Good infrastructure practices in AWS. Introducing the AWS Well-Architected Framework (WAF).
AWS infrastructure best practices and its 6 Pillars.
What is the AWS Well-Architected Framework, or in English, the framework of good infrastructure practices in AWS.
AWS infrastructure best practices are based on 6 pillars:
1 Operational excellence.
2. Safety.
3. Reliability.
4. Cost optimization.
5. Efficient performance.
6. Cloud sustainability.
These 6 pillars combined with the best practices of an AWS infrastructure best practices framework aim to:
- Optimize connections and communication between application components, making the application scalable and efficient to business needs.
- Identify risks in the cloud ecosystem technology created to help companies with potential failures.
AWS has a framework resulting from all its years of experience that facilitates the diagnosis, efficiency and rapid recovery of the entire ecosystem created in the cloud by companies. The framework pursues:
- Use only as much capacity as your workload requires
- Test workloads and applications at production scale before deploying them in production.
- Create an architecture that constantly evolves and adapts to the business.
- Leverage one of the great advantages of DevOps, the automation of processes to free up man hours to think all the time about how to improve.
- Create an architecture based on data already obtained and data to be obtained.
- Schedule event simulations to help improve infrastructure based on the outcome.
At its core, the AWS Well-Architected Framework wants to create an environment that is:
Stable,
Efficient,
And easily scalable.
Let’s take a deeper dive into the 6 pillars of good infrastructure practices in AWS:
This pillar brings operations teams together with sales and customer teams to create apps that support production workloads without stress. This requires an understanding of the risks, potential changes and business objectives.
Each team member must understand the importance of their role in managing workloads, their behavior and focus on the development decisions that will make operations a success.
This pillar also holds that workloads should be designed to:
- Easily display information about your job statistics
- Enable mechanisms that aid rapid feedback, recovery and refactoring.
2. Security
Establish mechanisms to help protect systems, data and assets. Fundamentally, good architectural security revolves around seven design principles:
- Enforce registration and monitoring for traceability.
- Use multiple security controls to ensure security at all layers of the application.
- Automate security best practices.
- Protect data both in storage and in transit.
- Adopt an incident management policy.
- Implement a solid security foundation.
The adoption of an Identity and Access Management (IAM) policy is essential to ensure that only the right users can access the allowed resources. A IAM policy manages security by implementing an authentication and authorization layer.
In addition, it is also crucial to implement multi-layered security and control methodologies that enforce the protection of the entire infrastructure. Enact data protection for application users with a variety of mechanisms, such as:
- Versioning
- Start-up session
- Rugged storage
- Keys
- Regional isolation
Of course, implementing end-to-end security is much deeper than implementing a user authentication capability. As a result, it is strongly recommended to create detection controls and event notifications that help identify and stop security incidents at an early stage.
You may also choose to take advantage of the benefits of available AWS tools that provide incident response mechanisms, such as:
- AWS Cloudformation
- Registration services
3. Reliability
A well-architected framework defines the mechanisms that help an application handle workloads accurately and consistently.
The system architecture must be able to prevent and respond to failures automatically. Design principles for a reliable system include:
- Automate recovery.
- Distribute workloads and requests to eliminate the single point of failure.
- Use only the capacity you need for your production workload.
- Test incidents and recovery procedures.
- Manage automation changes.
The infrastructure foundation must be planned correctly to handle current and future workloads. This implies that the design and architecture must be defined in anticipation of workload behavior. Service limits and resource quotas should also be leveraged to guide the deployment of environment workloads. Once the services are deployed and running, the framework must enable efficient performance and availability monitoring to avoid downtime or performance failures. To further ensure the reliability of the application, the framework strongly recommends to have regular:
- KPI tracking.
- Data backup.
- Test your recovery processes
To improve the return on your investment in your business infrastructure, it is important to keep these cost optimization pillars in mind:
- Integrate Cloud Financial Management into the overall business objectives of the organization.
- Pay only for the resources your application requires.
- Always monitor the efficiency of your application (performance vs. cost).
- Outsource managed services and operating systems to AWS.
Cloud financial management tools such as AWS QuickSight, Cost & Usage Report (CUR) and Cost Explorer offer significant advantages for monitoring your company’s cloud costs. These tools also create discipline, creating an organization-wide awareness of cloud spending and usage.
A key conclusion of this pillar is that it also recommends using only those resources that are appropriate for cost-effective workload management. An organization must constantly evolve its cost optimization policy to take advantage of new services and features within the cloud landscape to reduce costs.
This pillar guides the effective use of IT resources to meet system and business requirements. Some of the design principles that guide performance efficiency are:
- Delegate complex tasks to external suppliers who have the necessary skills to implement advanced technology easily, e.g. BigCheese (us).
- Deploy multi-region workloads to reduce latency and lower deployment costs.
- Test and experiment frequently to take advantage of virtual resources.
- Use serverless functions whenever possible.
When selecting the infrastructure and architecture for your application, take a data-driven approach while exploring multiple available options before settling on the most efficient one. This exercise is not a one-time task. Combine multiple approaches and keep reviewing the latest technologies to find an optimal solution.
Finally, implement policies and procedures to monitor the performance of workloads that flag problems before they affect usability.
Cloud sustainability is an ongoing effort focused primarily on energy reduction and efficiency in all components of a workload by achieving the maximum benefit from the resources provisioned and minimizing the total resources required. This effort can range from the initial selection of an efficient programming language, the adoption of modern algorithms, the use of efficient data storage techniques, the implementation of an efficient and right-sized computing infrastructure, and the reduction of high-powered end-user hardware requirements.
Design principles for sustainability in the cloud
Apply these design principles when designing your cloud workloads to maximize sustainability and minimize impact.
- Understand the impact you and your company have.
- Set your sustainability goals.
- Maximize the utilization of absolutely everything.
- Anticipate and adopt new and more efficient hardware and software offerings.
- Use managed services.
- Reduce the downstream impact of your cloud workloads.
Well, if you made it this far, you are interested in the subject. At BigCheese we are certified by AWS to do a best practices consulting of your architecture..
Contact us and we will send you a proposal that will surprise you, really, try it and see. It is important to follow good infrastructure practices in AWS in Uruguay.