1.3 AWS Well-Architected Framework
Key Takeaways
- The AWS Well-Architected Framework has six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability.
- The Security pillar focuses on protecting data, systems, and assets through IAM, detective controls, infrastructure protection, and data protection.
- The Reliability pillar ensures workloads perform their intended function correctly and consistently, including automatic recovery from failure.
- The Cost Optimization pillar helps avoid unnecessary costs by using the right resources and pricing models.
- The Sustainability pillar (added in 2021) focuses on minimizing environmental impact of cloud workloads.
AWS Well-Architected Framework
Quick Answer: The AWS Well-Architected Framework provides six pillars of best practices for building cloud architectures: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability. Understanding these pillars is critical for the CLF-C02 exam.
The AWS Well-Architected Framework helps cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible. It was originally released with five pillars; the sixth pillar (Sustainability) was added in December 2021.
The Six Pillars at a Glance
| Pillar | Focus Area | Key Question |
|---|---|---|
| Operational Excellence | Running and monitoring systems | How do you manage and automate changes? |
| Security | Protecting data and systems | How do you protect your information and systems? |
| Reliability | Ensuring workloads work correctly | How do you recover from failure? |
| Performance Efficiency | Using resources efficiently | How do you select the right resource types? |
| Cost Optimization | Avoiding unnecessary costs | How do you avoid unnecessary costs? |
| Sustainability | Minimizing environmental impact | How do you minimize environmental impact? |
Pillar 1: Operational Excellence
The Operational Excellence pillar focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.
Design Principles:
- Perform operations as code — Define your entire workload as code (Infrastructure as Code) and update it with code
- Make frequent, small, reversible changes — Design workloads to allow components to be updated regularly in small increments
- Refine operations procedures frequently — As you evolve your workload, evolve your procedures appropriately
- Anticipate failure — Perform "pre-mortem" exercises to identify potential sources of failure and test your responses
- Learn from all operational failures — Share lessons learned across teams and throughout the organization
Key AWS Services:
| Service | How It Helps |
|---|---|
| AWS CloudFormation | Infrastructure as Code — define resources in templates |
| AWS Config | Track resource configurations and changes over time |
| Amazon CloudWatch | Monitor resources, set alarms, collect and track metrics |
| AWS Systems Manager | Operational management across AWS resources |
| AWS X-Ray | Analyze and debug distributed applications |
Pillar 2: Security
The Security pillar focuses on protecting information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
Design Principles:
- Implement a strong identity foundation — Implement the principle of least privilege and enforce separation of duties
- Maintain traceability — Monitor, alert, and audit actions and changes in real time
- Apply security at all layers — Apply defense in depth with multiple security controls
- Automate security best practices — Use automated security mechanisms to improve your ability to securely scale
- Protect data in transit and at rest — Use encryption, tokenization, and access control
- Keep people away from data — Use mechanisms and tools to reduce direct access or manual processing
- Prepare for security events — Have incident management and investigation policies and processes
Key AWS Services:
| Service | How It Helps |
|---|---|
| AWS IAM | Control access to AWS resources |
| AWS CloudTrail | Log and monitor API calls and actions |
| Amazon GuardDuty | Intelligent threat detection |
| AWS KMS | Create and manage encryption keys |
| AWS WAF | Web application firewall protection |
Pillar 3: Reliability
The Reliability pillar ensures a workload performs its intended function correctly and consistently when it is expected to. This includes the ability to operate and test the workload through its total lifecycle.
