Skip to content

WAF

  • AWS Well-Architected Framework
  • Follows certain design principles and best practices within 5 pillars
  • Key AWS services: CloudFormation (op-as-code), CloudWatch/CloudTrail (monitor), ElasticSearch (improvement opportunities)

Operational Excellence

  • Design principles
    • Perform operations as code
    • Annotate documentation
    • Make frequent, small, reversible changes
    • refine operations procedures frequently
    • Anticipate failures (pre-mortem)
    • Learn from failures
  • Best practices
    • Prepare: goals: design workloads with mechanisms to monitor, validate
    • Operate: define success criteria, health measurement, establish baselines
    • Evolve: continuous, incremental improvement

Security

  • Design Principles
    • strong identity foundation: principle of least privilege, separation of duty
    • traceability: monitor, alert, audit
    • secure all layers: (instead of just the outer layer), secure edge network, VPC, subnet, LB, instance, OS, Apps
    • automate: use policies and controls as code
    • keep people and data separate: no direct access to or manual processing of data
    • incident management: have a process for reporting and mitigating security incidents
  • Best practices
    • IAM: Authenticate and authorize, Use AWS IAM
    • Detective controls: log, events processing and monitoring => CloudTrail, CloudWatch, S3 logs, API logs
    • Infrastructure protection: Use VPC controls for networks; Use compute resource config (EC2/ECS/Beanstalk)
    • Data protection: Use encryption and versioning
    • Incident response:

Reliability

  • Ability to recover from infra, service, capacity failures
  • Design Principles
    • test recovery procedures:
    • automate: monitor KPIs and trigger recovery
    • scale horizontally: HA
    • enough capacity: let cloud ensure capacity to prevent capacity related failures (eg. DOS)
    • change automation: changes should be automated
  • Best practices
    • Foundations: manage service limits (from under/over provisioning) and network topology using IAM and VPC
    • Change mgt: elasticity (for auto scale), logs (for failure detection)
    • Failure mgt: have backups with MTTR (mean time to recover) and RPO (recovery point objectives)

Performance Efficiency

  • using computing resources efficiently with changes in demand and technologies
  • Design Principles
    • democratize advanced technologies: let cloud manage advanced technologies (eg. NoSQL DB, transcoding)
    • easy globalization: use cloud to expand easily
    • serverless architecture: services make efficient use of resources
    • experiment: try alternate resources (such as storage, computer) easily
    • mechanical sympathy: pick best technology (e.g. pick right DB platform)
  • Best practices
    • Selection: computer/storage/database/network. , choose best tech for the need (e.g. pick fully managed dynamoDB for low latency)
    • Review: read AWS blogs to constantly look for better solutions
    • Monitoring: AWS CloudWatch to monitor performance
    • Tradeoffs: ElastiCache, CloudFront to increase performance. Use read-replicas in RDS

Cost Optimization

  • using computing resources efficiently with changes in demand and technologies
  • Design Principles
    • adopt a consumption model: (vs capacity model), pay only what you consume
    • measure efficiency: measure business output v/s cost to deliver it
    • avoid data-center ops: focus on business customers instead of IT infrastructure
    • used managed service or application: such as databases to reduce TCO
  • Best practices
    • Expenditure awareness: AWS Cost Explorer to track exact spending, AWS Budget to set up notifications
    • Cost effective resources: choose right resource, e.g. CPU optimized EC2 instance might be right, use spot/reserved instances
    • Match supply and demand: use Auto Scaling, lambda
    • Optimize over time: Be informed about new AWS services, consult AWS trusted advisor