Operational Excellence: ability to run and monitor systems to deliver business value.

  • Design Principles:

      + Perform operations as code.
      + Annotate documentation.
      + Make frequent, small, reversible changes.
      + Refine operations procedures frequently.
      + Learn from all operational failures.
  • Best Practices: Key AWS Services

      + Prepare: Use AWS Config rules to create standards for workloads.
      + Operate: Use Amazon CloudWatch to monitor operational health of a workload.
      + Evolve: Use Amazon ElasticSearch Service(ES) to analyze log data to gain actionable insights.

Security: ability to protect information, systems, and assets.

  • Design Principles:

      + Implement a strong identity foundation.
      + Enable traceability.
      + Apply security at all layers.
      + Automate security best practices.
      + Protect data in transit and at rest.
      + Keep people away from data.
      + Prepare for security events.
  • Best Practices: Key AWS Services

      + Identity and Access Management: Use IAM to securely control access to AWS Services and resources.
      + Detective Controls: Use AWS CloudTrail to record AWS APIs. Use Amazon GuardDuty to monitor malicious or unauthorized behavior.
      + Infrastructure Protection: 
          + Use Amazon VPC to run AWS services in a virtual network.
          + Use AWS Shield for DDoS mitigation.
          + Use AWS WAF as a web application firewall.
      + Data Protection: Use encryption capabilities to protect data in transit and at rest.
          + Use Amazon Macie to automatically discover, classify and protect sensitive data.
          + Use AWS KMS to create and control keys used for encryption.
      + Incident Response: CloudWatch events can be used to trigger automated responses.

Reliability: ability of a system to recover from infrastructure or service disruptions.

  • Design Principles:

      + Test recovery procedures.
      + Automatically recover from failure.
      + Scale horizontally to increase aggregate system availability.
      + Stop guessing capacity.
      + Manage change in automation.
  • Best Practices: Key AWS Services

      + Foundations: Use IAM, VPC, WAF, AWS Shield and Amazon GuardDuty to safeguard web applications.
      + Change Management:
          + Use AWS Config to record configuration changes.
          + Use Amazon AutoScaling to automate demand management for a deployed workload.
          + Use Amazon CloudWatch to aggregate log files from resources.
      + Failure Management:
          + User Amazon CloudFormation for using templates to create AWS resources.
          + Use Amazon S3 to keep backups.

Performance Efficiency: ability to use computing resources efficiently.

  • Design Principles:

      + Democratize advanced technologies.
      + Go global in minutes.
      + Use serverless architecture.
      + Experiment more often.
      + Mechanical sympathy.
  • Best Practices: AWS provides different services in compute, storage, network, monitoring and database domains.

Cost Optimization: ability to run systems to deliver business value at the lowest price point.

  • Design Principles:

      + Adopt a consumption model
      + Measure overall efficiency
      + Stop sending money on data center operations.
      + Analyze and attribute expenditure.
      + Use managed and application level services to reduce cost of ownership.
  • Best Practices: Key AWS Services

      + Expenditure Awareness:
          + Use AWS Cost Explorer to view and track usage in detail.
          + Use AWS Budgets to notify for usage or spend exceeding actual or forecasted budgeted amounts.
      + Cost-Effective Resources: Use CloudWatch or Trusted Advisor to help correct size of resources.
      + Matching supply and demand: Use AutoScaling to add or remove resources to match demand without overspending.
      + Optimizing over time.

Reference : AWS_Well-Architected_Framework