Well-Architected Framework principles and Azure best practices
Well-Architected Framework principles, reference architectures, and Azure best practices.
| Pillar | Focus | Key Question |
|---|---|---|
| Reliability | Resiliency, availability | Will it stay up? |
| Security | Protection, compliance | Is it safe? |
| Cost Optimization | Efficiency, value | Is it worth it? |
| Operational Excellence | Manageability, observability | Can we run it? |
| Performance Efficiency | Scalability, responsiveness | Is it fast enough? |
/health, /ready)| Principle | Implementation |
|---|---|
| Verify explicitly | Always authenticate/authorize |
| Least privilege | Minimal necessary permissions |
| Assume breach | Segment, encrypt, detect |
| Strategy | Impact |
|---|---|
| Right-size | Match SKU to workload |
| Reserved Instances | 40-72% savings |
| Spot VMs | 90% discount (interruptible) |
| Auto-shutdown | Dev/test off at night |
| Serverless | Pay per execution |
| Workload | Recommended |
|---|---|
| Steady-state web | App Service Premium |
| Event-driven | Azure Functions |
| Batch processing | Container Apps + KEDA |
| Big compute | Spot VMs + Batch |
| Dev/test | B-series VMs |
| Tier | Use Case | Cost |
|---|---|---|
| Hot | Frequent access | ~$0.02/GB |
| Cool | Infrequent (30+ days) | ~$0.01/GB |
| Archive | Rarely accessed | ~$0.002/GB |
| Tool | Best For |
|---|---|
| Bicep | Azure-native, declarative |
| Terraform | Multi-cloud, state management |
| ARM | Legacy (avoid for new) |
| Layer | Service |
|---|---|
| Logs | Log Analytics |
| Metrics | Azure Monitor |
| Traces | Application Insights |
| Alerts | Azure Alerts |
| Dashboards | Azure Workbooks |
| Service | Mechanism |
|---|---|
| App Service | Autoscale rules |
| Azure Functions | Event-driven automatic |
| AKS | HPA + Cluster Autoscaler |
| VMSS | Autoscale rules |
| Type | Use Case | Service |
|---|---|---|
| CDN | Static content | Azure Front Door |
| Distributed | Session, computed | Redis Cache |
| Local | Hot data | In-memory |
Internet → Front Door → App Service → Azure SQL + Redis
Internet → API Management → AKS → Cosmos DB + Service Bus
Events → Event Grid → Functions → Cosmos DB + Storage
| Series | Use Case |
|---|---|
| B-series | Dev/test (burstable) |
| D-series | Most production |
| E-series | Memory-optimized |
| F-series | Compute-optimized |
| Anti-Pattern | Fix |
|---|---|
| Monolithic deployment | Microservices or modular |
| Hardcoded config | App Configuration, Key Vault |
| Single region | Multi-region + Traffic Manager |
| Over-provisioned | Right-size + autoscale |
| No IaC | Bicep/Terraform everything |
| Tool | Use Case |
|---|---|
mcp_azure_mcp_cloudarchitect | Interactive architecture design |
mcp_azure_mcp_documentation | Search Azure docs |
mcp_azure_mcp_get_bestpractices | Code gen, deployment patterns |
| Service-specific tools | AKS, App Service, Functions, Cosmos, SQL |