With the rise in connectivity, access to the internet, education, and boom of e-commerce, we have become empowered to do more with the technology in hand. Amidst all this spur of growth, numerous industries have come into existence that no one would have even believed to exist in the first place. The concept of Cloud Computing and storage is one fine example of this run. With the idea of educating, engage and invite people to start doing things in the Cloud in the right way, Amazon Web Services created the AWS Well Architected Framework.
AWS is the leading “Infrastructure as a Service” provider that bridges those gaps between what you own and how much you pay for the amount you’ve used, and almost any of the people with some basics knowledge of the cloud can create its own environment but is it well-founded? Following the best practices? Secure and over reasonable costs? I bet your answer was a pretty “I DON’T KNOW”.
But do not worry, we’re here for that, and to immerse you in the AWS Well-Architected Framework.
What is AWS Well Architected Framework?
AWS Well Architected is based on a Framework and tool to provide architectural best practices on the Cloud that consists on the AWS 5 Pillars.
What are the 5 Pillars of AWS?
Is your architecture setup according to Best Practices?
To answer this question easier, Amazon Web Services has laid down the AWS 5 Pillars in the form of a Framework that talks about those key issues to implement on an application.
- Operational Excellence
It helps us to be prepared and understand the application requirements to be ready and take quick actions as the operation is running and evolve as the application is growing and it allows us to learn from the experience. So, we can run and monitor systems, deliver business value and improve supporting procedures.
To protect information, systems, and help us implement detective controls to be able to identify security events and get to the next level on data protection; confidentiality and integrity while delivering business value through risk assessments and mitigation strategies.
The system must recover from infrastructure or service disruptions, scale-up automatically, as when required, and yet be resistant to misconfigurations and internal network issues, supporting us on changes and failures management; it creates a guideline for all the resources across the project.
As we said, we may not be using the cloud in the right way, so this point teaches us how we can be efficient on IT by choosing just the right resources that we really need to meet system requirements and insightfully adapt them as growing and constantly monitor the infrastructure as the situation changes.
- Cost Optimization
One big benefit of following these pillars is the ability to avoid unintended expenditures by integrate cost-effective resources and apply scalable designs like EC2 Autoscaling, taking advantage of new services and features. But it also enhances our knowledge base to understand costs and control them.
Need for AWS WAF?
So many companies across the world using the same services to build different apps, different solutions with a unique creative edge, and some working on sensitive data with safety and security issues and compliance, all have some similar common concerns tailored to be resolved through the best practices of the AWS Well Architected Framework. Common concerns of security, reliability, efficiency… need to be taken care of in every architecture, every application built on the platform that has active users. To make things uniform and lay down minimum standards across the platform, AWS has come up with its AWS Well-Architected Framework.
What is AWS Well Architected Tool?
With AWS Well Architected Tool, you can review and measure your architecture. It is a free service offered By AWS, which based on what you answered in the form it will be able to show you potential risks and recommendations for your infrastructure based on the next five pillars: Operational Excellence, Security, Reliability, Performance Efficiency and Cost Optimisation.
How to Use AWS Well Architected Tool?
- Navigate to the Well-Architected AWS Tool web page, and click define workload. This will take you to a form where you fill out your workload basics, such as industry type, and region plus environment. Click define workload again.
- Then, AWS Well-Architected Tool guides you through a systematic workload review of your added infrastructure. Further ahead, you get to prioritize among the pillars according to your needs. This makes the recommendations stronger on the pillars that matter the most to your app.
- After completing your first review, you can generate a written report in PDF based on your selections of workloads and priorities selected in terms of pillars like security, performance, etc.
- Based on this PDF report, you can head back to your workloads tab and click on an improvement plan to see recommendations for further adjustments in your workloads.
Let’s say that you are in normal business days, and suddenly, all your infrastructure start failing, but you do not know why. Where would you start reviewing? Do you truly follow the best practices? We can use this tool to create a workload and be able to acquire important information regarding the current infrastructure configurations.
Below are some points that will explain: a) what we can find, and b) how we can achieve those recommendations.
Here are some AWS resources that you can use to troubleshoot your infrastructure:
- AWS Trusted advisor provides you the ability to learn and understand the business needs by comparing your current infrastructure with some well-architected examples created by AWS.
- Take even more advantage of logs and telemetry with CloudWatch and get to know internal statuses like application errors, API calls, etc.
- Avoid big problems in production, and divide your work on different environments like Development, Staging, and Production. That will allow you to test changes and deploy them successfully to the world.
- Make small and continuous changes instead of big ones, this will allow you to revert to previous changes. Focus on what is wrong without affecting what is not.
- Use deployment tools like AWS CodeDeploy and automate tests to avoid unwanted problems.
- Define operation metrics and workflows.
Security: What if your problem is caused by an external risk? Then you may want to use the following resources to mitigate security intrusions.
- IAM policies: proper access management will keep away unwanted users.
- Secure the root user with MFA and add an extra security layer.
- You may want to use WAF to limit and control incoming traffic.
- Don’t lose your data and encrypt them: force encryption on S3, AMIs, and DB.
- Automate backups.
- Recovering from losses or disasters are crucial, we recommend you to automate Snapshots backups on S3 and constantly run simulated disasters. It will provide you the necessary changes to secure your information.
- Implementing CloudWatch alarms and logging will help you to take actions and easily find some root problems.
- Use third-party services like Chaos Monkey and Schedule simulated traffic, you will be able to see if your application stands or if you need to perform changes to achieve that goal.
- Do not mess everything when deploying changes and use AWS CodePipeline to automate change deployments.
- Implement AWS SNS or integrate a webhook chat to receive notifications when a problem with pipelines comes out.
- Use load test and metrics as a base to create an infrastructure within the resources that you really need.
- You can also implement auto-scaling groups to growth as demand and avoid overpower resources for the server.
- You should also analyze all the stored data in the infrastructures and define the correct way to treat them, you can take big advantages of the AWS technologies like S3 for static content, separating this information will help you to understand the business requirements.
- Use the new RDS serverless which allows you to autoscale the DB power as needed.
- Sometimes providing full access to users is not a good idea, you should use IAM policies to limit what users can create, modify and delete.
- Configure AWS budget and costs explorer to easily track and be aware of what you are using.
- Configure costs alerts and get notified once you are reaching your budget limit and when you already crossed that line, it will provide you visibility about the resources usage.
- Before launching big infrastructures you should understand the organization needs and be able to launch what you really need.
- Once you are 100% confident of your environments you can reserve resources for a long time and save some money.
- AWS Trusted advisor compares AWS well-architected infrastructures templates VS your infrastructure; you can see how good is your application or if there are changes to do.
While creating the architecture of your application on AWS, a user must keep an eye on aligning the interest of the app with satisfying the above-mentioned pillars of Well Architected Framework to touch basic truth about building a robust application that doesn’t compromise on security while being flexible.Here is the link to the AWS Official document on AWS Well Architected Framework.
If you already have an application hosted on AWS, and you like the concept of the Well Architected Framework, you must take an AWS Well Architected Review. This exercise of reviewing your application architecture ensures the specs that AWS itself recommends.