💼 AWS Well-Architected

ID: /frameworks/aws-well-architected

Description

Empty...

Similar

Sub Sections

Section	Sub Sections	Policies	Compliance
💼 Cost Optimization	5	3	no data
💼 Cost effective resources	4		no data
💼 Evaluate cost when selecting services	6		no data
💼 COST05-BP01 Identify organization requirements for cost			no data
💼 COST05-BP02 Analyze all components of the workload			no data
💼 COST05-BP03 Perform a thorough analysis of each component			no data
💼 COST05-BP04 Select software with cost-effective licensing			no data
💼 COST05-BP05 Select components of this workload to optimize cost in line with organization priorities			no data
💼 COST05-BP06 Perform cost analysis for different usage over time			no data
💼 Plan for data transfer	3		no data
💼 COST08-BP01 Perform data transfer modeling			no data
💼 COST08-BP02 Select components to optimize data transfer cost			no data
💼 COST08-BP03 Implement services to reduce data transfer costs			no data
💼 Select the best pricing model	5		no data
💼 COST07-BP01 Perform pricing model analysis			no data
💼 COST07-BP02 Choose Regions based on cost			no data
💼 COST07-BP03 Select third-party agreements with cost-efficient terms			no data
💼 COST07-BP04 Implement pricing models for all components of this workload			no data
💼 COST07-BP05 Perform pricing model analysis at the management account level			no data
💼 Select the correct resource type, size, and number	4		no data
💼 COST06-BP01 Perform cost modeling			no data
💼 COST06-BP02 Select resource type, size, and number based on data			no data
💼 COST06-BP03 Select resource type, size, and number automatically based on metrics			no data
💼 COST06-BP04 Consider using shared resources			no data
💼 Expenditure and usage awareness	3	3	no data
💼 Decommission resources	5		no data
💼 COST04-BP01 Track resources over their lifetime			no data
💼 COST04-BP02 Implement a decommissioning process			no data
💼 COST04-BP03 Decommission resources			no data
💼 COST04-BP04 Decommission resources automatically			no data
💼 COST04-BP05 Enforce data retention policies			no data
💼 Governance	6	3	no data
💼 COST02-BP01 Develop policies based on your organization requirements			no data
💼 COST02-BP02 Implement goals and targets			no data
💼 COST02-BP03 Implement an account structure			no data
💼 COST02-BP04 Implement groups and roles		3	no data
💼 COST02-BP05 Implement cost controls			no data
💼 COST02-BP06 Track project lifecycle			no data
💼 Monitor cost and usage	6		no data
💼 COST03-BP01 Configure detailed information sources			no data
💼 COST03-BP02 Add organization information to cost and usage			no data
💼 COST03-BP03 Identify cost attribution categories			no data
💼 COST03-BP04 Establish organization metrics			no data
💼 COST03-BP05 Configure billing and cost management tools			no data
💼 COST03-BP06 Allocate costs based on workload metrics			no data
💼 Manage demand and supply resources	3		no data
💼 COST09-BP01 Perform an analysis on the workload demand			no data
💼 COST09-BP02 Implement a buffer or throttle to manage demand			no data
💼 COST09-BP03 Supply resources dynamically			no data
💼 Optimize over time	2		no data
💼 Automating operations	1		no data
💼 COST11-BP01 Perform automation for operations			no data
💼 Define a review process and analyze your workload regularly	2		no data
💼 COST10-BP01 Develop a workload review process			no data
💼 COST10-BP02 Review and analyze this workload regularly			no data
💼 Practice Cloud Financial Management	9		no data
💼 COST01-BP01 Establish ownership of cost optimization			no data
💼 COST01-BP02 Establish a partnership between finance and technology			no data
💼 COST01-BP03 Establish cloud budgets and forecasts			no data
💼 COST01-BP04 Implement cost awareness in your organizational processes			no data
💼 COST01-BP05 Report and notify on cost optimization			no data
💼 COST01-BP06 Monitor cost proactively			no data
💼 COST01-BP07 Keep up-to-date with new service releases			no data
💼 COST01-BP08 Create a cost-aware culture			no data
