For organizations looking to improve on operational efficiencies, more and more CIOs are migrating to the cloud. Amazon Web Services (AWS) is one of the most trusted, reliable cloud service providers with the Amazon Virtual Private Cloud. In order to build an AWS framework that is stable, reliable and delivers on business value, Amazon defined the Five Pillars of the AWS Well Architected Framework.
An efficient, resilient infrastructure framework will help you to: optimize uptime, secure against cybersecurity threats, save on costs and deliver on business objectives. This article will explain the Five Pillars of the AWS Well-Architected Framework:
- Operational Excellence
- Performance Efficiency
- Cost Optimization
Who Benefits from the AWS Five Pillars of the Well-Architected Framework and How?
Amazon designed the AWS Well Architected Framework to support cloud architects in implementing scalable designs. Amazon’s Five Pillars of the AWS Well-Architected Framework is suitable for use by technology professionals, e.g., such as chief technology officers (CTOs), chief information security officers (CISOs), architects, developers, and operations team members. While the AWS Well-Architected Framework should be referenced as a guide to drive architectural decisions, it should not be referenced as an audit tool.
Implementing the Five Pillars into the AWS framework will improve on your enterprise’s bottom line. As your organization achieves operational efficiency and security, it will be able to shift focus onto other aspects such as innovation and design enhancements. The Amazon framework provides a consistent method to evaluate architectures — not only from a partner standpoint, but also from a customer standpoint.
Amazon also provides the AWS Well Architected Tool — the corresponding user guide makes utilization as simple as possible. The AWS Well-Architected Framework, tool and guide were created by AWS architects with years of experience working on a thousands of workflows, for a wide variety of businesses. For additional coding support, Amazon also provides the AWS Well-Architected Labs — a best practices repository of code and documentation to enable hands-on learning, building and metrics.
AWS Five Pillars of the Well-Architected Framework Key Terms
Amazon uses the following key terms to ensure collaboration consistency:
The AWS Well-Architected Framework also defines the following terms for clarity:
- Component: the units, comprised of code, configuration and other AWS Resources, that execute against business requirements
- Workload: a group of components that, when taken together, deliver business value. Senior leaders within an organization, e.g. CIOs and CISOs, will be able to articulate workloads within their communications
- Milestones: key achievements attained through system and application architecture as it moves through the product lifecycle, e.g. the SDLC.
- Architecture: how components interact and communicate together in a workload. SDLC team members will often Architecture details in process flow diagrams. Threat modeling is a way that SDLC participants map out components and workloads, while identifying security threats. Automated tools such as ThreatModeler provide corresponding requirements to secure an IT stack against existing, new and emerging threats.
- Technology Portfolio: the collection of workloads that is required to operate the business.
AWS Well-Architected Framework General Design Principles
An organization should strike a balance when prioritizing the Five Pillars of Amazon’s Well-Architected Framework. For example, a CISO might decide that certain security measures are more important than cost reduction for mission-critical functionality. A CIO may trade off consistency and durability to deliver optimal performance.
Amazon also believes that key architects should drive development best practices, as listed below:
- Technical Architect (infrastructure),
- Solutions Architect (software),
- Data Architect
- Networking Architect
- Security Architect
AWS Well-Architected Framework Design Principles
Don’t make guesswork out of capacity needs – Don’t guess about capacity needs or you might end up with unnecessary costs. Paying for idle resources, for example, may prove to be cost prohibited, while underestimating capacity may cause performance limitations. If you haven’t already, go with cloud computing, which automatically scales according to bandwidth needs.
Test systems at the scale of production – The cloud provides the affordability to invest in a production-like testing environment that you can deactivate once testing is completed. On-premise testing can be more costly than cloud testing. If you test systems on the cloud, you’ll be able to scale up based on testing environment capacity needs, then down.
Automate architecture for flexibility and experimentation – Avoid costly manual processes, and create and duplicate systems at low cost through automation. With automation, you should be able to track changes, evaluate the impact, and revert to a previous iterations when necessary.
Implement evolutionary architectures – As more SDLC teams move away from the traditional environment (static, one-time implementation, few major version updates). Migrating to the cloud gives you the capacity to automate, test, and lower overall risk that comes from making design changes. Architects can take advantage of innovations, and evolve with emerging techniques and technology.
Leverage data to inform architecture decisions – Data collected from your cloud project can help to make informed decisions about your workload behavior. Metrics will help you to uncover gaps, anomalies and ways to improve your workload. Use the code within your cloud infrastructure to make sound architecture decisions, including improvement.
