Skip to content

Instantly share code, notes, and snippets.

@josephphyo
Last active April 12, 2020 09:14
Show Gist options
  • Save josephphyo/ca7c7afce8f89d3a5bbff1afa2ac1462 to your computer and use it in GitHub Desktop.
Save josephphyo/ca7c7afce8f89d3a5bbff1afa2ac1462 to your computer and use it in GitHub Desktop.
The 5 Pillars of the AWS Well-Architected Framework
1. Cost Effective Resource selection
2. Match Supply and demand
3. Awareness of spend
4. Optimize
<< Cost Effective Resource Selection >>
Provision to current needs with an eye to future.
Right Sizing.
Use data to choose purchase option. (on-demand or spot)
Optimize by Regions, AZ and Edge (global infrastructure)
Default to managed service.
Optimize data transfer.
<< Matching Supply and Demand >>
Pay only what you need
Demand based (ec2)
Buffer based (SQS ,SNS )
Time Based (Kinesis Stream)
<< Awareness of spend >>
Understand your stakeholders.
Implement the governance model (Cloudwatch metrics)
Attribute cost to team/project.
Tagging Strategy AWS Resources.
Track the lifecycle of resources.
<< Optimize >>
Align utilization with requirements.
Report and validate finding.
Evaluate the new services for value.
Continue push to new services.
1. Prepare (Forecast)
2. Operate (Automate)
3. Evolve (Learn)
<< Prepare >>
1. Prioritize
prioritize to align with business priorities.
What is the business goal.
What are the critical pieces need to meet that goal?
Any compliance restrictions and requirements.
Dependencies between services.
2. Design
Design your architecture to support business priorities.
Is the design observable?
Is the entire design code (IAC)?
Are you logs and actionable ?
3. Readiness
Workloads ready to go live ?
Processes consistent?
Operational code properly managed.
Test in place?
Anticipate failure
<< Operate >>
1. Operational Health
Ensure your workloads is actually working
Metrics indicate health of all services.
Metrics show overall health.
Are you monitoring business metrics too?
2. Responding to events
Be Ready!
Anticipate planned and unplanned events.
Respond in code.
Automate everything.
<< Evolve >>
Learn from success and failure.
Post event, have runbooks changed ?
Team evaluating their processes?
Test assumptions.
Experiment early.
Selection - Choice Services
Review - Make Sure your choice up and running
Monitoring - Make Sure continue running
Trade-off - Adjust for Performance
<< Selection >>
What type of compute is best suite?
Which Data Store is best suite?
Does your network design is complement compute and data store choices?
<< Review >>
Is Infrastructure is stored as code?
Are deployments is simple and automated?
Can benchmarks be taken automatically?
<< Monitoring >>
Use active and passive monitoring where appropriate.
Understand five phase of monitoring
Generation, Aggregation, Real-time processing, Storage, Analytics)
Create actionable metrics.
<< Trade-off >>
Will caching help?
Should you partition or shard your workloads ?
Can compression improve performance?
Buffer is option?
https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/
https://wellarchitectedlabs.com/
https://wa.aws.amazon.com/index.en.html
https://wa.aws.amazon.com/wat.pillars.wa-pillars.en.html
Limits (default & requested limits)
Networking (topology, bandwidth and latency)
Availability (Ensure your application is ready)
<< Limits >>
Are you planning beyond limits for a resource?
Will you scale past specific resource limits?
Can those limit be lifted?
Can you plan around those limits ?
<< Networking >>
IP Addressing.
Subnet Structure.
Resilient Topology.
Ability to handle sudden increased in traffic.
Provide consistent performance.
<< Availability >>
Can user access your application?
Deploy without issues?
Can you push issue to planned downtime?
Identity and Access
Detective Controls
Infrastructure Protection
Data Protection
Incident Response
<< Identity and Access >>
Who is allowed to do?
Are you applying "Least privileges" ?
Deny Root Access and full access.
Regularly review access and privileges
<< Detective Controls >>
capture and analyze logs
regularly audit control and configuration.
look for unauthorized and unexpected changes.
monitor workloads behaviour for abnormalities.
<< Infrastructure Protection >>
Establish trust boundaries.
Protect Network in/out
Protect all hosts
Configure service to meet security posture need
Enforce service level protection.
<< Data Protection >>
How sensitive is the data?
Who should be access, When ?
Encrypt in transit and at rest.
Backup
<< Incident Response ( While under attack ) >>
Do you have to plan to tag affected resources?
Adjust permission
redeploy to recover quickly?
Did you learn form incident and adjust?
<< Operational Excellence >>
- Does your architecture work?
All operation are code.
Documents is updated automatically because of code.
Make small changes you can rollback easily.
Iterate ... a lot.
Learn from failures and success.
<< Cost Optimization >>
- Spend only what you have to ...
Consumption Base Pricing (Pay what you actually use).
Measure efficiency (With Cloud Watch).
Let AWS do the work (mean Use RDS instead of creating own db instance).
<< Reliability Pillar >>
- Will this system is work consistently and recover quickly
Recover from issues automatically.
Scale Horizontally first for resiliency.
Reduce Idle Resources.
Increase Attack Surface (Extra Vulnerability).
Extra Cost.
Manage Change through automation.
<< Performance Efficiency >>
- Remove bottlenecks, reduce waste
Let AWS do the work (mean Use RDS instead of creating own db instance).
Reduce Latency through Region and Edge.
Serverless.
Experiment as new services are released.
Think users first not tech stacks.
<< Security >>
- Does system work only as intended ?
Identities have the least privileges required.
Know who did what when (CloudTrail).
Automate security tasks.
Encrypt data in transit and at rest.
Prepare for the worst.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment