AWS Well-Architected Framework: What Are the Best Practices?

Today’s businesses have largely gravitated towards utilizing cloud solutions for designing and running their workloads, as opposed to operating their networks in-house. According to some statistics, 61% of businesses use either one (34%) or two clouds (27%). Furthermore, 97% of IT leaders “still intend” to continue migration to the cloud by further expanding their cloud systems.

The cloud is no longer a novelty, it’s become an essential component for the storing, processing and utilization of data. Architecting on AWS is an approach many businesses take to integrate an easy, cost-efficient, timely and affordable solution. Other advantages include:

• Access to better insights from big data
• Flexibility and scalability
• Increased level of collaborative capabilities
• Improvement of business continuity and disaster recovery strategies

To ensure your company invests in best practices when migrating or expanding to AWS cloud solutions, you’ll want to have a thorough understanding of what the AWS Well-Architected Framework is, along with its key concepts. Once you have achieved this, by answering a few key questions, you can better ensure your organization’s architecture aligns with best practices. A large part of this includes understanding the fundamental concepts surrounding AWS architecture best practices.

Red River is a proud member of the AWS Managed Service Provider and Well-Architected Partner Program and can apply our expertise to help you achieve full migration or expansion of your AWS cloud solution. Let’s take a look at what the framework is and how the six pillars come together to help you make the best decisions.

What Is the AWS Well-Architected Framework?

AWS Well-Architected Framework comprises six pillars: Security, Cost Optimization, Reliability, Performance Efficiency, Operations Excellence and Sustainability.

Understanding the particulars of each pillar and how they apply to your architecture can help your organization’s decision-makers instill the best cloud solutions, make improvements and implement best practices while building your systems on AWS.

Here we’ll take a deeper dive into each of the framework’s components to help you understand the advantages and drawbacks of your company’s decisions, along with how Red River implements these when providing cloud services to our clients.

1. Security

The Security Pillar emphasizes protecting data and the systems running and storing it. Every organization should continuously look to improve its security posture. The methodology of the AWS Security Pillar includes the integrity and confidentiality of data, establishing controls to identify security events and managing user permissions. Click here to watch a video and learn more. 

Workload Assessment

To ensure our clients have implemented strong security measures, in accordance with AWS Security Pillar, Red River conducts a workload assessment to evaluate security processes and practices.

• Users have secure access to accessing AWS accounts
• Proper sign-in mechanisms are being utilized, including implementing strong password policies and using multi-factor authentications
• Applying the principles of least privileges to ensure users only have access to the segments in the system they need

Your Red River professional will also assign role-based and attribute-based access policies and enforce separation of duties.

Infrastructure Security

To optimize infrastructure security, Red River evaluates workload security. This includes the separation of layers using VPCs, subnets and other steps, along with implementing access control with security groups and network access control lists.

We also look for AWS native security services, including, but not limited to Shield, GuardDuty and Inspector. To ensure infrastructure security, we will perform OS hardening and patching to reduce the attack service, along with looking for the enablement of the AWS system manager.

Data Protection

Securing key management and certificate management is part of Red River’s process to ensure strong data protection. This, along with the encryption of data at rest and data in transit, will boost your organization’s security posture.

We’ll aim to secure access to your data and integrate strong authentication mechanisms to help achieve this goal. Additionally, as a part of this process, Red River will assess data lifecycle management policies and strategies of accessing, managing, retaining and decommissioning data.

Security is something no organization can afford to ignore. Red River prioritizes security to make certain our clients are operating under the most secure conditions and to accomplish this, we adhere to the elements associated with the Security Pillar.

2. Cost Optimization

Every business wants to get the most out of its budget and their technology is no exception. The cost optimization pillar focuses on circumventing unnecessary expenses. At Red River, we focus on several key areas, including:

• Conducting a usage awareness evaluation

• • Enabling resource visibility (utilization, costs, etc.)
  • Assessing resource tracking mechanisms
  • Evaluating dashboards, alerts, budgets and other cost management tools

• Decommissioning old resources

• • Evaluating backup data, log data, storage volumes, etc.
  • Enforcing lifecycle management policies
  • Reducing cloud sprawl

By doing this, Red River has saved about 30% annual consumption for some of our clients, which is significant.

• Performing a cloud workload review

• • Identifying cost-efficient options
  • Looking at current services and resources
  • Data transfer mechanisms (e.g. SSL & TLS processing can be offloaded)
  • Looking at other database choices to see if any are more cost efficient
  • Examining database and caching mechanisms

• Striving for optimization of services

• • Evaluating managed-platform services for savings

• Examining licensing options for potential savings (e.g., bring-your-own-license (BYOL)
• Conducting regular assessments for managed services customers

Red River understands you want to get the most out of your technology without wasteful spending, and we’ll do our best to ensure cost optimization of your tech assets.

3. Reliability

The Reliability Pillar puts a focus on ensuring workloads perform their intended functions and, if they don’t, ensures processes are put into place to recover quickly to meet usage demands. To achieve this, Red River will take steps to improve the reliability of your AWS system.

Foundation Assessment

While performing a foundation assessment, Red River will look at the highest availability of DNS routing, load balancers, etc., along with seeking to identify and eliminate any redundancies in VPN gateways or hybrid clouds. Our experts will also examine all network architectural choices, including but not limited to transit gateways and IP subnetting to make sure they’re optimized.

