Building Better on AWS With the Enhanced AWS Well-Architected Framework

The cloud has revolutionized how businesses operate, and AWS, a pioneer in the field, continues to refine its offerings to empower users. A core component of this mission is the ever-evolving AWS Well-Architected Framework. This framework provides a prescriptive approach to building secure, high-performing, resilient, and cost-optimized cloud architectures.

This blog dives into the recent enhancements to the AWS Well-Architected Framework, exploring how these updates can empower you to build even better on AWS.

The Well-Architected Framework

The AWS Well-Architected Framework is a collection of best practices organized into six pillars:

• Security: Protecting your applications, data, and infrastructure.
• Reliability: Building fault-tolerant architectures that can withstand disruptions.
• Performance efficiency: Optimizing resources to deliver the best user experience.
• Cost optimization: Controlling your cloud spending without compromising performance.
• Operational excellence: Streamlining operations and facilitating continuous improvement.
• Sustainability: Designing for environmental responsibility and resource efficiency.

By following these pillars, you can ensure your AWS deployments are secure, scalable, and cost-effective. 

Building on a Solid Foundation: Recent Enhancements to the Framework

The AWS Well-Architected Framework is constantly evolving to reflect the latest advancements in cloud technology. Here's a closer look at some of the exciting new features:

• Profiles: These customizable profiles allow you to tailor the Well-Architected Framework to your specific needs. Define your organization's priorities, industry regulations, and security requirements to create a focused review process.
• Review templates: Standardize your cloud architecture reviews with pre-built or custom templates. These templates ensure consistency and efficiency across your teams.
• Enhanced AWS trusted advisor integration: Leverage the power of AWS Trusted Advisor directly within the Well-Architected Tool. Identify potential issues and optimize your costs with a seamless workflow.
• Jira integration: Streamline your Well-Architected reviews by integrating with Jira. This allows you to create Jira tickets directly from identified improvement opportunities within the Well-Architected Tool.

Let’s Dive Into How to Leverage These New Features

1. Profiles

Profiles creation context-based examples: Here are some context-based examples for the AWS Well-Architected Framework's Profile creation feature: 

Scenario 1: E-Commerce Startup Example

• Context: A new e-commerce startup is experiencing rapid growth and needs to ensure its AWS infrastructure can scale efficiently and handle high traffic loads. Security is also a top priority as they deal with customer data.
• Profile creation: The startup can create a profile in the AWS Well-Architected Tool that prioritizes questions related to the Performance Efficiency and Security pillars of the Well-Architected Framework. When this profile is applied to their workload review, they will see a prioritized list of questions that focus on optimizing their infrastructure for scalability and robust security practices.

Scenario 2: Healthcare Provider Example

• Context: A large hospital wants to migrate its patient data to the cloud while ensuring the strictest patient privacy and data compliance regulations are met.
• Profile creation: The hospital can create a profile that prioritizes the Security and Compliance pillars. This profile, when linked to their workload review, will present them with security best practices and specific Well-Architected questions to ensure they meet all compliance regulations for healthcare data.

Scenario 3: Financial Services Company Example

• Context: A bank is looking to improve the overall resilience of its critical applications running on AWS. They want to minimize downtime and ensure disaster recovery capabilities.
• Profile creation: The bank can create a profile focused on the Reliability pillar. When applied to their workload, the AWS Well-Architected Tool will prioritize questions related to redundancy, fault tolerance, and disaster recovery planning, helping them ensure their applications are highly available.

Creating Profiles: Walkthrough

• Go to the AWS Management Console and navigate to the Well-Architected Tool.
• Click on "Create profile."

• Provide a name and description for your profile.
• Select the relevant Profile questions and click on Save.

• Choose the Well-Architected Framework lens (Security, Performance, Cost, Reliability, or Sustainability) you want to prioritize.
• Optionally, define custom questions specific to your organization's needs.

2. Review Templates

Creating review templates context-based examples: The AWS Well-Architected Tool's Review Templates feature streamlines the workload review process by allowing pre-populated answers for commonly encountered questions. Here are some examples of how this feature can be applied in various contexts:

Scenario 1: Standardizing Security Reviews Across Different Teams

Template Name: Security Baseline for Web Applications

Pre-Populated Answers

• Question: Are all web servers running the latest security patches? (Yes/No/Not Applicable)
• Question: Is Multi-Factor Authentication (MFA) enabled for all administrative access? (Yes/No/Not Applicable)
• Question: Are web application firewalls (WAF) deployed to protect against common web attacks? (Yes/No/Not Applicable)

This template ensures that different development teams within an organization implement consistent baseline security measures for all web applications.

