What is the AWS Well-Architected Framework?

AWS Solutions Architects took their many years’ experience building solutions, and designing and reviewing thousands of customers’ architectures on AWS, and identified a set of best practices for architecting systems in the cloud. The result is the AWS Well-Architected Framework.

Based on 5 pillars – Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization – the Framework allows us to design and operate reliable, secure and cost-effective systems in the cloud, while sticking to best-practice architectural methodology.

The development of the AWS Well-Architected Tool has enabled regular review of workloads, identifying high risk issues and recording your improvements. Conducting a Well-Architected Review (WAR) allows a conversational approach rather than an audit process, and serves to establish well-architected systems that greatly increase the likelihood of business success.

The review documents a set of foundational questions that allow you to understand if a specific architecture aligns well with cloud best practices. The framework provides a consistent approach to evaluating systems against the qualities you expect from modern cloud-based systems, and the remediation that would be required to achieve those qualities. As AWS continues to evolve, the definition of well-architected will continue to be refined.

We begin all of our development projects with a Well-Architected Review to give clients full visibility of their workload. The precise and comprehensive nature of the Framework provides clients with essential insights that enable informed decisions that add business value.

We have years of experience architecting solutions across a wide range of business verticals and use cases, with several of our case studies being used by AWS.

What are the basic components of security under AWS?

The AWS Well-Architected Framework consists of five pillars. Security, the second pillar, focuses on protecting your data, systems, and assets using cloud technology.

The security pillar includes seven design principles and six best practice areas. By following the guidelines laid out in this pillar, you can keep your data safe and secure.

Best Practice: Security
Keeping your workload secure is an essential part of using cloud technology. The AWS Well-Architected Framework details the best practices you should follow when focusing on security.

Organise Based on Security Requirement
Organise your accounts and workloads from a security point of view, rather than following the existing structure of your company. You can simplify the security process by combining like-accounts that need similar security procedures.

Identity and validate control objectives, using your compliance guidelines and any high-risk items discovered by a Well-Architected Review. Continue to schedule reviews of your control objectives, and update them when necessary.

Secure your AWS Account
Make sure your AWS account is fully secure. Use Multi-factor Authentication (MFA), don’t use your root user too often and configure your account contacts.

Stay Updated
Security risks are continually changing and evolving. Be sure to schedule regular meetings to review new threats and how to mitigate them.

Security recommendations are always changing. Be diligent in following the latest suggestions by subscribing to AWS Updates and the AWS Security blog. Consider consulting with outside experts at regular intervals to ensure your security is up to date.

Use a Threat Model
Create a threat model to identify new and existing risks. Once identified, prioritise the risks and address them as needed. Be sure to keep your threat model updated to reflect new security recommendations.

Automate
Automation lessens the possibility of human error. Create an automated testing service that allows you to check the secureness of your systems quickly.

Build the automated testing services directly into your systems and processes. Once built-in, these testing services can continuously check for threats and breaches, and alert you if there is a problem.

AWS Partners
AWS Partners regularly release security updates that can help you keep your data safe.

WOLK, a long term AWS Partner, is always up to date on new threats and security recommendations. To ensure your data is secure, schedule a Well-Architected Review. WOLK will identify and highlight any high-risk items, and mitigate them for you.

Failure Management and AWS: How to Withstand and Repair Problems

Every system will encounter problems and occasionally fail. What makes a system reliable is its ability to react quickly and efficiently to failures.

The goal is to create a workload that automatically returns to a standard operating level without creating a disruption.

Architecting for Resiliency
Resiliency is the ability to bounce back from failure, overload, or attack. The Well-Architected Framework has five best practices to ensure your workload is as resilient as possible.

Monitor All Components
Design automatic systems that monitor every aspect of your workload continuously. Determine key performance indicators (KPIs) based on your business goals, not your systems’ requirements. When the system notices a KPI breach, it can fix the failure.

You can also set monitoring systems to detect degradation, which lets you know that a failure is likely. Your automated systems can also take action to prevent the looming failure.

Keep Healthy Resources Separate
Instead of using a single workload, set up several smaller ones. Ensure that if a particular system fails, other healthy resources can continue to handle requests.

