Concepts
Well-Architected Framework
AWS design principles — six pillars for building secure, high-performing, resilient, efficient, cost-optimized, and sustainable cloud architectures.
Overview
The AWS Well-Architected Framework provides a set of best practices across six pillars for designing and operating reliable, secure, efficient, cost-effective, and sustainable workloads in the cloud — it is the foundation for architecture decisions tested on AWS certification exams.
The Six Pillars
| Pillar | Focus | Key Question |
|---|---|---|
| Operational Excellence | Run and monitor systems; continuously improve | How to support business operations effectively? |
| Security | Protect information, systems, and assets | How to protect data and workloads? |
| Reliability | Recover from failures and meet demand | How to prevent and recover from failures? |
| Performance Efficiency | Use resources efficiently as demand changes | How to select and optimise resources? |
| Cost Optimization | Avoid unnecessary costs | How to eliminate unneeded expense? |
| Sustainability | Minimise environmental impact | How to reduce carbon footprint? |
Pillar 1: Operational Excellence
Design principles:
- Perform operations as code (Infrastructure as Code)
- Make frequent, small, reversible changes
- