1. Introduction
- Creating a software system is very similar to building a building. If the foundation is not solid, structural problems can undermine the integrity and functionality of the building.
- When building technology solutions on Amazon Web Services (AWS), you should not ignore the 5 pillars (“pillars”) in the architecture framework of AWS (AWS Well-Architected), which are:
- Operational excellence ( excellent performance)
- Security
- Reliability
- Performance efficiency
- Cost optimization (cost optimization).
- Building a system that meets the expectations and requirements of each individual, company or organization is a challenge. By incorporating these “pillars” into your architecture, stable and efficient systems can be created. This allows you to focus on other aspects of the design, such as functional requirements.
- The AWS Well-Architected Framework helps cloud architects build the most secure, high-performance, flexible, and efficient infrastructure possible for their applications. This framework also provides a guide to deploying extended designs depending on your application needs over time.
2. Operational Excellence
Operational excellence pillars focus on running and monitoring systems to add value to the business and continually improve processes and procedures. Key topics include managing and automating changes, responding to events, and defining standards to successfully manage daily activities.
Design Principles
There are 6 principles for every activity in the cloud to function correctly:
- 1. Perform operations as code:
In Cloud, we can apply the same technical framework used for application code to our entire environment. You can define your entire workload (including applications, infrastructure, etc.) as code and update it with code. As a result, the operating processes are scripted, and the process is also automated by enabling them to respond to events. The benefit of implementing operations in the form of code is limiting human error and allowing consistent responses to events.
- 2. Annotate documentation
In an on-premises environment, documents are often manually created, used by people and difficult to synchronize at a changing rate. In Cloud, you can automate the creation of annotated documents after each build (or automatically annotate documents manually). Annotate documentation can be used by both humans and systems.
- 3. Make frequent, small, reversible changes
Design workloads to allow each component to be updated regularly. Making changes in small increments can go backward if steps fail (which minimizes the impact on customers as much as possible).
- 4. Refine operations procedures frequently
When you use operational processes, always think of ways to improve them. As the workload increases, the operating process also needs to develop appropriately.
- 5. Anticipate failure
Perform pre-mortem exercises to identify potential failures that can be eliminated or minimized. Check the failure scenarios and confirm that you fully understand their impacts; Check both feedback processes to make sure they are effective.
- 6. Learn from all operational failures
When failure occurs, it is important to learn from experience and improve operations
3. Security
Security pillars focus on protecting information and systems. Key topics include the security and integrity of data, identifying and managing who can do what thanks to privileged management, system protection, and setting up controls to detect security events. .
Design Principles
There are 7 principles in security pillars:
- 1. Implement a strong identity foundation:
Implement the principle of granting least privileges and executing tasks with appropriate authorization for each interaction with AWS resources. Centralize privilege management and reduce or even eliminate dependence on long-term authentication.
- 2. Enable traceability :
Monitor, alert and test every action and change in your environment in real time. Integrate logs (metrics) and metrics with systems to automatically respond and take action.
- 3. Apply security at all layers :
Instead of focusing on protecting a single outer layer, apply intensive protection. Applies security to all classes (eg, edge networks, VPCs, subnets, load balancers, instances, operating systems and applications, etc.).
- 4. Automate security best practices :
Automated software-based security mechanisms allow you to scale safely, faster and cost savings.
- 5. Protect data in transit and at rest :
Classify your data into different levels of sensitivity; Use mechanisms, such as encryption, tokens, and access control when appropriate.
- 6. Keep people away from data :
Create mechanisms and tools to reduce or eliminate the need for direct access or manual data processing. This helps reduce the risk of loss or modification when processing sensitive data.
- 7. Prepare for security events :
Perform incident response simulation; Use automation tools to speed up system discovery, investigation, and recovery.
4. Reliability
Reliability pillars focus on the ability to prevent and quickly recover from incidents to meet the needs of businesses and customers. Key topics include the fundamentals surrounding installation issues, requirements throughout the project, recovery planning and how we handle change.>
Design Principles
There are 5 principles to ensure reliability in the cloud:
- 1. Test recovery procedures :
In an on-premises environment, testing is often done to prove the system operates under a specific scenario. In the cloud, you can check how your system is failing and validate your recovery processes. You can use automation to simulate various failures or to recreate situations leading to previous failures. This feature allows you to check and fix against an actual failure scenario.
- 2. Automatically recover from failure :
By creating a system to monitor work performance indicators (KPIs), you can enable automation when the set threshold is violated. These KPIs must be a measure of business value, not a technical aspect of service operations. This allows automatic notification and tracking of errors occurring.
- 3. Scale horizontally to increase aggregate system availability :
Replace a large resource with many small resources to reduce the impact of a single error on the entire system.
- 4. Stop guessing capacity :
A common cause of system collapse is resource saturation, which occurs when requests sent to a system are beyond the capacity of the system (this is often the goal of denial-of-service attacks). service). Cloud provides a feature that allows you to track system needs and usage, They can automate adding or deleting resources to maintain optimal levels to meet demand without oversupply or below supply.
- 5. Manage change in automation :
Should change infrastructure through automation.
5. Performance Efficiency
Performance pillars focus on the efficient use of IT and computing resources. Key topics include choosing the right type and size of resources based on workload requirements, monitoring performance, and making informed decisions to maintain performance as business needs increase.
Design Principles
There are 5 principles to ensure performance in the cloud:
- 1. Democratize advanced technologies :
Technologies that are difficult to implement can become easy to use when using the cloud. Instead of learning from scratch a new technology, you can simply use it as a service.
- 2. Go global in minutes :
Easily deploy your system across multiple AWS Regions worldwide with just a few clicks. This allows you to provide lower latency and a better experience for customers at a minimum cost.
- 3. Use serverless architectures :
In the cloud, serverless architectures help you eliminate the burden of managing and maintaining servers, and can also reduce transaction costs as these managed services operate on a cloud scale.
- 4. Experiment more often :
With virtual resources and automation, you can quickly perform comparative checks by using different types of instances, storage forms, or configurations.
- 5. Mechanical sympathy :
Use the technology method that best suits your needs and purposes.
6. Cost Optimization
Cost optimization focuses on avoiding unnecessary expenses. Key topics include understanding and controlling where money is being spent, selecting the right and most appropriate number of resource types, analyzing spending over time, and scaling to meet business needs. Do not overspend.
Design Principles
There are 5 principles to optimize costs in the cloud:
- 1. Adopt a consumption model :
Pay only for the resources you consume; increase or decrease usage depending on business requirements.
- 2. Measure overall efficiency :
Calculate the business volume of the system and the costs associated with providing it. Use this method to understand the profits you gain from increasing output and reducing costs.
- 3. Stop spending money on data center operations :
AWS does a lot of work like supporting, organizing, and powering servers, so you can focus on customers and business projects rather than on IT infrastructure.
- 4. Analyze and attribute expenditure :
Cloud makes it easy to determine exactly the needs and costs of the systems, thereby enabling transparent allocation of IT costs for each revenue stream, providing system owners with the opportunity to Optimize their resources and reduce costs.
- 5. Use managed services to reduce cost of ownership :
Because managed services operate on a cloud scale, they can provide lower costs per transaction or service.