Use game days to test out use cases – Simulate production events and gather user feedback from across the organization with game days. Game days can boost collaboration and help SDLC participants to identify areas for improvement.
Five Pillars of the AWS Well-Architected Framework Explained
The Five Pillars are driven by automation, continuous improvement and monitoring.
Business value is of utmost importance as architecture teams prepare, operate and evolve systems. Continuous monitoring occurs throughout. Processes and procedures are revised whenever there is room for improvement. Progress is made with frequent, small and reversible changes. According to the AWS Well-Architected Framework, operations are driven by code. Carefully addressing code at every step leaves less room for error and instills consistency throughout the framework.
This is an important aspect of the AWS Operational Excellence Pillar. Formerly, on-premise documentation was manual, make it difficult to achieve consistency, efficiency or synchronicity. Cloud-based annotated documentation can help to communicate information about each build. Automate annotated documentation (even handwritten) so that it can be used as operations code input. Finally, anticipate failure will most likely happen. Test failure scenarios and learn from them.
Understand risk and protect information, systems and assets. Implement effective mitigation strategies. Set security controls that monitor infrastructure, while restricting access from a centralized location. Leave no layer unturned as you apply security controls.
Automate software-based security procedures. The automation should define and manage controls through version-controlled code templates. Data should be categorized based on sensitivity level and protected using policy, encryption and tokenization.
Put an incident response management plan in place, and play out incident response scenarios to learn more about the possible occurrences that may happen in the event of a data breach. Use AWS CloudFormation as a secure, isolated environment to conduct forensics activities. Enlist automation with detection, investigation, and recovery applications.
This pillar of the AWS Well-Architected Framework puts forth best practices to make a system recover from disruption. Conduct testing to learn how a system behaves in a particular scenario. Create system failure scenarios through automation so you can identify the different attack pathways and secure them.
Keep automation in mind In the procurement of resources based on demand. Add monitoring automation that triggers cybersecurity defenses in the event of a disruption. Scale horizontally and distribute requests across resources so a single outage doesn’t create a single point of failure. Amazon’s Well-Architected Framework states that a foundation should make sure parameters for reliability are in place.
Within change management, be prepared to adjust to bandwidth needs. Be prepared with a failure management plan. Ensure that you can recover most-to-all data and continue serving customers In the event of a system outage — even a long-term one.
Apply efficiency in all areas within the AWS Well-Architected Framework. Your solution will vary based on your workload. As technology evolves, you may enlist new tools. Ensure efficiency levels are maintained and improved upon with any technology changes. Rather than spend time and resources on implementing advanced technology, lean on cloud service providers, who may be able to run the technology and offer it as a service to your team’s architects. An organization’s focus can remain on product development, and not on provisioning and managing resources.
Serverless architecture, also known as Function as a Service (FaaS) enables you to host applications on the cloud. There are a few benefits to FaaS: server management responsibility and cloud scalability lowers transactional costs according to need. FaaS also offers:
- Flexibility to choose the technology approach that is best for you
- Ability to experiment with different configurations and instances, et al.
The fifth and final Pillar of the AWS Framework pertains to delivering the highest business value at the lowest price point. Strike a balance between cost and efficiency by applying a consumption model. The cloud offers scalable services based on your bandwidth needs. The cloud also offers cost savings on data center operations, with the provider hosting the servers.
Business owners should have a comprehensive knowledge of IT cost attribution. The cloud offers this metric transparently and should help to measure return on investment (ROI). Keep finding ways to lower costs and optimize efficiency. Matching supply with demand is one great way to get the most out of what you pay for and avoid spends on underutilized resources.
Threat Modeling Helps Organizations to Achieve Stability, Efficiency and Security
An organization will benefit from applying the Five Pillars of the AWS Well-Architected Framework. An important part of building a reliable, cost-effective architecture in the cloud is threat modeling. Using the VAST methodology to process flow diagramming, ThreatModeler users can map out components and communication connectors to identify security threats. Users can then assign security requirements to lessen the likelihood that an architecture will be compromised, e.g. by a cybercriminal.
ThreatModeler has taken former time-consuming, manual processes and automated them, to integrate with cloud providers such as AWS and Microsoft Azure. With its full integration with AWS, users can cut time and costs in building a more secure architecture.
To learn more about how ThreatModeler can identify and predict threats, and define security requirements, request a free evaluation of the ThreatModeler platform or contact us to speak with an application threat modeling expert today.