The aim of well-architected reviews is to help ensure your application meets its business goals. Is it secure, reliable, scalable and cost-effective? Is it easy to maintain, roll out changes and innovate?
The review is a fast way to identify improvements, and to prioritise these based on the benefit/risk and the effort required. It brings together key stakeholders to get different perspectives, and cloud experts to advise on best practices.
Well-architected reviews are not just a one-time activity. Reviewing before going into production makes it simpler to make changes, and reduces risk for go-live. Reviewing regularly is important for continual improvement, for revisiting tradeoffs and design decisions, and because application requirements and available cloud features change over time.
The AWS well-architected framework defines a set of design principles to facilitate good architectural design, and a set of best practices to follow. These are divided into five pillars: operational excellence, security, reliability, performance efficiency and cost optimisation.
The well-architected framework was introduced by AWS in 2012 (published publicly in 2015) to share the experience of solution architects building systems across many business verticals and use cases. The design principles and best practices apply to pretty much any application running anywhere, with additional advice for how best to apply that on AWS. Importantly it is based on real-world experience of customers, incorporating what works across many customers rather than it being just the opinion of AWS themselves.
The well-architected framework continually evolves to refine and add to the design principles and best practices. One of the biggest additions in recent years are the lenses, which focus on particular types of application such as serverless or for the financial services industry.
The well-architected review is the mechanism to quickly check if the advice in the well-architected framework is being followed, and what improvements are worthwhile.
The review is run by AWS solution architects or by an accredited AWS Well-Architected Partner, such as Cloudsoft.
The review is a conversation, rather than an audit. It is an opportunity to learn, improve and prioritise. It should thus be an open, honest and blame-free conversation.
The review focuses on a single “workload” (e.g. a customer-facing application or backend system). The key stakeholders for that application should all be represented during the review, including: app developers, operations, security, finance and the business. The review could cover all five pillars, or could focus on just a subset of most immediate importance to the customer.
The review lasts about 4 hours, with two solution architects who are experts in cloud, automation and applications. During the review, you should expect to get pragmatic advice and recommendations, and to learn a lot. About a week later, the reviewers will present back their finding and prioritised recommendations.
Different partners run reviews in different ways. Some read out and go through the Well-Architected Tool’s questions (see option 2 below). Our strong preference is to run the review more as a conversation, and to ask questions that make more sense for someone not familiar with the best practice jargon. For example, we would ask: “talk us through how you release a new version of your application”. This allows us to better understand the processes, context and reasons for decisions while identifying areas of improvement, drilling into risky areas. This ensures the conversation builds on the team’s existing understanding, and how best practices can be apply to them. We carefully steer this conversation to get answers to the tool’s questions.
Following the review, the partner (such as Cloudsoft) can help with hands-on remediation, to make the improvements identified. As an added bonus, AWS offers $5,000 in credits for working with the accredited partner on the remediation of a production workload.
AWS released the free Well-Architected Tool in November 2018. This is an online form consisting of a set of questions, with a checklist of best practices per question and a checkbox alongside each. These questions are from the well-architected framework whitepapers, and the tool includes links to useful background material, and some advice for how to apply this for an application running in AWS. Importantly, there is a scoring mechanism that marks questions as high and medium risk based on AWS’ analysis of many thousands of workloads. Focusing on the highest risks helps with prioritisation.
The self-service tool is a great way to navigate the well-architected framework, to identify potential improvements, and to find further resources.
However, there are downsides compared to option 1 (a review by cloud experts). The biggest downside is that the tool does not understand the context and tradeoffs for your particular application. For example, what is a “high risk” security item will depend massively on where you are on a spectrum from Twitter for Pets to a financial institution worried about nation-state attacks. Similarly, a best practice such as “grant least privilege access” is a spectrum from wide-open to massively locked down – whether to tick the checkbox will depend on your context as well as the practices you have in place.
Another downside of the self-service tool is that it requires a lot of well-architected and AWS knowledge to interpret and apply the improvements. It is more efficient to talk to cloud experts who can navigate the many options available: to make recommendations, answer your specific questions, and ensure the solution is right for your context.
Well-architected reviews are one of my favorite parts of the job. The intense deep-dive into all aspects of a customer’s application, the immediate feedback and value it brings, and the customer relationship it builds are all hugely rewarding.
For any application you care about, I’d recommend a well-architected review with cloud experts. It brings together the key stakeholders, quickly identifies improvements, and helps your application to be well-architected.
Is your application secure, reliable, scalable and cost-effective? Is it easy to maintain, roll out changes and innovate? To answer these questions and quickly improve, contact Cloudsoft about a well-architected review.