For essential services like location, create backup systems that can fail over to healthy resources. If you’re using AWS systems, they will automatically activate to ensure your healthy systems can keep working.

Automate Healing
It takes time for a team member to receive a notification, learn about the problem, and determine a plan of action. Instead, create automatic services that can fix failures quickly.

Consider utilising AWS systems, like Auto Scaling and EC2 Automatic Recovery, to help your system repair itself.

Static Stability Prevents Bimodal Behaviour
A workload is exhibiting bimodal behaviour when it acts differently under standard and failure modes. Design your workloads with static stability in mind, testing to ensure they always react the same way.

You also should not allow clients to avoid your workload’s cache even in a cascade failure, because it creates bimodal behaviour.

Notifications
Have every automated system send the relevant team member a notification when a system is nearing failure or has failed. You also want teams notified when your systems detect a problem that will affect availability.

Well-Architected Review
If you’re struggling to make your systems reliable, WOLK, an experienced AWS Partner, is authorised to perform a Well-Architected Review.

Through the review, WOLK can identify high-risk items and any areas that are low in compliance with the Framework. The team can then mitigate the problems, ensuring your systems are reliable and resilient.

The 5 Design Principles for Cost Optimisation Using AWS

WOLK is a leading partner of AWS Well-Architected Framework and is certified to perform reviews that identify weaknesses in your cloud-based system.

The five pillars of AWS include operational excellence, security, reliability, performance efficiency and cost optimisation.

Cost optimisation is an ongoing process built on cost-aware workloads targeted to maximise investment while minimising costs. There are five design principles to keep in mind when seeking to optimise costs with AWS.

Five Design Principles

1. Implement cloud financial management
It is essential to invest resources in building capability in the technological domain of the cloud. That means investing in knowledge building programs and resources to become cost-efficient in Cloud Financial Management.

2. Adopt a consumption model
Pay only for the resources you use and target your usage to only what is necessary. Stopping resources during non-business hours can save up to 75% of the regular cost per week.

3. Measure overall efficiency
This information allows you to understand where you gain value when you reduce costs. Track the output of the workload and delivery costs using AWS.

4. Stop spending money on undifferentiated heavy lifting
This design principle allows you to focus on your customers instead of the software. AWS takes care of your data centre operations and removes the responsibility of using managed services for your systems and applications.

5. Analyse and attribute expenditure
To maximise your resources while reducing costs, you can accurately measure the value and use of workloads using the cloud.

Practising Cloud Financial Management

Cloud Financial Management allows you to realise your business value and optimise your costs. Best practices for CFM include:

● Functional ownership
The function can refer to a team or individual who is responsible for maintaining a culture of cost awareness. This group spends a designated percentage of time attending to cost optimisation activity.

● Finance and technology partnership
A relationship must be formed between essential finance and technology personnel to understand the financial goals of the company. This partnership is critical to tracking real-time cost and usage and developing a standard operating procedure.

● Cloud budgets and forecasts
There is high variability in cloud cost and usage amounts based on user activity. Budgets must be adjusted, and forecasts created using an algorithm to allow for this variance in the predictions.

● Cost-aware processes
Cost aware processes need adapting into organisation protocol, and training administered continuously.

● Cost-aware culture
By making information about cost optimisation available to individuals across teams (like a publicly visible dashboard), the workplace culture can adapt a cost-aware mindset. The directive should come from the top down and is achievable through a rewards-based training system for employees.

● Quantify business value delivered through cost optimisation
Don’t just report savings from cost optimisation, but quantify the additional value obtained. Quantifying business value makes it possible to identify the return on your investments.

Schedule a Review

If you’re interested in finding out how you can optimise your costs with AWS, schedule a review with WOLK. WOLK is a leading partner of AWS Well-Architected Framework and offers a service credit that covers the majority of expenses when working through your high-risk areas during remediation.

4 AWS Best Practices For Improving Performance

The AWS Well-Architected Framework allows you to implement designs consistently and examine architectures that can grow and change with your business. The framework is built on five pillars. Each pillar has best practices recommended by AWS to help you create an efficient and successful workload.

The Performance Efficiency Pillar
The Performance Efficiency pillar of the AWS Well-Architected Framework focuses on using resources efficiently to support your cloud-based system and uphold that efficiency level as demand changes.

