Do you need to be Well-Architected?
Whether you are just getting started on AWS from scratch or planning to migrate to AWS cloud services, it is important to build a secure, reliable, and efficient architecture around using AWS.
The AWS Well-Architected Tool (AWS WA Tool) is a cloud service that allows you to measure your architecture using AWS best practices in a consistent manner. The AWS WA Tool can be used to document and measure your workload following the AWS Well-Architected Framework’s best practices. In simple terms, it assists in the documentation of the architecture and makes recommendations for improvements.
AWS Solutions Architects have defined these best practices based on decades of experience designing solutions for a wide range of enterprise software. The framework establishes a standardized method for evaluating architectures and offers advice on how to create designs that grow with your demands over time.
There are five pillars that make up the AWS Well-Architected Framework.
The five pillars of the AWS Well-Architected framework
The operational excellence pillar gives the ability to successfully support the development and run workloads, acquire insight into operations, and constantly enhance supporting processes and procedures.
This includes the capacity to safeguard data, systems, and assets while utilizing cloud technologies to enhance security.
The reliability pillar refers to the workload’s ability to fulfill its intended purpose correctly and consistently when required. This includes the ability to run the workload and test it during its entire life-cycle.
The performance efficiency pillar expresses the capacity to efficiently use computing resources to meet system requirements and to retain that efficiency as demand and technology change.
The capacity to run systems in such a way that they provide commercial value at the lowest possible cost.
These pillars are recommended to be incorporated into your architecture in order to create a robust application infrastructure that is optimized for cost, security, and reliability.
Pros and Cons of using AWS WA Tool
- Delivers an action plan with step-by-step guidance on areas for improvement on the existing architecture
- Understand and manage the risks in the customer technology portfolio
- Support continuous improvement throughout the workload life-cycle
- Allows you to monitor the status of multiple workloads across your organization
- Generic guidelines. Does not provide specific AWS service remediations for each of the pillars
- There is a learning curve for beginners.
- Prone to human error, since the WA review is purely based on manual input.
- The questionnaire wizard is too subjective. It demands the same set of questions to every architecture and offers a generic risk assessment and improvement plan.
- Only supports exporting the generated data into PDF format.
Even though the AWS WAT is a great way to get aligned with AWS best practices, there are still some areas that need extensive coverage. As stated above in the cons section, the lack of providing remediations for each pillar is one of the major drawbacks of the AWS WA Tool.
In these circumstances, where you do not get the exact architectural review you want, you need the help of a third-party application that integrates AWS WA Tool and provides full visibility and context into the infrastructure.
Introducing PatchDuty — Automated Well-Architected Module
PatchDuty Automated Well-Architected Module was created to help cloud security consultants and administrators to tighten their own security controls using native AWS security services and features by automating the AWS WAT process.
PatchDuty automated well-architected reviews have the ability to complete the assessment within 10–15 minutes and provide the results in the form of reports. The AWS WAT provides only a general overview of the five pillars that were introduced earlier. For someone who is looking for a comprehensive review, the current AWS offering is insufficient. Here at PatchDuty, it provides up to 90% coverage for Security Pillar as well as partial coverage for other pillars.
PatchDuty uses the AWS WAF principles and tools to provide an all-inclusive review to its customers. Remediation templates is an interesting feature that it provides along with the automated WA review. A remediation template is an automatically generated configuration template that is provided to resolve the findings of the review. It supports AWS Cloudformation and AWS CLI at the moment.
Another excellent feature of PatchDuty is the aptitude to sync the assessment results with the respective AWS account. The user can upload the results to the AWS console with auto-completed notes. This is helpful for the customers because they get the chance to validate the already-existing workload answers against assessment results.
PatchDuty offers Well-Architected Framework reviews for businesses of any size. PatchDuty — Automated Well-Architected Reviews includes;
- A free trial that provides a one-time assessment license which gives the user the ability to import resources from AWS accounts and save configuration stacks.
- A one-time assessment that has unlimited assessments up to ten days. The user can use the remediation templates as well as export the assessment results.
- Ongoing protection that includes unlimited assessments, export, and remediation template usage facilities. This also contains the automated assessments feature.