This is the set of questions presented on The Well-Architected Framework whitepaper designed to evaluate how well your architecture is aligned with AWS best practices.
Security Pillar
Data Protection
- How are you encrypting and protecting your data at rest?
- How are you encrypting and protecting your data in transit?
Privilege Management
- How are you protecting access to and use of the AWS root account credentials?
- How are you defining roles and responsibilities of system users to control human access to the AWS Management Console and APIs?
- How are you limiting automated access (such as from applications, scripts, or third-party tools or services) to AWS resources?
- How are you managing keys and credentials?
Infrastructure Protection (from the VPC perspective)
- How are you enforcing network and host level boundary protection?
- How are you enforcing AWS service level protection?
- How are you protecting the integrity of the operating systems on your Amazon EC2 instances?
Detective Controls
- How are you capturing and analysing AWS logs?
Reliability Pillar
Foundations
- How are you managing AWS limits for your account?
- How are you planning your network topology on AWS?
- Do you have an escalation path to deal with technical issues?
Change Management
- How does your system adapt to changes in demand?
- How are you monitoring AWS resources?How are you executing change management?
Failure Management
- How are you backing up your data?
- How does your system withstand component failures?
- How are you planning for recovery?
Performance Efficiency
Compute
- How do you select the appropriate instance type for your system?
- How do you ensure that you continue to have the most appropriate instance type as new instances types and features are introduced?
- How do you monitor your instances post launch to ensure they are performing as expected?
- How do you ensure that the quantity of your instances matches demand?
Storage
- How do you select the appropriate storage solution for your system?
- How do you ensure that you continue to have the most appropriate storage solution as new storage solutions and features are launched?
- How do you monitor your storage solution to ensure it is performing as expected?
- How do you ensure that the capacity and throughput of your storage solutions matches demand?
Database
- How do you select the appropriate database solution for your system?
- How do you ensure that you continue to have the most appropriate database solution and features as new database solutions are launched?
- How do you monitor your databases to ensure performance is as expected?
- How do you ensure the capacity and throughput of your databases matches demand?
Space-time trade-off
- How do you select the appropriate proximity and caching solutions for your system?
- How do you ensure that you continue to have the most appropriate proximity and caching solutions as new solutions are launched?
- How do you monitor your proximity and caching solutions to ensure performance is as expected?
- How do you ensure that proximity and caching solutions you have matches demand?
Cost Optimisation
Matched Supply and Demand
- How do you make sure your capacity matches but does not substantially exceed what you need?
- How are you optimising your usage of AWS service?
Cost-effective ResoOurces
- Have you selected the appropriate resource types to meet your cost targets?
- Have you selected the appropriate pricing model to meet your cost targets?
- Are there managed services (higher level services than EC2, EBS and S3) that you can use to improve your ROI?
Expenditure Awareness
- What access controls and procedures do you have in place to govern AWS costs?
- How are you monitoring usage and spending?
- How do you decommission resources that you no longer need, or stop resources that are temporarily not needed?
- How do you consider data-transfer charges when designing your architecture?
Optimising Over Time
- How do you manage and/or consider the adoption of new services?
Operational Excellence
Preparation
- What best practices for cloud operations are you using?
- How are you doing configuration management for your workload?
Operations
- How are you evolving your workload while minimising the impact of changes?
- How do you monitor your workload to ensure it is operating as expected?
Responses
- How do you respond to unplanned operational events?
- How is escalation managed when responding to unplanned operational events?
2 thoughts on “The Well-Architected Framework Checklist”