4 Best Practices
Within the Performance Efficiency pillar, there are four best practices to guide you in your system development.

1. Selection
It’s important to select the best performing architecture for your cloud-based systems. A well-architected workload incorporates various solutions because their differing features can enhance the system’s performance efficiency. A crucial part of the selection process is choosing the best resources.

Compute resources for AWS come in three forms: instances, functions, and containers. When making choices about your compute resources, you’ll need to use your knowledge of workload and cost requirements. Since resource selections in the cloud are flexible, you can experiment with your selections.

Storage is another key selection you’ll make as part of your AWS performance efficiency. Choose between object, block, and file storage in the cloud depending on your system requirements.

With AWS, you’ll also choose your database. Different kinds of cloud databases remedy issues present in your workload. Once you identify the specific problems in your workload, you can select the database that base addresses them.

A network is shared between all aspects of your workload, meaning its impact is significant. To select the best network for your system, identify bandwidth, jitter, throughput, and latency requirements.

2. Review
Best practices for performance efficiency include careful evaluation of the technologies and your workload components to ensure they’re as up-to-date as possible.

AWS innovation is continual and is driven forward by consumer demands. New features that can improve performance and architecture are released regularly, so it’s important to review your system frequently for possible areas of improvement.

3. Monitoring
After you make selections and your workload is running, it’s critical that you’re carefully monitoring the workload performance. Services like Amazon CloudWatch are available to give you actionable feedback about your system performance and the optimisation of resources.

Monitoring this data in real-time allows you to move swiftly when problems occur so you can rectify them before clients are impacted.

4. Trade-Offs
Architecting solutions require you to weigh the benefits of a solution against its implementation’s negative impacts. A trade-off can mean you’re exchanging consistency for latency to improve performance because there is a higher value in lower latency at that time.

Carefully review metrics to see how your trade-offs are affecting the workload and its performance efficiency.

Work With WOLK
WOLK is a proud leading partner of the AWS Well-Architected Framework and can provide a thorough review of your cloud-based systems. We are certified to perform a detailed appraisal and help you determine any weaknesses within your system that require immediate attention.

Identity and Access Management: Permissions and Identification

AWS Well-Architected Framework is a system used to identify the at-risk areas in your company’s infrastructure. AWS ensures your applications are using the five pillars of operational excellence, security, reliability, performance efficiency, and cost optimisation.

Why are Identity and Access Management Important?
For your cloud-based systems to operate safely, the right people must have access to the resources meant for them. Allowing users to have access, or other applications to have access, opens up the potential for security threats if the proper measures aren’t in place. Using identity management and permissions management are the two best ways to take care of human and machine security access.

Identity Management
It’s best to manage identity access in a centralised way, meaning that you use one identity provider to grant access for multiple platforms. If you need to deny access to someone (like an employee leaving the company) you can instantly revoke their ability to view sensitive information. These could include company calendars, email accounts, AWS services and more. By centralising access, it becomes easier to track and control who has permission to view and change data.

When dealing with AWS, both humans and machines require unique identities to be able to access these services. To keep track of who/what has access to which applications/information, consider grouping users who have similar security access requirements together. Thus, making it easier to manage large groups of users within an organisation because settings can be changed by group membership rather than for each individual.

Permissions Management
Permissions are essential to the second pillar of AWS Well-Architected Framework security. By creating permission boundaries and granting least privilege access, you can restrict user and administrator ability to only what is necessary.

AWS utilises attribute-based access control (ABAC) which allows you to provide access based on specific attributes called tags. Programming these tags into your management strategy ahead of time means permissions will be applied automatically as a project unfolds rather than you manually updating a policy part way through. Doing this creates an efficient way to handle multi-user and developer access while still maintaining a secure cloud-based system.

Work with WOLK
If you’re interested in improving your cloud-based security, work with WOLK. A leading partner of the AWS Well-Architected Reviews, our review process draws attention to the areas of risk in your system so you can take the necessary steps to up-level your security measures.

4 Security Solutions for Every Business

Virtually all businesses use cloud services for at least some functions. As this trend continues, it’s important to be on top of security to prevent a cyberattack or data breach.

