Category: AWS Well-Architected

How to Improve Awareness of Expenditures and Usage with AWS

The fifth pillar of the AWS Well-Architected Framework is cost optimisation, and it’s all about lowering your price point.

Working in the cloud gives you more flexibility and creates more opportunities for innovation. You no longer need to manually research new hardware, purchase new hardware, schedule shipments or process shipping orders. You can create systems to do all of that automatically.

However, the way you monitor expenditures and usages will have to change. Several AWS programs can help you improve your awareness and better monitor your expenses and usage.

Accurate Cost Attribution
You need to know the exact cost of each department or product owner. This knowledge will give you insight into which products are more profitable, and which are losing money.

Use AWS Organisations or AWS Control Tower to separate your teams and products by costs and usage. These programs have several organisational options, including tagging to enable sorting by category, team name, business name or other information.

Cost Attribution Categories
You want to create organisation categories and functional categories to sort your costs.

To determine your organisation categories, meet with your stakeholders and follow your existing organisational structure. You might want to include topics like budget, department, or business unit.

The functional categories might include topics like your workload name, areas of focus in the business (production, shipping, etc.).

There is no limit to the number of categories one item can have. Be as detailed as possible when defining your categories.

Establish Organisational Metrics
You should clearly state what the workload outcomes are. Use business outcomes to determine the metrics. For example, the number of web pages served to customers could be a workload metric.

If your workload is large or complicated, consider breaking your metrics down for each component.

Billing and Cost Management Tools
AWS provides several tools that aid in billing and cost management. Train representatives of each team that works with an application in AWS Budgets and AWS Cost Explorer.

Use Workload Metrics
Using your workload metrics, allocate your costs. You can use Amazon Athena to create an efficiency dashboard, making it easy to evaluate your cost efficiency regularly.

Consult an AWS Partner
If you are new to AWS or want to confirm that you are following all the guidelines, a Well-Architected Review can help. WOLK is an experienced long-term AWS Partner and can check for high-risk items and mitigate them for you to ensure you’re operating as efficiently as possible.

Monitoring Performance Efficiency Under AWS

AWS Well-Architected Framework uses five operational pillars to implement best practices that allow cloud-based systems to function efficiently. These five pillars are operational excellence, security, reliability, performance efficiency, and cost optimisation. Designing cloud-based systems that operate using these five core principles is what sets the AWS Well-Architected Framework apart.

Monitoring Performance
Monitoring the performance of a workload using alerts for immediate notification of inefficiency or security breaches is the most effective way to ensure clients aren’t impacted.

Avoiding human error by creating automated notification of system degradation reduces the amount of time it takes to fix a problem. It’s essential to schedule a time to test your alert system through simulated breaches. Doing so ensures your monitoring is working correctly.

Amazon CloudWatch
Amazon CloudWatch is a monitoring service that can provide you with tangible results when it comes to your system. It includes data and information about your workload while helping you respond to inefficiencies. By getting information about the cause of problems within your cloud-based system, you can better manage your response approach.

Four Phases of Monitoring
Monitoring is also an integral part of the third pillar of AWS, reliability. There are four phases to monitoring with AWS:

1. Generation
Monitoring the workload can be done using Amazon CloudWatch or another tool. Make use of the vast amount of data and log information available to understand how the cloud functions as it changes to meet current demand.

2. Aggregation
Be specific in calculations in regards to data logs and filters. Data is forwarded to CloudWatch logs when you use Amazon CloudWatch as your monitoring service.

3. Real-time processing and alarming
The system recognizes threats in real-time and sends out notifications to your organization to take immediate action. Amazon Simple Notification Service (SNS) can forward the alert to multiple users so that technical staff can be alerted that there is a problem.

4. Storage and analytics
Analyze the logs and files collected for trends to get a better sense of your workload. Data management can’t be overlooked, and Amazon CloudWatch is a powerful tool for analyzing your data.

It’s necessary to schedule regular reviews that look at how your monitoring service is working to perform updates for improved security and efficiency. Your business priorities should drive the way you monitor.

Get an AWS Well-Architected Review
WOLK is a proud partner of the AWS Well-Architected Program and is certified to perform your system inspections. Contact us to schedule a review that will highlight issues in your cloud-based system that need resolving.