Design Principles:
- Automatically recover from failure — Monitor KPIs and trigger automation when thresholds are breached
- Test recovery procedures — Simulate different failures to verify recovery procedures
- Scale horizontally — Replace one large resource with multiple small resources to reduce single points of failure
- Stop guessing capacity — Use auto-scaling to match supply with demand
- Manage change through automation — Use automation to make changes to infrastructure
Key AWS Services:
| Service | How It Helps |
|---|---|
| Amazon CloudWatch | Monitor and alarm on infrastructure metrics |
| AWS Auto Scaling | Automatically adjust capacity to maintain performance |
| Elastic Load Balancing | Distribute traffic across multiple targets |
| Amazon RDS Multi-AZ | Database high availability across AZs |
| Amazon S3 | 99.999999999% (11 nines) durability for object storage |
Pillar 4: Performance Efficiency
The Performance Efficiency pillar focuses on using computing resources efficiently to meet requirements, and maintaining that efficiency as demand changes and technologies evolve.
Design Principles:
- Democratize advanced technologies — Use managed services instead of building from scratch
- Go global in minutes — Deploy workloads in multiple AWS Regions
- Use serverless architectures — Remove the operational burden of running servers
- Experiment more often — Easy to carry out comparative testing with different instance types
- Consider mechanical sympathy — Use the technology approach that aligns best with your goals
Key AWS Services:
| Service | How It Helps |
|---|---|
| AWS Lambda | Run code without provisioning servers |
| Amazon EC2 Auto Scaling | Right-size instances based on demand |
| Amazon CloudFront | Cache content at edge locations globally |
| Amazon ElastiCache | In-memory caching for faster data retrieval |
| Amazon Aurora | High-performance cloud-native database |
Pillar 5: Cost Optimization
The Cost Optimization pillar focuses on avoiding unnecessary costs. It includes understanding and controlling where money is being spent, selecting the most appropriate resource types, analyzing spending over time, and scaling to meet business needs without overspending.
Design Principles:
- Implement cloud financial management — Invest in Cloud Financial Management to build capability
- Adopt a consumption model — Pay only for the computing resources you require
- Measure overall efficiency — Measure the business output of the workload and the costs associated
- Stop spending money on undifferentiated heavy lifting — AWS handles the data center operations
- Analyze and attribute expenditure — Accurately identify the cost of systems and attribute to revenue streams
Key AWS Services:
| Service | How It Helps |
|---|---|
| AWS Cost Explorer | Visualize and manage costs and usage over time |
| AWS Budgets | Set custom budgets and receive alerts |
| AWS Trusted Advisor | Recommendations for cost optimization |
| Reserved Instances / Savings Plans | Commit for lower pricing |
| AWS Compute Optimizer | Recommend optimal AWS compute resources |
Pillar 6: Sustainability
The Sustainability pillar (added December 2021) focuses on minimizing the environmental impacts of running cloud workloads. This is the newest pillar and is tested on the CLF-C02 exam.
Design Principles:
- Understand your impact — Measure the impact of your cloud workload
- Establish sustainability goals — For each workload, set long-term sustainability goals
- Maximize utilization — Right-size workloads and implement efficient design
- Anticipate and adopt new, more efficient offerings — Adopt new technologies like Graviton processors
- Use managed services — Shared services reduce the amount of infrastructure needed
- Reduce the downstream impact — Reduce the amount of energy or resources required for customers to use your services
Key AWS Services:
| Service | How It Helps |
|---|---|
| AWS Graviton Instances | More energy-efficient ARM-based processors |
| AWS Compute Optimizer | Recommend right-sized resources |
| Amazon S3 Intelligent-Tiering | Automatically move data to most cost-effective and energy-efficient tier |
| AWS Auto Scaling | Scale down when demand is low to reduce waste |
| AWS Well-Architected Tool | Review workloads against sustainability best practices |
On the Exam: You must know ALL SIX pillars and be able to identify which pillar a given scenario belongs to. A common question format is: "Which Well-Architected pillar focuses on [description]?" Remember: Sustainability is the newest pillar and focuses on environmental impact.
Which of the following is the NEWEST pillar of the AWS Well-Architected Framework?
A company wants to ensure its workload can automatically recover from a component failure without manual intervention. Which Well-Architected pillar does this relate to?
Which THREE of the following are pillars of the AWS Well-Architected Framework? (Select THREE)
Select all that apply
Which design principle belongs to the Cost Optimization pillar?