AWS Well-Architected Framework and Best Practices

The AWS Well-Architected Framework is a set of best practices and design principles developed by AWS to help architects build secure, high-performing, resilient, and efficient cloud infrastructure. It is organized into six pillars, each covering a critical dimension of cloud architecture quality. The framework is used to evaluate existing architectures and guide the design of new ones.

AWS also provides the Well-Architected Tool — a free service in the console that runs a structured review of a workload against the framework questions and provides actionable recommendations.

The Six Pillars

+-----------------------------------------------------------+
|           AWS Well-Architected Framework                  |
|                                                           |
|  [Operational     [Security]   [Reliability]              |
|   Excellence]                                             |
|                                                           |
|  [Performance     [Cost         [Sustainability]          |
|   Efficiency]      Optimization]                         |
+-----------------------------------------------------------+

Pillar 1: Operational Excellence

Operational Excellence focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.

Key Principles

  • Perform operations as code: Define entire infrastructure and operational procedures in code (CloudFormation, CDK, runbooks as scripts). Eliminate human error from repetitive tasks.
  • Make frequent, small, reversible changes: Small deployments are easier to test and roll back than large releases.
  • Refine operations frequently: Hold post-incident reviews. Every failure is a learning opportunity to improve processes.
  • Anticipate failure: Run game days — simulate failures to test readiness before they happen in production.
  • Learn from operational failures: Share lessons across teams so the same failure does not repeat.

Key AWS Services

CloudFormation, AWS Config, CloudWatch, X-Ray, CodePipeline, Systems Manager, CloudTrail.

Pillar 2: Security

The Security pillar covers protecting data, systems, and assets through risk assessment and mitigation strategies.

Key Principles

  • Implement a strong identity foundation: Least privilege access, MFA everywhere, no long-term credentials for applications.
  • Enable traceability: Log and audit all actions. CloudTrail records every API call.
  • Apply security at all layers: Protect the VPC perimeter, EC2 instances, application layer, and data layer — not just the outer edge.
  • Automate security best practices: Use IAM policies, security groups, and encryption configurations in code — reviewed in pull requests.
  • Protect data in transit and at rest: Encrypt everything — S3 server-side encryption, RDS encryption, TLS for all connections.
  • Keep people away from data: Use automation and audit trails so humans rarely need direct access to production data.
  • Prepare for security events: Create incident response playbooks and practice them.

Key AWS Services

IAM, KMS, Shield, WAF, GuardDuty, Macie, Inspector, Security Hub, CloudTrail, AWS Config.

Pillar 3: Reliability

The Reliability pillar ensures a workload performs its intended function correctly and consistently, and recovers quickly from failures.

Key Principles

  • Automatically recover from failure: Monitor systems and trigger automated recovery — Auto Scaling replaces failed instances, Route 53 failover redirects traffic, RDS Multi-AZ fails over automatically.
  • Test recovery procedures: Regularly test failover, restore from backup, and chaos engineering scenarios.
  • Scale horizontally: Replace one large resource with multiple smaller ones. The failure of one small resource is a minor event; the failure of one large resource can be catastrophic.
  • Stop guessing capacity: Use Auto Scaling to match capacity to actual demand.
  • Manage change through automation: Infrastructure changes should go through automated pipelines with rollback capability.

Key AWS Services

Route 53, Auto Scaling, ALB, RDS Multi-AZ, S3 versioning, CloudFormation, AWS Backup, Regions and AZs.

Recovery Objectives

MetricDefinitionExample Target
RTO (Recovery Time Objective)Maximum acceptable downtime after a failureRTO = 1 hour (must be back online within 1 hour)
RPO (Recovery Point Objective)Maximum acceptable data loss (how old can the restored data be)RPO = 5 minutes (cannot lose more than 5 minutes of data)

Pillar 4: Performance Efficiency

This pillar focuses on using computing resources efficiently to meet system requirements and maintaining that efficiency as demand changes and technologies evolve.

Key Principles

  • Democratize advanced technologies: Use managed services (RDS, ElastiCache, SageMaker) instead of building from scratch. Let AWS manage the complexity.
  • Go global in minutes: Deploy to multiple Regions using CloudFormation to serve global users with low latency.
  • Use serverless architectures: Remove the operational overhead of managing servers for workloads suited to Lambda, Fargate, or Aurora Serverless.
  • Experiment more often: Cloud resources can be created and deleted in minutes — test new instance types, CDN configurations, or database engines without long-term commitment.
  • Consider mechanical sympathy: Match the technology to the workload. Use DynamoDB for simple key-value access, RDS for complex relational queries, S3 for object storage, Kinesis for streaming.