Selecting Storage Solutions Under AWS

Storage is an essential part of cloud usage, holding the information of your workload. Cloud storage is a more secure way to keep data safe than traditional physical servers kept on site. With the cloud, you have the flexibility to access your information from different regions and migrate it to a new location should you need to do so.

AWS Storage Solutions
AWS offers three types of storage solutions to meet your needs:

1. Object Storage
Object storage is designed for exceptional durability to access data from any location. This is an ideal storage method for backups or data recovery, with Amazon Simple Storage Solution platform leading the industry in security and performance.

2. Block Storage
Block storage is low latency (minimal delay) storage that is reliable through its consistency. This storage solution is comparable to direct-attached storage (DAS) or Storage Area Network (SAN). You can make workloads easy to access with Amazon Elastic Block Store (EBS).

3. File Storage
This solution allows a team to access storage from different systems with permission. Ideal for user home directories or media storage, Amazon Elastic File System is one example of AWS File Storage.

Factors to Consider
Choosing the best storage method for your system depends on a variety of different factors. How frequently will it be accessed? Will it be online and in use all the time, or will it be used for archival purposes? It’s also important to consider how frequently your system will be updated and its durability limitations. The AWS Well-Architected Systems use multiple storage solutions to maximize your productivity and keep costs useful.

Storage and AWS Pillars
AWS Well-Architected Framework operates based on five pillars: operational excellence, security, reliability, performance efficiency, and cost optimisation. Storage falls under the fourth pillar, performance efficiency, by taking a data-driven approach to the building of digital architecture. It is vital to regularly review your selections for storage to make sure you’re maximizing your potential as the cloud continues to evolve.

Contact WOLK for a Review
Schedule a well-architected review with WOLK, a certified leading partner of AWS Well-Architected Framework. The review process highlights deficiencies in your system and then executes a remediation process to address those issues. Maintaining an efficient performance is only achievable by assessing how well your system’s various elements are working together daily. Responding quickly to security threats, performance problems, or costly outcomes keep systems operating at their best.

How AWS Can Help with Disaster Recovery

One of the central tenets of the Well-Architected Framework is planning for failure. Even though the goal is to avoid problems, they will still occasionally occur. If you and your team have a clear goal in place following AWS guidelines, the failure will cost you less time.

The first steps to help with disaster recovery have to do with preparation. Have backups in place and create redundant workload components.

The Well-Architected Framework has laid out five best practices to help you plan for disaster recovery.

1. Define Recovery Objectives
Define your recovery time objectives (RTOs) and recovery point objectives (RPOs) based on business goals. To create these objectives, break down your workload into categories of need. You’ll want to create five categories or less.

When determining your categories, consider whether the workload tools are internal or public. You will also want to identify the primary business driver and estimate the downtime’s impact on your business.

2. Meet Recovery Objectives
After creating your categories, you can design a disaster recovery (DR) plan that meets your objectives. Depending on the structure of your workload, you might require a multi-region strategy. AWS suggests several strategies of varying complexity and cost.

You can choose a simple backup and restore strategy, meaning you store your data in the DR region. In case of a disaster, you can restore RPO within hours and RTO within 24 hours.

The Pilot Light strategy lessens the recovery time by maintaining a small version of your core system in the DR region. RPO recovery time is minutes, and RTO is hours.

The Warm Standby strategy offers an even shorter recovery, achieving the RPO in seconds and the RTO in minutes. In this strategy, you keep a mini version of your full system always running in the DR region. In case of disaster, you can quickly increase its capacity to handle all your business’ needs.

The Multi-region Active-active strategy uses multiple AWS regions. If one region fails, you can redirect traffic to the other regions.

3. Test Disaster Recovery Implementation
Whichever strategy you choose, it’s critical to evaluate it regularly. Ensure that all backup systems are functioning and your plan meets your RPO and RTO in the correct amount of time.

4. Manage Configuration Drift
Keep an eye on your DR region, ensuring the infrastructure, data, and configuration are in good condition.

5. Automate Recovery
Use automated recovery systems like CloudEndure Disaster Recovery to remove the possibility of human error.

