The 6 Pillars of the Framework in AWS

The Six Pillars of the Framework

• Creating a software system is a lot like constructing a building. If the foundation is not solid, structural
problems can undermine the integrity and function of the building
• When architecting technology solutions, if you neglect the six pillars of operational excellence,
security, reliability, performance efficiency, cost optimization and Sustainability, it can become
challenging to build a system that delivers on your expectations and requirements your expectations
and requirements
• The AWS Well-Architected Framework helps cloud architects build the most secure, high-performing,
resilient, and efficient infrastructure possible for their applications
1. Operational Excellence

The Operational Excellence pillar includes the ability to run and monitor systems to deliver business
value and to continually improve supporting processes and procedures.

There are six design principles for operational excellence in the cloud

⁻ Perform operations as code

⁻ Annotate documentation
⁻ Make frequent, small, reversible changes
⁻ Refine operations procedures frequently
⁻ Anticipate failure
⁻ Learn from all operational failures
2. Security

The Security pillar includes the ability to protect information, systems, and assets while delivering business
value through risk assessments and mitigation strategies.

There are seven design principles for security in the cloud:

⁻ Implement a strong identity foundation

⁻ Enable traceability
⁻ Monitor, alert, and audit actions and changes to your environment in real time.
⁻ Apply security at all layers
⁻ Automate security best practices
⁻ Automated software-based security mechanisms improve your ability to securely scale more
rapidly and cost effectively.
⁻ Protect data in transit and at rest
⁻ Keep people away from data
⁻ Prepare for security events
⁻ Prepare for an incident by having an incident management process that aligns to your
organizational requirements.
3. Reliability

The Reliability pillar includes the ability of a system to recover from infrastructure or service disruptions,
dynamically acquire computing resources to meet demand, and mitigate disruptions such as
misconfigurations or transient network issues.

There are five design principles for reliability in the cloud:

⁻ Test recovery procedures

⁻ In the cloud, you can test how your system fails, and you can validate your recovery procedures.
⁻ Automatically recover from failure
⁻ Scale horizontally to increase aggregate system availability
⁻ Stop guessing capacity
⁻ Manage change in automation
⁻ Changes to your infrastructure should be done using automation. The changes that need to be
managed are changes to the automation.
4. Performance Efficiency

The Performance Efficiency pillar includes the ability to use computing resources efficiently to meet
system requirements, and to maintain that efficiency as demand changes and technologies evolve.

There are five design principles for performance efficiency in the cloud:

⁻ Democratize advanced technologies

⁻ Go global in minutes
⁻ Use serverless architectures
⁻ In the cloud, serverless architectures remove the need for you to run and maintain servers to
carry out traditional compute activities.
⁻ Experiment more often
⁻ Mechanical sympathy
⁻ Use the technology approach that aligns best to what you are trying to achieve. For example,
consider data access patterns when selecting database or storage approaches.
5. Cost Optimization

The Cost Optimization pillar includes the ability to run systems to deliver business value at the lowest
price point.

There are five design principles for cost optimization in the cloud:

⁻ Adopt a consumption model

⁻ Pay only for the computing resources that you require and increase or decrease usage depending
on business requirements
⁻ Measure overall efficiency
⁻ Measure the business output of the workload and the costs associated with delivering it.
⁻ Stop spending money on data center operations
⁻ Analyze and attribute expenditure
⁻ The cloud makes it easier to accurately identify the usage and cost of systems, which then allows
transparent attribution of IT costs to individual workload owners.
⁻ Use managed and application level services to reduce cost of ownership
6. Sustainability

The Sustainability pillar focuses on environmental impacts, especially energy consumption and efficiency,
since they are important levers for architects to inform direct action to reduce resource usage

There are six design principles for Sustainability in the cloud:

⁻ Understand your impact

⁻ Measure the impact of your cloud workload and model the future impact of your workload
⁻ Maximize utilization
⁻ Right-size workloads and implement efficient design to ensure high utilization and maximize the
energy efficiency of the underlying hardware
⁻ Use managed services
⁻ Reduce the downstream impact of your cloud workloads: Reduce the amount of energy or resources
required to use your services
AWS Well-Architected Tool

- Learn, measure,
and build using
architectural best
practices
- Helps you review
your workloads
against current
AWS best practices
- Provides guidance
on how to improve
your cloud
architectures
Introduction to Cloud Trail

- Helps you enable governance, compliance, and operational and risk auditing of your AWS account
- Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail
- Events include actions taken in the AWS Management Console, AWS Command Line Interface,
and AWS SDKs and APIs
- Enabled when you create AWS account
- You can use CloudTrail to view, search, download, archive, analyze, and respond to account activity
across your AWS infrastructure
- You can identify
- who or what took which action
- what resources were acted upon
- when the event occurred
- other details to help you analyze and respond to activity in your AWS account
- Can create 5 Trails per region (cannot be increased)
Management Events

Management events provide information about management operations that are performed on
resources in your AWS account. These are also known as control plane operations
- Example
- Registering devices (for example, Amazon EC2 CreateDefaultVpc API operations)
Management events can also include non-API events that occur in your account. For example, when a
user signs in to your account, CloudTrail logs the ConsoleLogin event

Data Events

Data events provide information about the resource operations performed on or in a resource. These
are also known as data plane operations. Data events are often high-volume activities
- Example
- Amazon S3 object-level API activity (for example, GetObject, DeleteObject, and PutObject API
operations)
Insights Events

- CloudTrail Insights events capture unusual activity in your AWS account. If you have Insights events
enabled, and CloudTrail detects unusual activity, Insights events are logged to a different folder or
prefix in the destination S3 bucket for your trail.

CloudTrail Event History

- CloudTrail event history provides a viewable, searchable, and downloadable record of the past 90 days
of CloudTrail events. You can use this history to gain visibility into actions taken in your AWS account in
the AWS Management Console, AWS SDKs, command line tools, and other AWS services

Organization Trails

⁻ An organization trail is a configuration that enables delivery of CloudTrail events in the master account
and all member accounts in an organization to the same Amazon S3 bucket
⁻ Creating an organization trail helps you define a uniform event logging strategy for your organization
Cloudwatch
AWS CloudWatch

- Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you
run on AWS in real time
- Use CloudWatch to collect and track metrics, which are variables you can measure for your resources
and applications.
How Amazon Cloudwatch Works

- Amazon Cloudwatch is basically

a metrics repository
- An AWS service—such as
Amazon EC2—puts metrics into
the repository, and you retrieve
statistics based on those
metrics
- Can additionally create custom
dashboards to display metrics
about your custom applications,
and display custom collections
of metrics
CloudWatch Alarm

⁻ You can create a CloudWatch alarm that watches a single CloudWatch metric
⁻ The alarm performs one or more actions based on the value of the metric or expression relative to a
threshold over a number of time periods
⁻ The action can be an Amazon EC2 action, an Amazon EC2 Auto Scaling action, or a notification sent to
an Amazon SNS topic
 Datapoints to Alarm
Alarm Possible states:

OK—The metric or expression is within

the defined threshold
ALARM—The metric or expression is
outside of the defined threshold
INSUFFICIENT_DATA—The alarm has just
started, the metric is not available, or
not enough data is available for the
metric to determine the alarm state
1. What are the 6 pillars of the Framework in AWS
2. Define Cloud Trail
3. What is a CloudTrail event
4. Define Cloud Watch
5. What are the possible states of an CloudWatch alarm