Architecting on AWS:Best PracticesAsha Chakrabarty, AWS Solutions Architect

The AWS Well-Architected Framework

• Increase awareness of architectural best practices• Addresses foundational areas that are often

neglected • Consistent approach to evaluating architectures• Composed of:

• Pillars• Design principles• Questions

Pillars of Well-Architected

Security Reliability Performance Efficiency

Cost Optimization

Security

• The ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

• Data protection• Privilege management• Infrastructure protection• Detective controls

Security is shared between AWS and you

AWS Foundation ServicesCompute Storage Database Networking

AWS Global Infrastructure Regions

Availability Zones

Edge Locations

Client-side Data Encryption

Server-side Data Encryption

Network Traffic Protection

Platform, Applications, Identity & Access Management

Operating System, Network, & Firewall Configuration

Customer applications & contentCu

stom

ers

Customers have their choice of security configurations IN the Cloud

AWS is responsible for the security OFthe Cloud

Key AWS Services for Security• Data Protection:

- Elastic Load Balancer- Amazon EBS, Amazon S3, Amazon RDS, AWS KMS

• Privilege Management: - AWS IAM, MFA

• Infrastructure Protection: - Amazon VPC

• Detective Controls: - AWS CloudTrail- Amazon CloudWatch- AWS Config

Reliability

• The ability of a system to recover from infrastructure or service failures, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.

• Foundations• Change management• Failure management

Key AWS Services for Reliability• Foundations:

- AWS IAM- Amazon VPC

• Change Management: - AWS CloudTrail- AWS Config

• Failure Management: - AWS CloudFormation

Performance Efficiency

• The ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.

• Compute• Storage• Database• Go Global

Key AWS Services for Performance Efficiency• Compute: Auto Scaling • Storage:

- Amazon EBS- Amazon S3- Amazon Glacier

• Database: - Amazon RDS - Amazon DynamoDB

• Go Global: - Global presence with regions spanning the globe- Amazon CloudFront

Cost Optimization

• The ability to avoid or eliminate unneeded cost or suboptimal resources.

• Matched supply and demand • Cost-effective resources • Expenditure awareness• Optimizing over time

Key AWS Services for Cost Optimization• Matched supply and demand: Auto Scaling • Cost-effective resources:

- Reserved Instances (RI): prepaid capacity to reduce your cost- AWS Trusted Advisor: inspect your AWS environment and find

opportunities to save money. • Expenditure awareness:

- Amazon CloudWatch alarms - Amazon Simple Notification Service (SNS) notifications

• Optimizing over time: - The AWS Blog and What’s New section on the AWS website - AWS Trusted Advisor

Design Principles

• The Well-Architected Framework has identified a set of design principles to facilitate good design in the cloud:

• General design principles• Pillar-specific design principles

Automate responses to security events: Monitor and automatically trigger responses to event-driven, or condition-driven, alerts.

Questions

• A set of questions you can use to evaluate how well an architecture is aligned to AWS best practices.

Next Steps

• Read the whitepaper• Apply it to your architectures• Schedule time for an architectural review with

your Solutions Architect

Thank you!