Key AWS Services

Auto Scaling, CloudFront, ElastiCache, RDS Read Replicas, DAX, Lambda, Fargate, SageMaker.

Pillar 5: Cost Optimization

This pillar focuses on avoiding unnecessary costs and understanding where money is spent to maximize business value delivered per dollar.

Key Principles

  • Implement Cloud Financial Management: Treat cost optimization as a continuous discipline, not a one-time event. Dedicate resources to it.
  • Adopt a consumption model: Pay only for what is used. Shut down idle resources. Use Auto Scaling to eliminate over-provisioning.
  • Measure overall efficiency: Track cost per transaction, cost per user, or cost per GB processed — not just total spend.
  • Stop spending money on undifferentiated heavy lifting: Use managed services so money goes to building unique business features — not maintaining databases or running updates.
  • Analyze and attribute expenditure: Tag resources by team, project, and environment. Charge back costs to the right business unit.

Key AWS Services

Cost Explorer, AWS Budgets, Savings Plans, Reserved Instances, Spot Instances, Trusted Advisor, S3 Intelligent-Tiering.

Pillar 6: Sustainability

Added in 2021, this pillar focuses on minimizing the environmental impact of running cloud workloads — primarily by maximizing resource efficiency and reducing energy consumption.

Key Principles

  • Understand the impact: Measure energy consumption and carbon footprint as part of architecture decisions.
  • Establish sustainability goals: Set targets for reducing the energy intensity of workloads over time.
  • Maximize utilization: Right-size workloads. A highly utilized instance is more energy-efficient than many small under-utilized ones.
  • Use managed services: Shared infrastructure at AWS-scale is more energy-efficient than isolated on-premises hardware.
  • Reduce downstream impact: Optimize content delivery so less data is transmitted per user interaction (compress images, use efficient formats).

The Well-Architected Tool

The AWS Well-Architected Tool walks through a series of questions about a workload across all six pillars and generates a report with:

  • High-Risk Issues (HRIs) — critical architectural gaps requiring immediate attention.
  • Medium-Risk Issues (MRIs) — important improvements to address.
  • Improvement plan — prioritized list of recommended changes with links to documentation.

Access: AWS Console → Well-Architected Tool → Define workload → Start review.

Architecture Patterns That Satisfy Multiple Pillars

Architecture DecisionPillars It Addresses
Deploy across 3 AZs with ALB + Auto ScalingReliability, Performance Efficiency
Use RDS Multi-AZ with automated backupsReliability, Operational Excellence
Encrypt all data with KMS, enable MFASecurity
Use Savings Plans for steady EC2 workloadsCost Optimization
Use Lambda instead of EC2 for sporadic tasksCost Optimization, Sustainability, Performance
Use CloudFront for global content deliveryPerformance Efficiency, Cost Optimization, Sustainability
Infrastructure deployed via CloudFormationOperational Excellence, Reliability, Security
Enable CloudTrail, GuardDuty, ConfigSecurity, Operational Excellence

Disaster Recovery Strategies

The Reliability pillar recommends designing for disaster recovery based on RTO and RPO requirements. AWS defines four DR strategies in order of cost and complexity:

CHEAP / SLOW ←─────────────────────────────────→ EXPENSIVE / FAST

[Backup &     [Pilot Light]   [Warm Standby]   [Multi-Site
  Restore]                                       Active/Active]
  RTO: hours  RTO: 10min-hrs  RTO: minutes      RTO: seconds
  RPO: hours  RPO: minutes    RPO: minutes      RPO: ~zero
  Cost: $     Cost: $$        Cost: $$$         Cost: $$$$

Summary

  • The AWS Well-Architected Framework evaluates cloud architectures across six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability.
  • Each pillar provides design principles and best practices that guide architectural decisions from day one.
  • The Well-Architected Tool provides a structured review process with actionable improvement recommendations.
  • Strong architectures address multiple pillars simultaneously — for example, Auto Scaling improves both Reliability and Cost Optimization.
  • Disaster recovery strategy choice (Backup & Restore → Multi-Site Active/Active) depends on the organization's acceptable RTO and RPO, balanced against cost.
Previous lessons
Back to courses

Leave a Comment