AWS Well-Architected Framework

The Six Pillars

Pillar 1: Operational Excellence

Focus: Build and run workloads effectively while continuously improving processes.

8 Design Principles (expanded June 2024):

1. Organize teams around business outcomes
2. Implement observability for actionable insights
3. Safely automate where possible (with guardrails)
4. Make frequent, small, reversible changes
5. Refine operations procedures frequently
6. Anticipate failure — run simulations and game days
7. Learn from all operational events
8. Use managed services to reduce operational burden

Key Areas: Organization → Prepare → Operate → Evolve

Key Services: CloudWatch, Systems Manager, Config, EventBridge, Fault Injection Service, CloudFormation

Pillar 2: Security

Focus: Protect data, systems, and assets using cloud-native controls.

7 Design Principles:

1. Implement a strong identity foundation (least privilege, no long-term credentials)
2. Maintain traceability (real-time monitoring, auditing)
3. Apply security at all layers (defense in depth)
4. Automate security best practices (security as code)
5. Protect data in transit and at rest
6. Keep people away from data (minimize direct access)
7. Prepare for security events (incident response playbooks)

Key Areas: Identity & Access → Detection → Infrastructure Protection → Data Protection → Incident Response

Key Services: IAM, GuardDuty, Security Hub, CloudTrail, KMS, WAF, Shield, Secrets Manager, Macie

Pillar 3: Reliability

Focus: Ensure workloads perform their intended function correctly and consistently.

5 Design Principles:

1. Automatically recover from failure
2. Test recovery procedures
3. Scale horizontally to increase aggregate availability
4. Stop guessing capacity
5. Manage change through automation

Key Areas: Foundations → Workload Architecture → Change Management → Failure Management

Key Services: Route 53, ELB, Auto Scaling, SQS, Resilience Hub, Elastic Disaster Recovery, Fault Injection Service

Critical Rules:

• MUST design for multi-AZ deployments for all production stateful services
• MUST define and test RTO/RPO targets
• MUST implement health checks and automatic replacement of unhealthy instances
• SHOULD implement circuit breakers and retry with exponential backoff

Pillar 4: Performance Efficiency

Focus: Use computing resources efficiently as demand and technologies evolve.

5 Design Principles:

1. Democratize advanced technologies (consume as managed services)
2. Go global in minutes (multi-Region, edge)
3. Use serverless architectures
4. Experiment more often
5. Apply mechanical sympathy (match technology to access patterns)

Key Areas: Selection (Compute, Storage, Database, Networking) → Review → Monitoring → Trade-offs

Key Services: EC2 Graviton, Lambda, ECS/EKS, ElastiCache, DAX, CloudFront, DynamoDB, Aurora, Global Accelerator

Pillar 5: Cost Optimization

Focus: Achieve business value at the lowest price point.

5 Design Principles:

1. Implement Cloud Financial Management (FinOps)
2. Adopt a consumption model (pay only for what you use)
3. Measure overall efficiency (cost per business unit)
4. Stop spending on undifferentiated heavy lifting
5. Analyze and attribute expenditure (tagging, cost allocation)

Key Areas: Cloud Financial Management → Expenditure Awareness → Cost-Effective Resources → Demand/Supply Management → Optimization Over Time

Key Services: Cost Explorer, Budgets, Cost Optimization Hub, Compute Optimizer, Savings Plans, Spot Instances, Trusted Advisor

Pillar 6: Sustainability (added 2021)

Focus: Minimize environmental impact of cloud workloads.

6 Design Principles:

1. Understand your impact
2. Establish sustainability goals
3. Maximize utilization
4. Anticipate and adopt more efficient offerings
5. Use managed services
6. Reduce downstream impact

Key Areas: Region Selection → User Behavior → Software/Architecture Patterns → Data Patterns → Hardware Patterns → Development/Deployment Patterns

Key Strategies: Right-size compute, use Graviton (ARM) instances, S3 Lifecycle policies, serverless for variable workloads, eliminate idle resources

Well-Architected Reviews

A Well-Architected Review is a constructive conversation about architectural decisions, not an audit mechanism.

Three Phases

The Well-Architected Tool

• Free in the AWS Console — guides teams through pillar questions
• Tracks improvement plans and milestones over time
• Supports custom lenses for domain-specific evaluation
• Integrates with AWS Trusted Advisor for automated checks

Lenses

Lenses extend the framework for specific workload types or industries:

• SHOULD select the most relevant lens(es) for the workload type
• MAY create custom lenses to encode organization-specific architectural standards

Pillar Trade-off Guidance

Checklist

When conducting or preparing for a Well-Architected Review:

• Workload scope is clearly defined (not the entire organization)
• Relevant pillars and lenses have been selected
• Stakeholders from operations, security, development, and finance are involved
• Each pillar's design principles have been reviewed against the architecture
• High Risk Issues are identified, prioritized, and assigned to owners
• An improvement plan with milestones exists in the WA Tool
• Trade-offs between pillars are documented and accepted consciously
• The review is treated as a periodic practice, not a one-time event

Key References