Scenario 2: Optimizing Cost Reviews for Different Resource Types

Template Name: EC2 Instance Cost Optimization

Pre-Populated Answers

• Question: Is Amazon EC2 Spot Instances a viable option for this workload considering its fault tolerance requirements? (Yes/No/Needs Investigation)
• Question: Are there any unused EC2 instances that can be stopped or terminated? (Yes/No/Needs Investigation)
• Question: Is hibernation enabled for suitable workloads to reduce costs? (Yes/No/Not Applicable)

This template is used for workloads running on EC2 instances, prompting reviewers to identify cost-saving opportunities specific to this resource type.

Scenario 3: Maintaining Compliance for Regulated Industries

Template Name: HIPAA Compliance Checklist for Healthcare Applications

Pre-Populated Answers

• Question: Are all data encryption protocols compliant with HIPAA regulations? (Yes/No/Needs Investigation)
• Question: Are there documented procedures for access control and data auditing? (Yes/No/Needs Investigation)
• Question: Is there a Business Associate Agreement (BAA) in place with all relevant AWS services? (Yes/No/Needs Investigation)

This template assists organizations in healthcare or other regulated industries in ensuring their workloads comply with specific regulatory requirements.

Creating Review Templates: Walkthrough

• Within your chosen profile, navigate to "Review templates."
• Click on "Create template."

• Give your template a name and description.
• Select and apply the relevant Well-Architected Framework Lenses along with the default AWS Well-Architected Framework Lens.

• Click on Create Template.

3. Trusted Advisor Integration

Trusted advisor integration context-based examples: Here are some context-based examples for the AWS Well-Architected Framework Feature "Trusted Advisor Integration":

Scenario 1: Cost Optimization for an E-Commerce Website

You're running a high-traffic e-commerce website on AWS. During a Well-Architected Framework Review (WAFR) using the Well-Architected Tool, you're focusing on the Cost Optimization pillar.

The tool integrates with Trusted Advisor, which surfaces specific recommendations based on your resource configuration. For example, Trusted Advisor might identify underutilized EC2 instances or unused Elastic Block Store (EBS) volumes.

With this insight, you can right-size your EC2 instances or delete unnecessary EBS volumes, directly reducing your cloud bill.

Scenario 2: Improving Security for a Healthcare Application

You're building a healthcare application that stores sensitive patient data. Security is paramount.

The WAFR process, with Trusted Advisor integration, highlights best practices for securing your application. Trusted Advisor might recommend enabling encryption for S3 buckets storing patient data or using Amazon Inspector to identify security vulnerabilities in your application code.

By following these recommendations, you can strengthen your security posture and ensure patient data privacy.

Scenario 3: Enhancing Reliability of a Mission-Critical Application

Your company relies on a mission-critical application running on AWS. High availability and disaster recovery are crucial.

During a WAFR, the integration with Trusted Advisor reveals that your application relies on a single Availability Zone (AZ). Trusted Advisor suggests creating an Auto Scaling group with instances spread across multiple AZs for redundancy.

Implementing this recommendation improves the application's fault tolerance and ensures it remains operational even if one AZ experiences an outage.

Trusted Advisor Integration: Walkthrough

• Go to the AWS Management Console and navigate to the Well-Architected Tool.
• Click on Define a workload.

• Under Specify Properties, select the checkbox Activate Trusted Advisor from the section “AWS Trusted Advisor”.

• Within your Well-Architected workload review, navigate to the "Trusted Advisor Checks" tab.
• This section will display relevant Trusted Advisor checks for your chosen AWS Account.
• You can directly address potential issues identified by Trusted Advisor within the Well-Architected Tool.

4. JIRA Integration

JIRA integration context-based examples: here's a context-based example focusing on streamlining Well-Architected reviews with Jira integration. 

Scenario 1: Large E-Commerce Platform

• Context: A large e-commerce platform conducts regular Well-Architected reviews to ensure optimal performance and scalability during peak seasons.
• Challenge: Manually tracking improvement opportunities from Well-Architected reviews within separate spreadsheets or documents becomes cumbersome and error-prone.
• Solution: The platform integrates Jira with the Well-Architected Tool. During a review, identified improvement opportunities for security best practices (e.g., enabling multi-factor authentication) are automatically converted into Jira tickets.
• Benefit: The team can leverage Jira's robust workflow management features to assign tickets to security engineers, track progress, and ensure timely remediation. This streamlines the improvement process and reduces the risk of missed opportunities.

