Well-Architected Framework

Duration: 50 min

The AWS Well-Architected Framework provides best practices for designing and operating reliable, secure, efficient, and cost-effective systems. It's based on five pillars: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization. This module covers each pillar and the review process.

The Five Pillars

Operational Excellence focuses on running and monitoring systems to deliver business value. It includes infrastructure as code, monitoring, logging, and automation.

Security protects information and systems. It includes identity and access management, data protection, and threat detection.

Reliability ensures systems perform their intended function and recover from failures. It includes redundancy, failover, and disaster recovery.

Performance Efficiency uses computing resources efficiently. It includes right-sizing, caching, and content delivery.

Cost Optimization avoids unnecessary spending. It includes right-sizing, reserved instances, and resource cleanup.

Operational Excellence Pillar

Design systems for observability. Use CloudWatch for metrics and logs. Implement automation with Lambda and Systems Manager.

Use Infrastructure as Code (CloudFormation, Terraform) for reproducible deployments. Document runbooks for common operations.

Security Pillar

Apply the principle of least privilege. Use IAM roles and policies to grant minimum necessary permissions.

Encrypt data in transit (TLS) and at rest (KMS). Enable MFA for all users.

Use security groups and NACLs to control network traffic. Enable VPC Flow Logs for monitoring.

Regularly audit access and permissions. Use AWS Config to track configuration changes.

Reliability Pillar

Design for failure. Use multi-AZ deployments for high availability. Implement auto-scaling to handle traffic spikes.

Use read replicas for databases. Implement backup and disaster recovery strategies.

Test failover regularly. Use health checks to detect and recover from failures.

Performance Efficiency Pillar

Right-size instances based on actual usage. Use CloudWatch to monitor performance metrics.

Use caching (ElastiCache, CloudFront) to reduce latency. Use content delivery networks (CDN) for global distribution.

Use auto-scaling to match capacity to demand. Monitor and optimize database queries.

Cost Optimization Pillar

Use the free tier for learning. Right-size instances to avoid over-provisioning.

Use Reserved Instances for predictable workloads. Use Spot Instances for fault-tolerant workloads.

Implement lifecycle policies to move old data to cheaper storage. Delete unused resources.

Monitor spending with Cost Explorer and set budgets.

Well-Architected Review

A Well-Architected Review is a structured process to evaluate your architecture against the five pillars. AWS provides a review tool and workload questionnaire.

Steps:

1. Define your workload
2. Answer questions about each pillar
3. Identify risks and improvements
4. Create action plan
5. Implement improvements
6. Re-review periodically

Hands-On: Design a Well-Architected Application

Design a web application with:

Operational Excellence:

• Use CloudFormation for infrastructure
• Enable CloudWatch monitoring
• Implement auto-scaling

Security:

• Use IAM roles for EC2 instances
• Enable encryption for S3 and RDS
• Use security groups to restrict traffic

Reliability:

• Deploy across multiple AZs
• Use RDS Multi-AZ for database
• Implement health checks

Performance Efficiency:

• Use CloudFront for static content
• Use ElastiCache for database queries
• Right-size EC2 instances

Cost Optimization:

• Use Reserved Instances for baseline capacity
• Use Spot Instances for variable load
• Implement S3 lifecycle policies

Terraform Example: Well-Architected Application

# VPC with multiple AZs
resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}

# Public subnets in multiple AZs
resource "aws_subnet" "public" {
  count             = 2
  vpc_id            = aws_vpc.main.id
  cidr_block        = "10.0.${count.index + 1}.0/24"
  availability_zone = data.aws_availability_zones.available.names[count.index]
}

# Auto Scaling Group
resource "aws_autoscaling_group" "web" {
  launch_configuration = aws_launch_configuration.web.id
  min_size             = 2
  max_size             = 10
  vpc_zone_identifier  = aws_subnet.public[*].id
  health_check_type    = "ELB"
}

# RDS Multi-AZ
resource "aws_db_instance" "main" {
  allocated_storage    = 20
  engine               = "mysql"
  instance_class       = "db.t3.micro"
  multi_az             = true
  backup_retention_period = 7
}

# CloudFront for static content
resource "aws_cloudfront_distribution" "s3" {
  origin {
    domain_name = aws_s3_bucket.static.bucket_regional_domain_name
    origin_id   = "S3"
  }

  enabled = true

  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "S3"

    forwarded_values {
      query_string = false
      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "redirect-to-https"
  }
}

Best Practices Summary

1. Design for failure - Assume components will fail and design accordingly
2. Automate everything - Use IaC and automation to reduce manual errors
3. Monitor and log - Implement comprehensive monitoring and logging
4. Secure by default - Apply least privilege and encrypt data
5. Optimize continuously - Regularly review and optimize costs and performance
6. Document decisions - Keep runbooks and architecture documentation updated

Quiz 1

Quiz 2

Quiz 3

Quiz 4

Quiz 5