💼 COST01-BP08 Create a cost-aware culture			no data
💼 Operational Excellence	4	3	no data
💼 Evolve	1		no data
💼 Learn, share, and improve	9		no data
💼 OPS11-BP01 Have a process for continuous improvement			no data
💼 OPS11-BP02 Perform post-incident analysis			no data
💼 OPS11-BP03 Implement feedback loops			no data
💼 OPS11-BP04 Perform knowledge management			no data
💼 OPS11-BP05 Define drivers for improvement			no data
💼 OPS11-BP06 Validate insights			no data
💼 OPS11-BP07 Perform operations metrics reviews			no data
💼 OPS11-BP08 Document and share lessons learned			no data
💼 OPS11-BP09 Allocate time to make improvements			no data
💼 Operate	3		no data
💼 Responding to events	7		no data
💼 OPS10-BP01 Use a process for event, incident, and problem management			no data
💼 OPS10-BP02 Have a process per alert			no data
💼 OPS10-BP03 Prioritize operational events based on business impact			no data
💼 OPS10-BP04 Define escalation paths			no data
💼 OPS10-BP05 Define a customer communication plan for service-impacting events			no data
💼 OPS10-BP06 Communicate status through dashboards			no data
💼 OPS10-BP07 Automate responses to events			no data
💼 Understanding operational health	3		no data
💼 OPS05-BP03 Use configuration management systems			no data
💼 OPS09-BP01 Measure operations goals and KPIs with metrics			no data
💼 OPS09-BP02 Communicate status and trends to ensure visibility into operation			no data
💼 Utilizing workload observability	5		no data
💼 OPS08-BP01 Analyze workload metrics			no data
💼 OPS08-BP02 Analyze workload logs			no data
💼 OPS08-BP03 Analyze workload traces			no data
💼 OPS08-BP04 Create actionable alerts			no data
💼 OPS08-BP05 Create dashboards			no data
💼 Organization	3		no data
💼 Operating model	6		no data
💼 OPS02-BP01 Resources have identified owners			no data
💼 OPS02-BP02 Processes and procedures have identified owners			no data
💼 OPS02-BP03 Operations activities have identified owners responsible for their performance			no data
💼 OPS02-BP04 Mechanisms exist to manage responsibilities and ownership			no data
💼 OPS02-BP05 Mechanisms exist to request additions, changes, and exceptions			no data
💼 OPS02-BP06 Responsibilities between teams are predefined or negotiated			no data
💼 Organization priorities	6		no data
💼 OPS01-BP01 Evaluate external customer needs			no data
💼 OPS01-BP02 Evaluate internal customer needs			no data
💼 OPS01-BP03 Evaluate governance requirements			no data
💼 OPS01-BP04 Evaluate compliance requirements			no data
💼 OPS01-BP05 Evaluate threat landscape			no data
💼 OPS01-BP06 Evaluate tradeoffs while managing benefits and risks			no data
💼 Organizational culture	7		no data
💼 OPS03-BP01 Provide executive sponsorship			no data
💼 OPS03-BP02 Team members are empowered to take action when outcomes are at risk			no data
💼 OPS03-BP03 Escalation is encouraged			no data
💼 OPS03-BP04 Communications are timely, clear, and actionable			no data
💼 OPS03-BP05 Experimentation is encouraged			no data
💼 OPS03-BP06 Team members are encouraged to maintain and grow their skill sets			no data
💼 OPS03-BP07 Resource teams appropriately			no data
💼 Prepare	4	3	no data
💼 Design for operations	10	2	no data
💼 OPS05-BP01 Use version control			no data
💼 OPS05-BP02 Test and validate changes			no data
💼 OPS05-BP03 Use configuration management systems			no data
💼 OPS05-BP04 Use build and deployment management systems			no data
💼 OPS05-BP05 Perform patch management		2	no data
💼 OPS05-BP06 Share design standards			no data
💼 OPS05-BP07 Implement practices to improve code quality			no data
💼 OPS05-BP08 Use multiple environment			no data
💼 OPS05-BP09 Make frequent, small, reversible changes			no data
💼 OPS05-BP10 Fully automate integration and deployment			no data
💼 Implement observability	5	1	no data
💼 OPS04-BP01 Identify key performance indicators			no data
💼 OPS04-BP02 Implement application telemetry			no data
💼 OPS04-BP03 Implement user experience telemetry			no data
💼 OPS04-BP04 Implement dependency telemetry			no data
💼 OPS04-BP05 Implement distributed tracing		1	no data
