In a traditional hosting environment, you have to guess infrastructure needs, usually couldn’t afford to test at scale, could not justify experiments, sometimes have a fear of change, and could easily face with an architecture that was frozen in time. By migrating to the cloud you can overcome these issues, but how do you know that the practices you follow leverages these advantages.
The AWS Well-Architected Framework provides design principles that ensure that your cloud environment is built efficiently, securely and is high-performing and resilient. 👌
The AWS Well-Architected Framework consists of six pillars:
- ⚙️ Operational excellence
- 🔒 Security
- ⛓️ Reliability
- 🚀 Performance efficiency
- 💸 Cost optimization
- 🌳 Sustainability
In this blog post, I will present a method on how to test your cloud environment against the Security and Reliability pillars of the AWS Well-Architected Framework.
🔒 The Security pillar focuses on the ability to protect information, systems, and assets while delivering business value through risk assessments and migration strategies.
⛓️ The Reliability pillar focuses on the ability to recover from failures and meet demand in foundations, workload architecture, change, and failure management.
AWS Systems Manager is the go-to place to gain operational insights into AWS. Here on the Quick Setup page, we can select Conformance Packs. But let’s not run so far ahead since we need to prepare our environment first. Without that the tests will fail with a not so useful error message. 🤷♂️
To prepare our environment we have to enable Config Recording. We can enable this by going to AWS Config and selecting 1-click setup. This will record all resources (excluding global resources) set an AWS Config role and create an S3 bucket. If you would like to fine-tune which resources you would like to record, select or create a specific role or choose a specific S3 bucket select Get started instead. Once recording is enabled we can go back to Systems Manager.
In the Conformance Packs configuration screen, we can select if we would like to check for operational best practices for the AWS Well-Architected Framework Reliability or Security pillars or both. We can schedule when to run the configuration and select our region. Once the pack is deployed the tests usually take a couple of minutes to run. ⏲️
AWS Config will show the results grouped by AWS services.
Clicking on an issue shows a detailed explanation.
Pricing is based on the number of conformance pack evaluations. While AWS currently doesn’t show how many evaluations are in each pillar it’s hard to get the exact number without running it. It would be nice if AWS would have fixed pricing for Operational Best Practices conformance packs. AWS Config has a pricing example on their website that shows a total config bill.
The AWS Well-Architected Framework is a great and unique feature of AWS that differentiates itself from other cloud providers and I don’t see why it’s not yet included in the AWS Free Tier. Having a healthy cloud environment is good both for AWS and for the customer. 👍