Schedule a Well-Architected Review
To ensure your strategies follow the guidelines of the Well-Architected Framework, schedule a Well-Architected Review. AWS Partner, WOLK can identify any issues in your designs and mitigate them for you.

Tracking and Backing Up Data with AWS

It’s essential to back up all your data regularly. However, it’s just as important to test your back-up files regularly.

The reliability pillar of the Well-Architected Framework offers guidelines to ensure your backups are safe and protected against failures. AWS also provides various options to help you safely back up your data.

Best Practices to Protect Your Backups
There are four best practices that can help ensure the safety of your data and backups. Remember to back up your applications and configuration as well, ensuring your backups meet your recovery time objectives (RTOs) and recovery point objectives (RPOs).

● Identify and Backup All Data
Your first step is to identify all the data you want to back up. You might not need to back it up if it can be recreated from other sources and still meet your RPO. Once you’ve classified your data, you need to decide how to back it up.

As an AWS customer, you have access to their many backup options. Amazon S3 allows for the storage of multiple backup files. Several AWS services have built-in backup systems. If you use Amazon EBS, RDS or DynamoDB, you can set them to automatically backup your files, and store them elsewhere.

You can also use third-party systems to backup or store your files.

● Secure Your Backups
Just like your servers, you must ensure the security of your backups. If you use AWS’ services to create backups, enable encryption before backing up. If you use a third-party system, you might need to encrypt them yourself.

You should also restrict access to the backups. Only allow team members who require it access. Monitor the backups for any unauthorised access.

● Automate Data Backup
To ensure you always have a recent backup, use AWS Backup to automatically backup your files at regular intervals.

AWS Backup allows you to set different schedules for different workloads and to determine precisely where you want your backups stored. It enables you to create Backup Plans and Backup Vaults, giving you flexibility.

● Verify Your Backups
At regular intervals, test your backup files and procedures to ensure they meet your RTOs and RPOs.

Maintaining a Resilient Workload
If your systems aren’t fully compliant with the reliability pillar’s guidelines, you might want to set up an AWS Well-Architected Review. WOLK, a long-term AWS Partner, can identify any problem areas and mitigate them.

WOLK can help you maintain a reliable workload and ensure that your company is fully compliant with the Well-Architected Framework.

The 3 Forms of Compute Resources Under AWS

Compute resources are virtual servers and storage equipment that are accessed by multiple users. There are five pillars of the AWS Well-Architected Framework, including operational excellence, security, reliability, performance efficiency, and cost optimisation. The fourth pillar of performance efficiency incorporates computing resources’ effective use to meet technology’s changing demands.

Forms of Compute
In AWS (Amazon Web Service), there are three different forms of computing resources.
1. Instances
These are virtualised servers available in different sizes and types. They can offer additional capabilities like solid-state drivers (SSDs) and graphics processing units (GPUs). These resources are not fixed, so you have the flexibility to try out various types of servers.
2. Containers
A virtual operating system that allows you to run applications as isolated processes. AWS Fargate and Amazon EC2 are examples of computing used to manage containers. Additionally, there are other container platforms used for AWS: Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS).
3. Functions
One example of a function is the AWS Lambda, used to extract the processors, networks, and operating systems from the code you want to write. By selecting the right Compute Resources for your needs, you can achieve more with the same number of resources, maximising efficiency.

Compute Resources and AWS
With rapidly evolving cloud technologies, it’s critical to evaluate the performance of your operating systems. Assess compute options by considering cost requirements and the demand for workload performance.

To optimise efficiency, the best compute option for your workload varies depending on several factors. Due to the ever-changing demand for cloud-based systems, it is recommended to use elasticity mechanisms where possible. Working in the cloud gives you the ability to make changes to your system with ease when necessary.

Other factors to consider in computing include storage, databases, and networks. Cloud storage holds the information in your workload and is more reliable than traditional physical server storage. Networks should be updated over time to maintain efficiency, and AWS database options continuously track your workload.

Schedule a Review
You can schedule a review with WOLK, a certified partner of the AWS Well-Architected Program. An analysis of your cloud-based system will pinpoint any weak security points or other inefficiencies to make changes for maximum results.