💼 Mitigate deployment risks	4		no data
💼 OPS06-BP01 Plan for unsuccessful changes			no data
💼 OPS06-BP02 Test deployments			no data
💼 OPS06-BP03 Employ safe deployment strategies			no data
💼 OPS06-BP04 Automate testing and rollback			no data
💼 Operational readiness and change management	6		no data
💼 OPS07-BP01 Ensure personnel capability			no data
💼 OPS07-BP02 Ensure a consistent review of operational readiness			no data
💼 OPS07-BP03 Use runbooks to perform procedures			no data
💼 OPS07-BP04 Use playbooks to investigate issues			no data
💼 OPS07-BP05 Make informed decisions to deploy systems and changes			no data
💼 OPS07-BP06 Create support plans for production workloads			no data
💼 Performance Efficiency	5		no data
💼 Architecture selection	7		no data
💼 PERF01-BP01 Learn about and understand available cloud services and features			no data
💼 PERF01-BP02 Use guidance from your cloud provider or an appropriate partner to learn about architecture patterns and best practices			no data
💼 PERF01-BP03 Factor cost into architectural decisions			no data
💼 PERF01-BP04 Evaluate how trade-offs impact customers and architecture efficiency			no data
💼 PERF01-BP05 Use policies and reference architectures			no data
💼 PERF01-BP06 Use benchmarking to drive architectural decisions			no data
💼 PERF01-BP07 Use a data-driven approach for architectural choices			no data
💼 Compute and hardware	6		no data
💼 PERF02-BP01 Select the best compute options for your workload			no data
💼 PERF02-BP02 Understand the available compute configuration and features			no data
💼 PERF02-BP03 Collect compute-related metrics			no data
💼 PERF02-BP04 Configure and right-size compute resources			no data
💼 PERF02-BP05 Scale your compute resources dynamically			no data
💼 PERF02-BP06 Use optimized hardware-based compute accelerators			no data
💼 Data management	4		no data
💼 PERF03-BP01 Use a purpose-built data store that best supports your data access and storage requirements			no data
💼 PERF03-BP02 Evaluate available configuration options for data store			no data
💼 PERF03-BP03 Collect and record data store performance metrics			no data
💼 PERF03-BP04 Implement strategies to improve query performance in data store			no data
💼 Networking and content delivery	7		no data
💼 PERF04-BP01 Understand how networking impacts performance			no data
💼 PERF04-BP02 Evaluate available networking features			no data
💼 PERF04-BP03 Choose appropriate dedicated connectivity or VPN for your workload			no data
💼 PERF04-BP04 Use load balancing to distribute traffic across multiple resources			no data
💼 PERF04-BP05 Choose network protocols to improve performance			no data
💼 PERF04-BP06 Choose your workload's location based on network requirements			no data
💼 PERF04-BP07 Optimize network configuration based on metrics			no data
💼 Process and culture	7		no data
💼 PERF05-BP01 Establish key performance indicators (KPIs) to measure workload health and performance			no data
💼 PERF05-BP02 Use monitoring solutions to understand the areas where performance is most critical			no data
💼 PERF05-BP03 Define a process to improve workload performance			no data
💼 PERF05-BP04 Load test your workload			no data
💼 PERF05-BP05 Use automation to proactively remediate performance-related issues			no data
💼 PERF05-BP06 Keep your workload and services up-to-date			no data
💼 PERF05-BP07 Review metrics at regular intervals			no data
💼 Reliability	4		no data
💼 Change management	3		no data
💼 Design your workload to adapt to changes in demand	4		no data
💼 REL07-BP01 Use automation when obtaining or scaling resources			no data
💼 REL07-BP02 Obtain resources upon detection of impairment to a workload			no data
💼 REL07-BP03 Obtain resources upon detection that more resources are needed for a workload			no data
💼 REL07-BP04 Load test your workload			no data
💼 Implement change	5		no data
💼 REL08-BP01 Use runbooks for standard activities such as deployment			no data
💼 REL08-BP02 Integrate functional testing as part of your deployment			no data
