AWS Well-Architected review: Know your Cloud Architecture well
von Daman Preet Singh Walia
I might be working on AWS Cloud Architecture which seems to be free of vulnerabilities, but how to be sure? The answer to this is an AWS Well-Architected review. It is a framework built as per AWS best practices. The Framework helps in learning architectural best practices for designing and operating secure, reliable, efficient, cost-effective, and sustainable workloads in the AWS Cloud.
Terms to know:
-
Component: Code, configuration, and AWS Resources that work together to fulfill a need are referred to as components. A component, which is independent of other components, is frequently the unit of technical ownership. 1
-
Workload: Workload refers to a collection of components that work together to produce commercial value. The amount of specificity that business and technology leaders discuss is typically called a workload.
-
Architecture: We consider architecture to be the way a workload's component parts interact. The main focus of architecture diagrams is frequently on how components communicate and interact.
-
Milestones: As your architecture changes during the product lifecycle, milestones serve as a visual reminder of those changes (design, implementation, testing, go live, and in production).
-
Technology portfolio: The collection of workloads necessary for a company to function is known as its technology portfolio.
-
The level of effort classifies how much time, effort, and complexity are needed to complete a task. To accurately classify the amount of effort for the organization, each company must take into account the team's size, level of experience, and complexity.
-
High: The work could take weeks or perhaps months to complete. This might be divided into several releases, tales, and tasks.
-
Medium: The work can take several days or many weeks. Several releases and tasks could be created for this.
-
Low: The work could take many hours or several days. This could be divided into several tasks.
-
Lenses: You can continuously compare your architectures to best practices and highlight opportunities for improvement using lenses. A workload definition triggers the automatic application of the Amazon Well-Architected Framework Lens.
-
AWS provided lenses
-
Custom lenses: self-created lenses for additional compliances or custom best practices
-
Pillars: The foundational framework for your architecture focusing on operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability are pillars.
Define workload:
https://docs.aws.amazon.com/wellarchitected/latest/userguide/tutorial-step1.html
- Manual provisioning:
-
Sign in to the AWS Management Console and open the AWS Well-Architected Tool console at https://console.aws.amazon.com/wellarchitected/
-
Go to workloads in “Well-Architected Tool”.

- Click on Define workload and fill in workload properties. Then move to next page to select applicable lenses.

-
AWS Well-Architected Framework lens is default selected lens. You can select other applicable lenses based on the Cloud Architecture, used services or custom compliance. Then finalize creation by selecting Define Workload button below.

- The workload is created, and it will automatically direct you to the workload dashboard consisting of details about the review.

create-workload
--workload-name <value>
--description <value>
--environment <value>
[--account-ids <value>]
[--aws-regions <value>]
[--non-aws-regions <value>]
[--pillar-priorities <value>]
[--architectural-design <value>]
[--review-owner <value>]
[--industry-type <value>]
[--industry <value>]
--lenses <value>
[--notes <value>]
[--client-request-token <value>]
[--tags <value>]
[--discovery-config <value>]
[--applications <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
2. Command line provisioning:
Review Process:
As per AWS, the review process needs to be conducted:
-
in a consistent manner
-
with a blamefree approach that encourages diving deep
-
which should be a light weight process (hours not days) that is a conversation and not an audit
-
to identify any critical issues
Some suggested items to facilitate meetings:
-
A meeting room with whiteboards
-
Print outs of any diagrams or design notes
-
Action list of questions that require out-of-band research to answer (for example, “did we enable encryption or not?”)
If you are conducting a review, please follow the link for detailed review process: https://docs.aws.amazon.com/wellarchitected/latest/framework/the-review-process.html
1 Test ^ |
Test |