Scenario 2: Rapidly Growing FinTech Startup

• Context: A fast-growing Fintech startup prioritizes agility and secure infrastructure on AWS.
• Challenge: As the startup scales, managing improvement backlogs from Well-Architected reviews becomes difficult, leading to potential delays in addressing critical security or cost optimization opportunities.
• Solution: The startup integrates Jira with the Well-Architected Tool. When a review identifies the need to improve cost optimization (e.g., utilizing reserved instances for predictable workloads), a Jira ticket is automatically created.
• Benefit: The finance team can leverage Jira's prioritization and reporting features to analyze cost-saving opportunities and integrate them seamlessly with their financial planning process. This ensures cost-efficiency remains a focus alongside rapid growth. 

Scenario 3: Multi-Cloud Healthcare Provider

• Context: A healthcare provider operates a hybrid cloud environment with a mix of AWS and on-premises infrastructure.
• Challenge: Maintaining consistent security best practices across both AWS and on-premises environments requires a unified approach to tracking improvement opportunities.
• Solution: The provider integrates Jira with the Well-Architected Tool. During a review that identifies the need for improved data encryption (both at rest and in transit), Jira tickets are automatically generated.
• Benefit: The IT security team can leverage Jira to track remediation efforts across the entire infrastructure, ensuring a consistent level of data protection for sensitive patient information. This simplifies compliance efforts and reduces security risks.

These examples showcase how Jira integration with the Well-Architected Tool streamlines the process of identifying, prioritizing, and implementing improvements identified during Well-Architected reviews.

Jira Integration: Walkthrough

Prerequisites:

• An AWS Account with access to the Well-Architected Tool.
• An active Jira account with administrative privileges.

Access the AWS Well-Architected Tool Settings:

• Go to the AWS Management Console and navigate to the Well-Architected Tool.
• Click on the name of your workload or select the workload you want to integrate with Jira.

Enable Jira Integration:

• In the workload settings, locate the "Jira account syncing" section.

• Click the "Connect Jira Account" button. This will redirect you to the Atlassian Marketplace website.

Install the Connector App in Jira

• On the Atlassian Marketplace website, search for the "AWS Well-Architected Tool Connector for Jira" app.
• Click "Get it now" to install the app in your Jira instance.

Connect Your AWS Account

• Once installed, navigate to the "Manage apps" section within your Jira account.
• Locate the "AWS Well-Architected Tool Connector" app and click "Configure."
• Click "Get Started" and then "Connect a new AWS Account."
• Provide the necessary AWS credentials with permissions to access the Well-Architected Tool.

Configure Synchronization Settings (Optional)

• The connector offers customization options for how risks are synced between the Well-Architected Tool and Jira.
• You can choose to:
  • Manually sync risks
  • Automatically create Jira tickets for identified risks

Using the Integration

• After successful configuration, any risks identified during a Well-Architected Review will be reflected in Jira.
• You can access these risks within your Jira project and manage them using your existing Jira workflow.
• The integration allows you to track progress on addressing identified risks and ensure a smooth remediation process. 

Benefits of Using the Enhanced Framework

These enhancements offer a range of benefits for organizations building on AWS:

• Increased efficiency: Profiles, templates, and integrations streamline the Well-Architected Review process, saving you valuable time and resources.
• Improved consistency: Standardized approaches through profiles and templates ensure consistent best practices across your AWS deployments.
• Enhanced collaboration: Integrate Well-Architected Reviews into your existing project management tools (like Jira) for seamless collaboration across teams.
• Actionable insights: Gain deeper insights from AWS Trusted Advisor directly within the Well-Architected Tool, enabling you to prioritize improvements effectively.

Conclusion

The enhanced AWS Well-Architected Framework empowers you to build and maintain robust, secure, and cost-effective cloud architectures on AWS. With its focus on best practices, automation, and continuous improvement, the framework provides a roadmap for building excellence on AWS.

Ready To Get Started?

Explore the enhanced AWS Well-Architected Framework today! AWS provides a wealth of resources to help you get started, including documentation, training, and the free Well-Architected Tool. 

Head over to the AWS Well-Architected Framework documentation to learn more and start building better on AWS!