💼 REL08-BP03 Integrate resiliency testing as part of your deployment			no data
💼 REL08-BP04 Deploy using immutable infrastructure			no data
💼 REL08-BP05 Deploy changes with automation			no data
💼 Monitor workload resources	7		no data
💼 REL06-BP01 Monitor all components for the workload (Generation)			no data
💼 REL06-BP02 Define and calculate metrics (Aggregation)			no data
💼 REL06-BP03 Send notifications (Real-time processing and alarming)			no data
💼 REL06-BP04 Automate responses (Real-time processing and alarming)			no data
💼 REL06-BP05 Analyze logs			no data
💼 REL06-BP06 Regularly review monitoring scope and metrics			no data
💼 REL06-BP07 Monitor end-to-end tracing of requests through your system			no data
💼 Failure management	5		no data
💼 Back up data	4		no data
💼 REL09-BP01 Identify and back up all data that needs to be backed up, or reproduce the data from sources			no data
💼 REL09-BP02 Secure and encrypt backups			no data
💼 REL09-BP03 Perform data backup automatically			no data
💼 REL09-BP04 Perform periodic recovery of the data to verify backup integrity and processes			no data
💼 Design your workload to withstand component failures	7		no data
💼 REL11-BP01 Monitor all components of the workload to detect failures			no data
💼 REL11-BP02 Fail over to healthy resources			no data
💼 REL11-BP03 Automate healing on all layers			no data
💼 REL11-BP04 Rely on the data plane and not the control plane during recovery			no data
💼 REL11-BP05 Use static stability to prevent bimodal behavior			no data
💼 REL11-BP06 Send notifications when events impact availability			no data
💼 REL11-BP07 Architect your product to meet availability targets and uptime service level agreements (SLAs)			no data
💼 Plan for Disaster Recovery (DR)	5		no data
💼 REL13-BP01 Define recovery objectives for downtime and data loss			no data
💼 REL13-BP02 Use defined recovery strategies to meet the recovery objectives			no data
💼 REL13-BP03 Test disaster recovery implementation to validate the implementation			no data
💼 REL13-BP04 Manage configuration drift at the DR site or Region			no data
💼 REL13-BP05 Automate recovery			no data
💼 Test reliability	5		no data
💼 REL12-BP01 Use playbooks to investigate failures			no data
💼 REL12-BP02 Perform post-incident analysis			no data
💼 REL12-BP03 Test scalability and performance requirements			no data
💼 REL12-BP04 Test resiliency using chaos engineering			no data
💼 REL12-BP05 Conduct game days regularly			no data
💼 Use fault isolation to protect your workload	3		no data
💼 REL10-BP01 Deploy the workload to multiple locations			no data
💼 REL10-BP02 Automate recovery for components constrained to a single location			no data
💼 REL10-BP03 Use bulkhead architectures to limit scope of impact			no data
💼 Foundations	2		no data
💼 Manage service quotas and constraints	6		no data
💼 REL01-BP01 Aware of service quotas and constraints			no data
💼 REL01-BP02 Manage service quotas across accounts and regions			no data
💼 REL01-BP03 Accommodate fixed service quotas and constraints through architecture			no data
💼 REL01-BP04 Monitor and manage quotas			no data
💼 REL01-BP05 Automate quota management			no data
💼 REL01-BP06 Ensure that a sufficient gap exists between the current quotas and the maximum usage to accommodate failover			no data
💼 Plan your network topology	5		no data
💼 REL02-BP01 Use highly available network connectivity for your workload public endpoints			no data
💼 REL02-BP02 Provision redundant connectivity between private networks in the cloud and on-premises environments			no data
💼 REL02-BP03 Ensure IP subnet allocation accounts for expansion and availability			no data
💼 REL02-BP04 Prefer hub-and-spoke topologies over many-to-many mesh			no data
💼 REL02-BP05 Enforce non-overlapping private IP address ranges in all private address spaces where they are connected			no data
💼 Workload architecture	3		no data
💼 Design interactions in a distributed system to mitigate or withstand failures	7		no data
💼 REL05-BP01 Implement graceful degradation to transform applicable hard dependencies into soft dependencies			no data
💼 REL05-BP02 Throttle requests			no data
💼 REL05-BP03 Control and limit retry calls			no data
💼 REL05-BP04 Fail fast and limit queues			no data
💼 REL05-BP05 Set client timeouts			no data
💼 REL05-BP06 Make systems stateless where possible			no data
💼 REL05-BP07 Implement emergency levers			no data
💼 Design interactions in a distributed system to prevent failures	4		no data
💼 REL04-BP01 Identify the kind of distributed systems you depend on			no data
💼 REL04-BP02 Implement loosely coupled dependencies			no data
💼 REL04-BP03 Do constant work			no data
💼 REL04-BP04 Make mutating operations idempotent			no data
💼 Design your workload service architecture	3		no data
💼 REL03-BP01 Choose how to segment your workload			no data
💼 REL03-BP02 Build services focused on specific business domains and functionality			no data
💼 REL03-BP03 Provide service contracts per API			no data
💼 Security	7	1	no data
💼 Application Security	8		no data
💼 SEC11-BP01 Train for application security			no data
💼 SEC11-BP02 Automate testing throughout the development and release lifecycle			no data
💼 SEC11-BP03 Perform regular penetration testing			no data
💼 SEC11-BP04 Conduct code reviews			no data
💼 SEC11-BP05 Centralize services for packages and dependencies			no data
💼 SEC11-BP06 Deploy software programmatically			no data
💼 SEC11-BP07 Regularly assess security properties of the pipelines			no data
💼 SEC11-BP08 Build a program that embeds security ownership in workload teams			no data
💼 Data protection	3		no data
💼 Data Classification	4		no data
💼 SEC07-BP01 Understand your data classification scheme			no data
💼 SEC07-BP02 Apply data protection controls based on data sensitivity			no data
💼 SEC07-BP03 Automate identification and classification			no data
💼 SEC07-BP04 Define scalable data lifecycle management			no data
💼 Protecting Data at Rest	4		no data
💼 SEC08-BP01 Implement secure key management			no data
💼 SEC08-BP02 Enforce encryption at rest			no data
💼 SEC08-BP03 Automate data at rest protection			no data
💼 SEC08-BP04 Enforce access control			no data
💼 Protecting Data in Transit	3		no data
💼 SEC09-BP01 Implement secure key and certificate management			no data
💼 SEC09-BP02 Enforce encryption in transit			no data
💼 SEC09-BP03 Authenticate network communications			no data
💼 Detection	4	1	no data
💼 SEC04-BP01 Configure service and application logging			no data
💼 SEC04-BP02 Capture logs, findings, and metrics in standardized locations			no data
💼 SEC04-BP03 Correlate and enrich security alerts		1	no data
💼 SEC04-BP04 Initiate remediation for non-compliant resources		1	no data
💼 Identity and Access Management	2		no data
💼 Identity management	6		no data
💼 SEC02-BP01 Use strong sign-in mechanisms			no data
💼 SEC02-BP02 Use temporary credentials			no data
💼 SEC02-BP03 Store and use secrets securely			no data
💼 SEC02-BP04 Rely on a centralized identity provider			no data
💼 SEC02-BP05 Audit and rotate credentials periodically			no data
💼 SEC02-BP06 Employ user groups and attributes			no data
💼 Permissions management	9		no data
💼 SEC03-BP01 Define access requirements			no data
💼 SEC03-BP02 Grant least privilege access			no data
💼 SEC03-BP03 Establish emergency access process			no data
💼 SEC03-BP04 Reduce permissions continuously			no data
💼 SEC03-BP05 Define permission guardrails for your organization			no data
💼 SEC03-BP06 Manage access based on lifecycle			no data
💼 SEC03-BP07 Analyze public and cross-account access			no data
💼 SEC03-BP08 Share resources securely within your organization			no data
💼 SEC03-BP09 Share resources securely with a third party			no data
💼 Incident Response	1		no data
💼 Preparation	8		no data
💼 SEC10-BP01 Identify key personnel and external resources			no data
💼 SEC10-BP02 Develop incident management plans			no data
💼 SEC10-BP03 Prepare forensic capabilities			no data
💼 SEC10-BP04 Develop and test security incident response playbooks			no data
