider data-transfer charges when designing your architecture? • COST 6. How are you monitoring usage and spending? • COST 7. Do you decommission resources that you no longer need or stop resources that are temporarily not needed? • COST 8. What access controls and procedures do you have in place to govern AWS usage? 4. Optimizing Over Time • COST 9. How do you manage and/or consider the adoption of new services? 20
  • 21. Operational Excellence: Principles 1. Perform operations with code 2. Align operations processes to business objectives 3. Make regular, small, incremental changes 4. Test for responses to unexpected events 5. Learn from operational events and failures 6. Keep operations procedures current 21
  • 22. Operational Excellence 1. Preparation • OPS 1. What best practices for cloud operations are you using? • OPS 2. How are you doing configuration management for your workload? 2. Operations • OPS 3. How are you evolving your workload while minimizing the impact of change? • OPS 4. How do you monitor your workload to ensure it is operating as expected? 3. Responses • OPS 5. How do you respond to unplanned operational events? • OPS 6. How is escalation managed when responding to unplanned operational events? 22
  • 23. • Link: https://aws.amazon.com/pt/architecture/well-architected/ • Whitepaper: http://d0.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf 23 Links 