AWS Well Architected Framework
What We Will Cover The Well-Architected Framework Key Best Practices How to Get Started Resources
Main Pillars Security Reliability Performance Efficiency Cost Optimization Account Access Keys Network Services High Availability Load Balancing Backup and DR Auto Scaling Right-Sizing Benchmarking Load Testing Monitoring Managed- Services Cost Awareness Tagging
General Design Principles Secure from the Start Stop Guessing your Capacity Needs Test Systems at Production Scale Lower the Risk of Architecture Change Automate to make Architectural Experimentation Easier Allow for Evolutionary Architectures
Security Security Reliability Performance Efficiency Cost Optimization
Security The ability to protect information, systems and assets while delivering business value through risk assessments and mitigation strategies. Data Protection Privilege Management Infrastructure Protection Detective Controls
Customers Security: Shared Responsibility Customer applications & content Platform, Applications, Identity & Access Management Operating System, Network, and Firewall Configuration Client-side Data Encryption Server-side Data Encryption Network Traffic Protection AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Availability Zones Regions Edge Locations
Security: Credentials As soon as you Create a new AWS Account Enable MFA Use Identity and Access Management Service (IAM) to Create Users, even if its only 1 Protect all of your Credentials DO NOT place Access Keys in Code EVER! 'key' => '1111-2222-3333-4444-5555, 'secret' => 'aaaa-bbbb-cccc-dddd-eeee',
Security: EC2 Role 1: Create EC2 role Create role in IAM service with limited policy 2: Launch EC2 instance Launch instance with role Instance 3: App retrieves credentials Using AWS SDK application retrieves temporary credentials 4: App accesses AWS resource(s) Using AWS SDK application uses credentials to access resource(s)
Security: Network and Boundary Security Groups are Built-in Stateful Firewalls Divide Layers of the Stack into Subnets Use a Bastion Host for Access Implement Host Based Controls
Two Layers with Security Groups User WEB Server WEB Security Group Web Subnet A DB Security Group RDS DB Instance DB Subnet A Availability Zone A Availability Zone B
Security: Instance, Monitoring and Auditing Configure Encryption Everywhere Possible Configure CloudTrail Service Configure VPC Flow Logs Collect all Logs Centrally and Alert Virtual Private Cloud Identity & Access Manager Key Management Service CloudTrail AWS Config
Reliability Security Reliability Performance Efficiency Cost Optimization
Reliability The ability of a system to recover from infrastructure or service failures, dynamically acquire computing resources to meet demand and mitigate disruptions such as misconfigurations or transient network issues. Foundations Change Management Failure Management
Reliability: High Availability No Single Point of Failure Multiple Availability Zones Load Balancing Auto Scaling and Healing
Multi AZ, Load Balanced, Auto Scaled User Route 53 Elastic Load Balancing WEB Server WEB Server WEB Server Auto Scaling Group WEB Server WEB Server WEB Server S3 Web Subnet A Web Subnet B CloudWatch RDS DB Instance Active DB Subnet A RDS DB Instance Standby DB Subnet B Availability Zone A Availability Zone B
Reliability: Monitoring and Alerting Monitoring Notification Automated Response Review AWS Lambda CloudWatch CloudWatch Alarm CloudWatch Logs SNS
Reliability: Backup and DR Define Objectives Backup Strategy Periodic Recovery Testing Automated Recovery Periodic Reviews
Performance Efficiency Security Reliability Performance Efficiency Cost Optimization
Performance Efficiency The ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve. Compute Storage Database
Performance Efficiency: Right Sizing Reference Architecture Quick Start Reference Deployments Benchmarking Load Testing Cost / Budget Monitoring and Notification
Performance Efficiency: Proximity and Caching Content Delivery Network (CDN) CloudFront Database Caching Reduce Latency ElastiCache Pro-active Monitoring and Notification RDS DB instance read replica
Multi AZ, Load Balanced, Auto Scaled, Caching User Route 53 CloudFront AWS WAF Elastic Load Balancing WEB Server WEB Server WEB Server Auto Scaling Group WEB Server WEB Server WEB Server S3 Web Subnet A Web Subnet B CloudWatch RDS DB Instance Active RDS DB Instance Read Replica DB Subnet A ElastiCache RDS DB Instance Standby RDS DB Instance Read Replica DB Subnet B ElastiCache Availability Zone A Availability Zone B
Cost Optimization Security Reliability Performance Efficiency Cost Optimization
Cost Optimization The ability to avoid or eliminate unneeded cost or suboptimal resources. Matching Capacity and Demand Cost-effective Resources Expenditure Awareness Optimising Over Time
Cost Optimization: Capacity Matching Demand Based Queue Based Schedule Based Appropriately Provisioned Instance Matching Pro-active Monitoring and Action SQS SWF Optimized instance
Cost Optimization: Pricing Model On Demand Reserved Spot Automated Turn Off
Cost Optimization: Managed Services Analyze Available Services Appropriate Databases Consider Application Level Services Automation: CloudFormation, Elastic Beanstalk RDS DynamoDB Redshift ElastiCache AWS CloudFormation AWS Elastic Beanstalk Elastisearch Service
Cost Optimization: Manage Expenditure Tag Resources Track Project Lifecycle and Profile Applications Monitor Usage and Spend Cost Explorer Partner Tools
Trusted Advisor
Trusted Advisor
Enterprise-Level Support Offers resources for customers running business & missioncritical workloads on AWS, as well as any customers who: Focus on proactive management to increase efficiency and availability Build well-architected, well-operated solutions Leverage AWS expertise to support launches and migrations