Free service credit applied to your account will most likely cover the cost of these changes, preventing you or your company from paying out of pocket expenses.

AWS and Designing Performance Efficiency in the Cloud

In the AWS Well-Architected Framework, five pillars include operational excellence, security, reliability, performance efficiency, and cost optimisation. Performance efficiency refers to using computing resources efficiently in a cloud-based system.

Design Principles
There are five design principles for performance efficiency in the cloud.
1. Democratise advanced technology
Complex tasks assigned to your cloud vendor make adapting to technology easier on your company. Services such as machine learning and media transcoding are consumed in the cloud, rather than having a workforce team carry out these tasks.
2. Go global in minutes
Since there are various AWS regions worldwide, making your workload accessible anywhere, there is lower latency and better customer experience.
3. Use serverless architectures
As the name suggests, this technology removes the need for a physical server that must be maintained. Additionally, transaction costs are lower when services are managed in the cloud, optimising efficiency.
4. Experiment more often
With virtual and automated services, it’s easy and cost-effective to complete tests of different instances, storage, and configurations.
5. Consider mechanical sympathy
Make time to understand how cloud technology functions and choose the service that makes the most sense for your goals.

Best Practices
There are four areas of best practice when discussing performance efficiency in the cloud. These are selection, review, monitoring, and tradeoffs. Selecting the best solution for your workload is essential to maximising effectiveness and minimising your costs.

Since the AWS cloud is ever-evolving, it is a good idea to review these selections regularly. Gauging how well your solutions are working based on the data available allows you to make changes whenever objectives aren’t met.

Monitoring your workload is critical to identifying an issue before it impacts your customers. Amazon CloudWatch is a monitoring service that allows you to track your workload and get a comprehensive overview of the system. Quick response times keep systems running smoothly.

When maximising your workload, consider making tradeoffs. You might trade durability or consistency for latency, depending on the target. A tradeoff increases efficiency in one area by giving a little in an area that is already performing at its best.

Work With a Leading Partner
WOLK is proud to be a leading partner of the AWS Well-Architected program and is certified to provide reviews of cloud-based systems. An appraisal is a good idea when looking to identify where your performance deficiencies lie. An inspection will get you started on making the right adjustments to get your five pillars in alignment.

Cloud Security and AWS: What You Need to Consider

AWS offers many options to ensure your data is secure in the cloud. By following the design principles and best practices laid out in the Well-Architected Framework’s security pillar, you can keep your data safe.

As an AWS customer, you will also gain access to their data centres and networks, all of which are highly secure. There are many benefits to becoming part of the AWS network.

Greater Control
AWS grants you a higher level of control over your data than other security systems. At any time, you can view who is accessing what data, who has access, and the type of encryption.

There is also continuous monitoring of your data, meaning that AWS will notify you quickly if a breach occurs.

You can integrate AWS’ activity monitor services into your existing workload, meaning that the transition will be as smooth as possible.

Automated, Integrated Services
AWS allows you to automate your security systems and integrate them deeply into your workload and applications. Automation reduces the possibility of human error, lessening the likelihood of a security breach.

You can also use the AWS systems to streamline the communication between security, operations, and development teams. AWS has services that help your teams communicate securely and quickly, meaning that new code can be integrated into your system faster.

Privacy and Data Security
In addition to following your security protocols, you also benefit from the security system at AWS. There is a team monitoring all data stored with AWS 24/7.

Any time you transfer data through or out of the AWS system, it is automatically encrypted. You also can use other encryption methods, including encryption keys managed by the AWS Key Management System.

You also always can see and control any information about your data that involves compliance with regional and national data regulations. If you operate internationally, you must comply with all data regulations.

AWS also helps you protect your infrastructure. You can create filters that block web requests that fit common attack patterns.

Use the AWS Ecosystem
AWS has an extensive international ecosystem consisting of security and solution partners. Through the AWS Partner Network (APN), you can find ready to go cloud software to enhance your cloud security.

You’ll also receive credit with AWS to complete a Well-Architected Review, meaning you won’t be out of pocket. WOLK will assess any high-risk items and mitigate them for you.