Click here to watch a video and learn more.

Workload Monitoring Assessment

As a part of the workload monitoring assessment, Red River will evaluate all logging in the monitoring controls, including the enablement of real-time processing and alerting. Additionally, we’ll review log aggregation, log processing and log analytics, along with an examination of lifecycle management.

Other components of the workload monitoring assessment include failure management, with Red River reviewing high availability architectures (multi-AZ deployments, multi-region deployments, self-healing services) and RPO and RTO requirements. We’ll ensure AWS backup occurs with storage, databases and file systems by configuring and auditing processes. We’ll also closely examine scheduling, retention policies, monitoring and disaster recovery options.

4. Performance Efficiency

To make certain your organization has established a structured and streamlined allocation of your IT and computing resources, Red River will test and evaluate the performance efficiency of your systems.

This includes assessing resource performance. As a part of this process, we’ll analyze and evaluate your deployed architecture, resources and services. Next, we’ll perform architectural validation. This includes:

• Validating your compute, storage, network and database choices/options
• Checking AWS-published reference architectures
• Evaluating for scalability

We’ll also perform a database assessment which will check any additional services. As a part of this process, the Red River team will apply their expertise. As necessary, we will:

• Do right sizing
• Make modifications to storage options
• Enable caching services

The efficiency of your networking environment is also essential. To improve the effectiveness of this aspect of your architecture, Red River will examine transit gateways to ensure they provide the best performance spans across multiple networks and evaluate the selection of appropriate regions.

Performance visibility is another vital component, and we’ll review services, including CloudWatch, Cloud Trail, Config and SNS, capturing performance metrics and sending alerts when parameters are outside the expected range.

For further performance improvement, we’ll review the integration with ticketing system to tackle incidents and other events, along with striving for continual improvement to review new services, design patterns and new product offerings.

Click here to watch a  video to learn more.

5. Operations Excellence

The Operational Excellence Pillar of the AWS Well-Architected Framework focuses on how systems are run and operated.  Red River will perform continuous ways to improve a system’s processes and procedures. Click here to watch a video and learn more.

Ways and Means

• Ensure the cloud workload runs smoothly
• Seamless modification for the environment
• Fully enabled operation insights
• Telemetry collection processes & mechanisms are reviewed for application, workload and user activity

Automation

Here, we use “as-a-code” methodology which includes infrastructure-as-code, Policy & Governance-as-code and Operations-as-code. We review tools and services used for automation version control. This ensures:

• Rapid updates to the workload occur
• Uniform implementations
• Consistent event response
• Minimization of human errors

Validate Operations

In this component, Red River will look at the separation of environments, including production, development and testing. We perform quality assurance to make sure any changes are made before they flow into the production workload and are handled in separate isolated environments.

Performance Indicators

Here we’ll assess metric setup, establish applicable baselines, put alerts on deviations and notify appropriate entities. In this segment, we also assess events, incidents and problem management processes. All are performed to confirm suitable actions are taken or triggered in the event something disrupts smooth operations.

6. Sustainability

In today’s increasingly digital-reliant world, sustainability is an important concept due to the waste generated across the globe. Everyone should do their part to reduce it. The Sustainability Pillar emphasizes minimizing the environmental impact of an organization’s cloud workloads. Red River will look at the following. Click here to watch a video and learn more.

Choice of cloud services

We’ll closely examine any long-term environmental and economic impacts, primarily focusing on efficiency and energy. Our assessment will consider unused and under-utilized workload components and if there is any potential for refactoring, retiring or other ways to reduce. We’ll also look to see if there are any possibilities to consolidate with other resources.

Data Services

When looking at data services, Red River will review an organization’s data classification policies, which include the following actions and decisions.

• Identifying data
• Utilizing lifecycle policies
• Archiving into an energy-efficient storage
• Decommission

Provisioning of block storage is also reviewed for elastic volumes as this minimizes a need for large initial provisioning.

Backup Storage

Backup is a critical process to ensure business continuity. As a part of our sustainability assessment, we’ll consider the following solutions.

• Deduplication of file and block level data
• Limit RAID only for meeting SLAs
• Adoption of shared storage services to avoid data duplications and reduce storage requirements

Choice of Instances

This part of the assessment validates the horizontal scaling of architecture, including autoscaling. It also integrates and evaluates stateless and fault tolerant architecture with spot-instances and spot-fleets.

Red River Can Help You Achieve Optimization

The Red River team is fully equipped to help your organization achieve optimization. By utilizing the six pillars of the AWS Well-Architected Framework and AWS best practices, we can ensure your cloud systems are running smoothly in the most cost-efficient way. As a member of the AWS Managed Service Provider and Well-Architected Partner Program, we possess deep AWS knowledge and know how to fine-tune your systems to be the best they can be. Click here to watch the video and learn more.

Ready to Get Started? Contact Red River Today

Red River is pleased to deliver you with these and other managed services. If you’d like to migrate to AWS or improve upon your existing system, we can help. Once you’re established, our team of experts can manage your AWS environment, giving you the ability to focus on your core competencies and grow your business. To schedule a consultation, contact us today.