Businesses can use Amazon Web Services (AWS) to increase the security of their cloud computing operations. Through AWS, organisations can automate security tasks that were previously controlled manually. This allows the business to focus solely on core operations.

Besides streamlining and progressing manual security, AWS is the only commercial based cloud service that’s deemed secure enough for top-secret workloads. AWS uses a five pillar framework to help build efficient systems for businesses. Security is the second conceptual pillar, and it contains key security solutions for every business.

1. Automate Security Best Practices
A measure outlined as a design principle is security automation. Automating system security can make your data more secure. It also makes scaling security easier and more cost-effective as it doesn’t require major architectural change.

Employ AWS security software to protect your systems, data, and applications. These systems can be tested and validated, ensuring you have the best practice systems in place.

2. Protect Data at All Times
Data is one of the most valuable commodities a business holds. Stolen data is not only detrimental to your business but can also lead to legal problems. Data must be protected at all times, meaning when it is in storage, during transfers, and when people access it.

Organise your data by security classification, defining classifications by sensitivity levels and use and allocate only essential human access. Storage solutions such as Amazon Glazier are extremely resilient to data loss.

AWS offers encryption services for data transfers and data at rest. Server-side encryption (SSE) is ideal to store encrypted data.

3. Implement Access Management Protocols
Access management can be implemented through basic security features like multiple-factor authentication and strong passwords. An AWS system, such as Identity and Access Management (IAM), allows only authorised employees to access certain information, resources, and programs. The AWS user can customise privilege management, increasing its security.

4. Utilise AWS Detection Systems
AWS detection systems scan and monitor linked operations to identify potential security compromises and threats. There is a wide variety of detection programs, with some more suited to specific industries. It’s essential that your company have at least a minimal level of security detection implemented.

Amazon GuardDuty is an effective security solution that detects dangerous and unauthorised activity within workloads.

Secure Your Business Using AWS
WOLK is a partner AWS Well-Architected Review Program and is certified to perform AWS reviews. Contact us today to arrange a review, allowing us to advise and assist you in securing your business and its cloud operations for the future.

The 7 Design Principles for Cloud Security Under AWS

Security, the second pillar of the AWS Well-Architected Framework, contains seven design principles. By adhering to these guidelines, you can increase the strength of your cloud security, and protect your data.

The design principles encompass the ideas of foundation, preparation, and automation.

1. Implement a Strong Identity Foundation

A strong identity foundation is critical to maintaining safe data. Utilise the principle of least privilege by allowing each team member the minimum amount of access necessary for their work.

You should also centralise your identity management and try to reduce using static credentials.

2. Enable Traceability

It’s easier to find problems when you have a pre-existing tracing system. By monitoring your workload and applications in real-time, you’ll also receive alerts at the exact moment when something breaks through your security.

3. Apply Security at All Layers

Every layer and level of your workload and applications should be secure. Just because it’s an internal system doesn’t mean it’s safe.

4. Automate Security Best Practices

Automation lessens the likelihood of human error. Automated security sweeps can be set to run at regular intervals, and will automatically alert the correct team member when there is a problem.

5. Protect Data at Transit and Rest

Your data should always be secure, even when it’s within your systems. Use a classification system that all team members understand, to determine what level of security your data needs.

Based on its classification, data should be secured using encryption, tokenisation, or access control. If you’ve automated your security best practices, your security system can sort the data itself.

6. Keep People Away from Data

In addition to the principle of least privilege, you should also use tools that help to lower the need for human access to data. Human error can cause security breaches or loss of data.

7. Prepare for Security Events

Prepare your systems and teams for a future security event. Following your organisational best practices, create an incident management and investigation policy. Train all team members in your response policy by running drills.

Schedule a Well-Architected Review
To ensure your data is as secure as possible, consider working with an AWS Well-Architected Partner. WOLK can identify any outstanding high-risk items and mitigate them for you.

Once you’ve completed a Well-Architected Review, you can continue to maintain the highest level of security possible by adhering to the seven design principles of the security pillar.

AWS Operational Excellence Pillar: What’s New?

In mid-2020, AWS released an update for the Operational Excellence pillar, which improved the guidance offered concerning organisation methods and culture and creating an operating model.

The newly updated Operational Excellence pillar now has a new section entirely devoted to team members, teams, and organisation.

