Operational Excellence: ability to run and monitor systems to deliver business value.
-
Design Principles:
+ Perform operations as code. + Annotate documentation. + Make frequent, small, reversible changes. + Refine operations procedures frequently. + Learn from all operational failures.
-
Best Practices: Key AWS Services
+ Prepare: Use AWS Config rules to create standards for workloads. + Operate: Use Amazon CloudWatch to monitor operational health of a workload. + Evolve: Use Amazon ElasticSearch Service(ES) to analyze log data to gain actionable insights.
Security: ability to protect information, systems, and assets.
-
Design Principles:
+ Implement a strong identity foundation. + Enable traceability. + Apply security at all layers. + Automate security best practices. + Protect data in transit and at rest. + Keep people away from data. + Prepare for security events.
-
Best Practices: Key AWS Services
+ Identity and Access Management: Use IAM to securely control access to AWS Services and resources. + Detective Controls: Use AWS CloudTrail to record AWS APIs. Use Amazon GuardDuty to monitor malicious or unauthorized behavior. + Infrastructure Protection: + Use Amazon VPC to run AWS services in a virtual network. + Use AWS Shield for DDoS mitigation. + Use AWS WAF as a web application firewall. + Data Protection: Use encryption capabilities to protect data in transit and at rest. + Use Amazon Macie to automatically discover, classify and protect sensitive data. + Use AWS KMS to create and control keys used for encryption. + Incident Response: CloudWatch events can be used to trigger automated responses.
Reliability: ability of a system to recover from infrastructure or service disruptions.
-
Design Principles:
+ Test recovery procedures. + Automatically recover from failure. + Scale horizontally to increase aggregate system availability. + Stop guessing capacity. + Manage change in automation.
-
Best Practices: Key AWS Services
+ Foundations: Use IAM, VPC, WAF, AWS Shield and Amazon GuardDuty to safeguard web applications. + Change Management: + Use AWS Config to record configuration changes. + Use Amazon AutoScaling to automate demand management for a deployed workload. + Use Amazon CloudWatch to aggregate log files from resources. + Failure Management: + User Amazon CloudFormation for using templates to create AWS resources. + Use Amazon S3 to keep backups.
Performance Efficiency: ability to use computing resources efficiently.
-
Design Principles:
+ Democratize advanced technologies. + Go global in minutes. + Use serverless architecture. + Experiment more often. + Mechanical sympathy.
-
Best Practices: AWS provides different services in compute, storage, network, monitoring and database domains.
Cost Optimization: ability to run systems to deliver business value at the lowest price point.
-
Design Principles:
+ Adopt a consumption model + Measure overall efficiency + Stop sending money on data center operations. + Analyze and attribute expenditure. + Use managed and application level services to reduce cost of ownership.
-
Best Practices: Key AWS Services
+ Expenditure Awareness: + Use AWS Cost Explorer to view and track usage in detail. + Use AWS Budgets to notify for usage or spend exceeding actual or forecasted budgeted amounts. + Cost-Effective Resources: Use CloudWatch or Trusted Advisor to help correct size of resources. + Matching supply and demand: Use AutoScaling to add or remove resources to match demand without overspending. + Optimizing over time.
Reference : AWS_Well-Architected_Framework