💼 SEC10-BP05 Pre-provision access			no data
💼 SEC10-BP06 Pre-deploy tools			no data
💼 SEC10-BP07 Run simulations			no data
💼 SEC10-BP08 Establish a framework for learning from incidents			no data
💼 Infrastructure protection	2	1	no data
💼 Protecting Compute	5		no data
💼 SEC06-BP01 Perform vulnerability management			no data
💼 SEC06-BP02 Provision compute from hardened images			no data
💼 SEC06-BP03 Reduce manual management and interactive access			no data
💼 SEC06-BP04 Validate software integrity			no data
💼 SEC06-BP05 Automate compute protection			no data
💼 Protecting Networks	4	1	no data
💼 SEC05-BP01 Create network layers			no data
💼 SEC05-BP02 Control traffic flow within your network layers			no data
💼 SEC05-BP03 Implement inspection-based protection		1	no data
💼 SEC05-BP04 Automate network protection		1	no data
💼 Security Foundations	1		no data
💼 Operating your workloads securely	8		no data
💼 SEC01-BP01 Separate workloads using accounts			no data
💼 SEC01-BP02 Secure account root user and properties			no data
💼 SEC01-BP03 Identify and validate control objectives			no data
💼 SEC01-BP04 Stay up to date with security threats and recommendations			no data
💼 SEC01-BP05 Reduce security management scope			no data
💼 SEC01-BP06 Automate deployment of standard security controls			no data
💼 SEC01-BP07 Identify threats and prioritize mitigations using a threat model			no data
💼 SEC01-BP08 Evaluate and implement new security services and features regularly			no data
💼 Sustainability	6		no data
💼 Alignment to demand	6		no data
💼 SUS02-BP01 Scale workload infrastructure dynamically			no data
💼 SUS02-BP02 Align SLAs with sustainability goals			no data
💼 SUS02-BP03 Stop the creation and maintenance of unused assets			no data
💼 SUS02-BP04 Optimize geographic placement of workloads based on their networking requirements			no data
💼 SUS02-BP05 Optimize team member resources for activities performed			no data
💼 SUS02-BP06 Implement buffering or throttling to flatten the demand curve			no data
💼 Data management	8		no data
💼 SUS04-BP01 Implement a data classification policy			no data
💼 SUS04-BP02 Use technologies that support data access and storage patterns			no data
💼 SUS04-BP03 Use policies to manage the lifecycle of your datasets			no data
💼 SUS04-BP04 Use elasticity and automation to expand block storage or file system			no data
💼 SUS04-BP05 Remove unneeded or redundant data			no data
💼 SUS04-BP06 Use shared file systems or storage to access common data			no data
💼 SUS04-BP07 Minimize data movement across networks			no data
💼 SUS04-BP08 Back up data only when difficult to recreate			no data
💼 Hardware and services	4		no data
💼 SUS05-BP01 Use the minimum amount of hardware to meet your needs			no data
💼 SUS05-BP02 Use instance types with the least impact			no data
💼 SUS05-BP03 Use managed services			no data
💼 SUS05-BP04 Optimize your use of hardware-based compute accelerators			no data
💼 Process and culture	5		no data
💼 SUS06-BP01 Communicate and cascade your sustainability goals			no data
💼 SUS06-BP02 Adopt methods that can rapidly introduce sustainability improvements			no data
💼 SUS06-BP03 Keep your workload up-to-date			no data
💼 SUS06-BP04 Increase utilization of build environments			no data
💼 SUS06-BP05 Use managed device farms for testing			no data
💼 Region selection	1		no data
💼 SUS01-BP01 Choose Region based on both business requirements and sustainability goals			no data
💼 Software and architecture	5		no data
💼 SUS03-BP01 Optimize software and architecture for asynchronous and scheduled jobs			no data
💼 SUS03-BP02 Remove or refactor workload components with low or no use			no data
💼 SUS03-BP03 Optimize areas of code that consume the most time or resources			no data
💼 SUS03-BP04 Optimize impact on devices and equipment			no data
💼 SUS03-BP05 Use software patterns and architectures that best support data access and storage patterns			no data

Description​

Similar​

Sub Sections​

Description

Similar

Sub Sections