What is Organisational Culture?
The organisational culture of your company is how you structure your teams, including creating a clear order of superiority, plans for emergencies, and a clear path of communication.

The AWS Well-Architected Program has updated its Operational Excellence pillar to provide clearer guidance for companies on how to create an effective organisational culture.

By following the new guidelines, you can improve your bottom line.

How to Structure Your Business Using AWS
To create an optimised organisational culture, follow the steps AWS has outlined. First, you must create an explicit order of command in your organisation. It’s essential that everyone knows to whom they report and who they are in charge of.

Next, choose an operating model. There are many options available, and you may want to use different models depending on the department. To choose the best model, AWS recommends using a chart that analyses the operations and engineering of your platform or infrastructure and your applications.

Through this chart, you can determine which teams are responsible for what and if some areas require multiple teams’ attention.

Clearly defining who is responsible for certain areas improves your bottom line since it reduces the need for team members to ask for direction.

Improving Your Business With Organisational Structure
The recent additions to the operational pillar focus on improving your business through a structure that receives its guidance from the top level. Called executive sponsorship, this concept means that the executives of an organisation sets goals and evaluates the organisation’s success.

However, it also means that those in charge must advocate for and implement the use of AWS best practices. The entire company should follow these best practices, with a clear structure known to all team members.

The new changes also focus on receiving a diversity of opinions. Although the direction should always come from the top down, your business can benefit from communicating with team members of all levels. Ask them if changes could improve their reliability or productivity or if they have any complaints about the system.

Improve Your Business With WOLK
As a recognised AWS Well-Architected Framework partner, WOLK offers reviews to ensure your company is compliant with all five pillars of the Framework. If we find any discrepancies, we can provide solutions to improve your business with AWS.

Call us today on 03 8669 1414 to arrange your free initial consultation.

Detecting Security Problems Using AWS

AWS is a subsidiary of Amazon providing cloud-based computing platforms. WOLK is certified to provide AWS Well-Architected Reviews. WOLK can track your IT performance around the clock to tackle any interruptions before they impact your business. Detecting security problems is critical to the success of your business.

AWS Well-Architected framework operates on the five pillars of Operation Excellence, Security, Reliability, Performance Efficiency, and Cost Optimisation. Security, the second pillar of AWS, refers to protecting your data, systems and assets. Before you architect a workload, security practices must be in place.

What does it mean to architect a workload? A workload refers to a collection of data and code that are integral to a business that will be planned, devised and scaled in a way that meets guidelines set out by Amazon. The AWS cloud executes an automated response to security issues.

Security: The Second Pillar

Within the pillar of security, seven design concepts can strengthen the security of AWS systems.

1. Implement a strong identity foundation means you should eliminate the use of long-term static credentials. Ensure there is a separation of duty when it comes to authorised personnel for interaction with AWS systems.

2. Keep people away from data suggests that you mitigate the risk for human error by reducing or eliminating manual processing of data. Use the automated tools available instead.

3. Prepare for security events by acting out simulated response situations.

4. Protect data in transit and at rest by organising it via levels of sensitivity. Use access control and encryptions for additional protection.

5. Automate security best practices to acquire a quicker response time when a security threat is detected.

6. Apply security at all layers by using multiple security controls.

7. Enable traceability by tracking changes in real-time so you can take action immediately if a security threat is detected.

Your security comprises five core components:

● Identity and access management
● Detection
● Infrastructure protection
● Data protection
● Incident response

Detecting Security Problems

Detection is critical in enabling you to identify a security threat or misbehaviour. Detective mechanisms are part of the threat identification and response effort and can include elements like analysing logs from your workload.

Performing vulnerability management is vital in detecting security problems promptly. Scan for vulnerabilities in your digital infrastructure by using a third party static code analysis tool or a third party dependency checking tool.

Validating the integrity of your software can also help in detecting security problems. To do this, you’ll want to implement mechanisms that confirm software, code and libraries that are part of the workload are from a trusted source.

Identify Your Areas of Risk

WOLK is a leading partner of the AWS Well-Architected Review Program and can provide a review that identifies high-risk items for your company. You’ll receive an AWS service credit that will cover the majority of high-risk items during the remediation stage.