The AWS environment is constantly changing. Cloud system engineers have to constantly adapt and add new instances, change security groups, and experience different AWS services to ensure the system meets user needs. So how do you ensure that your cloud infrastructure follows a fixed design standard, achieving business results while meeting the desired technical standards, and at the same time, optimize the costs! In this article, we will explore the basics of the AWS Well-Architected Framework.

AWS Well-Architected Framework Overview

AWS solution architects with years of accumulated experience have built solutions across virtually all vertical businesses, and at the same time, they review and evaluate the overall architecture. of thousands of customers on AWS.

From there, they identified the most optimal methods for deploying systems architecture in the cloud, called the AWS Well-Architected Framework.

AWS Well-Architected Framework brings the 05 pillars: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.

Operational Excellence Pillar – Well-Architected Framework

It is the ability to operate and monitor systems for business value and to continually improve supporting processes and procedures. Main topics revolve around automating changes, responding to events, and setting standards for managing day-to-day operations.

AWS offers best practices among the five design principles:

• Perform operations as code: You can write scripts to automate day-to-day operations and get responses only to events. In this way, you limit human error and allow a consistent response to events that unfold.

• Make frequent, small, reversible changes: Design workloads (with thorough documentation annotation) to allow one or more elements to be regularly updated. Make changes in small steps and always prepare a roll-back plan when possible.

• Refine operations procedures frequently: Always looking for opportunities to improve the process, develop operating procedures in the most appropriate way. And especially there must be reviews and verification sessions to see if the process is appropriate and well understood by everyone.

• Anticipate failure: Perform system tests to identify the source of possible errors to eliminate or minimize them. Test your response processes (event simulations can be used) to make sure the processes work effectively, and your team is used to doing them. If possible, systems should be deployed under the High Availability architecture to ensure availability, read more at Building High Availability architecture on AWS for enterprises: Compute, Database and Storage | VTI CLOUD

• Learn from all operational failures: Drive improvement through lessons learned from all operational events and failures. Share what is learned across teams and through the entire organization.

Security Pillar – Well-Architected Framework

Capable of protecting information, systems and assets, and delivering business value through mitigation and risk assessment strategies. When implementing security on cloud architecture, Amazon proposes six design principles:

• Implement a strong identity foundation: Implement the principle of least privilege and enforce segregation of tasks with the appropriate authorization for each interaction with an AWS resource.

• Enable traceability: Track, alert, check environmental actions, and changes in real-time. Integrate log and data collection with systems to automatically investigate and perform response actions.

• Apply security at all layers: Apply a defense in depth approach with multiple security controls. Apply to all layers (for example, the edge of the network, VPC, load balancing, every instance and compute service, operating system, application, and code).

• Automate security best practices: Create a secure architecture that involves the implementation of defined controls and managed as code in version-controlled templates.

• Protect data in transit and at rest: Classify your data into levels of sensitivity and use mechanisms, such as encryption, encryption, and access control, where appropriate.

• Keep people away from data and prepare for security events: Use mechanisms and tools to reduce or eliminate the need to directly access or process data. This reduces the risk of mishandling or modification and human error when handling sensitive data.

Reliability Pillar – Well-Architected Framework

Ensuring that the system is resilient from infrastructure or service disruptions, meeting resource recovery needs, and minimizing network disruptions and failures. To increase reliability, AWS recommends:

• Test recovery procedures: By tracking workloads for Key Performance Indicators, you can enable automation when a threshold is breached.

• Automatically recover from failure: Checks for system failures (simulations can be used) and validates existing recovery procedures, thereby minimizing the risk of real problems occurring.

• Scale horizontally: Replace a large resource with many small resources to reduce the impact of a single error on the overall workload.

• Stop guessing capacity: Track demand and workload usage, and automate resource additions or removals to maintain optimum levels to meet demand without oversupply or undersupply.

• Manage change in automation: The use of automation is encouraged to make adjustments in the system, but it is important to monitor and evaluate these adjustments.

Performance Efficiency Pillar – Well-Architected Framework

Make optimal use of resources to meet requirements as needs change and as technology evolves. To achieve operational efficiency, there are five best practice principles:

• Using solutions managed by cloud providers: Instead of investing in people to learn and master the technology, IT teams should focus on products, not on administration and supervision. Infrastructure

• Go global in minutes: Deploying your workload in multiple Regions around the world allows you to deliver lower latency and a better experience for your customers at a minimal cost.

• Use serverless architectures: Helps you to quickly deploy your system in multiple regions and eliminate the need to run and maintain servers in the traditional way.

• Use the technology approach best suited to common goals. For example, you might consider ways to access data when selecting a database or storage area.

Cost Optimization Pillar – Well-Architected Framework

The ability to run systems to deliver business value at the lowest price possible. For the lowest cost optimization, here are the guidelines are given:

• Adopt a consumption model: Pay only for the computing resources you use, and increase or decrease usage depending on business requirements. For example, disabling dev instances during idle time.

• Implement cloud financial management: Enterprises must spend time and resources to consolidate their capacity in mastering new technologies and the ability to administer these technologies, in order to optimize investment costs.

• Stop spending money on undifferentiated heavy lifting: Instead of having to spend expenses such as maintaining rack, server, power supply, etc., you can use the cost for other projects or boost your business.

• Measure overall efficiency: Calculate the output of the business to determine the appropriate level of investment, thereby reducing excess costs.

• Analyze and attribute expenditure: The cloud makes it easier to accurately determine costs and workload usage, and then enables a clear allocation of IT costs across revenue streams. This helps to measure return on investment (ROI) and gives owners the opportunity to optimize their resources and reduce costs.

Why Well-Architected Framework and not a SOC, ISO, or any other standard?

Unlike other well-established security standards, Well-Architected Framework deals with architectural best practices, cost-effectiveness that other traditional disciplines cannot evaluate.

VTI Cloud proposes the AWS Well-Architected Framework because this standard systemizes and consolidates best practices on ITIL, Agile, and DevOps into one standard. It covers more than just building a good AWS architecture.

VTI Cloud has full knowledge and experience to be able to evaluate, consult, and operate different systems of many customers according to AWS Well-Architected Review. The refinement following VTI Cloud assessments will help businesses achieve business results while optimizing the costs of the system. In addition, AWS Well-Architected Framework also shows how to operate and maintain the system to ensure stability, high reliability, and optimal performance over the long term.

About VTI Cloud

VTI Cloud is an Advanced Consulting Partner of AWS Vietnam with a team of over 50+ AWS certified solution engineers. With the desire to support customers in the journey of digital transformation and migration to the AWS cloud, VTI Cloud is proud to be a pioneer in consulting solutions, developing software, and deploying AWS infrastructure to customers in Vietnam and Japan.

Building safe, high-performance, flexible, and cost-effective architectures for customers is VTI Cloud’s leading mission in enterprise technology mission.