Overview of Ensuring Systems Reliability under AWS

Reliability is an essential component of a well-functioning workload. A reliable system or workload performs its duties correctly and at the right time, meaning you can turn your focus to other business matters.

The third pillar of the AWS Well-Architected Framework has techniques, design principles, and best practices to help you create an enduring, reliable workload.

The pillar consists of five design principles and four best practices. The design principles focus on using automation to increase reliability, while the best practices deal with creating and maintaining reliable infrastructure.

Automation
The central theme throughout the five design principles is automation. You can use automated systems to monitor your workload, alert you when a failure occurs, fix a problem, and make changes to your workload.

Automation reduces the risk that human error will cause failure and makes it easier to track changes.

The Four Best Practices of Reliability
To increase your workload’s reliability, follow the practices of Foundations, Workload Architecture, Change Management, and Failure Management. You can also work with an AWS Partner like WOLK to ensure you are compliant with all the guidelines.

1. Foundations
Before you build your workload, you must ensure you have met all your foundational requirements. These requirements affect more than one workload, and if they fail, they could derail more than one workload.

Examples of foundational requirements include sufficient data network bandwidth and computing capacity. AWS addresses many of these requirements for you, making it easy to set up your foundation as reliably as possible.

2. Workload Architecture
Your choice of architecture affects your workload’s behaviour across all five pillars. Take advantage of the flexibility that AWS allows you to choose your company’s best coding language and technologies.

AWS Software Development Kits (SDKs) also remove coding from the equation, making it straightforward to create a reliable workload.

When building your workload, be sure to segment it to ensure reliability. Have each segment and service focus on a specific business domain or functionality. If you use APIs, set up individual service agreements.

3. Change Management
Your workload will change and grow with your company. Anticipate changes and prepare your team and workload for them. Create automatic systems to monitor key performance indicators (KPIs), and test any changes before implementing them.

You can also set up automated services that will update your workload as it nears its limits. For example, an automatic service could introduce a new server to help it cope with an increase in demands.

4. Failure Management
Every system encounters failures, but reliable systems can quickly and efficiently return to standard operating capacity.

An automated monitoring system can immediately notify you in case of failure, fix the problem, or suggest a replacement.

The 7 Design Principles for Cloud Security Under AWS

Security, the second pillar of the AWS Well-Architected Framework, contains seven design principles. By adhering to these guidelines, you can increase the strength of your cloud security, and protect your data.

The design principles encompass the ideas of foundation, preparation, and automation.

1. Implement a Strong Identity Foundation

A strong identity foundation is critical to maintaining safe data. Utilise the principle of least privilege by allowing each team member the minimum amount of access necessary for their work.

You should also centralise your identity management and try to reduce using static credentials.

2. Enable Traceability

It’s easier to find problems when you have a pre-existing tracing system. By monitoring your workload and applications in real-time, you’ll also receive alerts at the exact moment when something breaks through your security.

3. Apply Security at All Layers

Every layer and level of your workload and applications should be secure. Just because it’s an internal system doesn’t mean it’s safe.

4. Automate Security Best Practices

Automation lessens the likelihood of human error. Automated security sweeps can be set to run at regular intervals, and will automatically alert the correct team member when there is a problem.

5. Protect Data at Transit and Rest

Your data should always be secure, even when it’s within your systems. Use a classification system that all team members understand, to determine what level of security your data needs.

Based on its classification, data should be secured using encryption, tokenisation, or access control. If you’ve automated your security best practices, your security system can sort the data itself.

6. Keep People Away from Data

In addition to the principle of least privilege, you should also use tools that help to lower the need for human access to data. Human error can cause security breaches or loss of data.

7. Prepare for Security Events

Prepare your systems and teams for a future security event. Following your organisational best practices, create an incident management and investigation policy. Train all team members in your response policy by running drills.

Schedule a Well-Architected Review
To ensure your data is as secure as possible, consider working with an AWS Well-Architected Partner. WOLK can identify any outstanding high-risk items and mitigate them for you.

Once you’ve completed a Well-Architected Review, you can continue to maintain the highest level of security possible by adhering to the seven design principles of the security pillar.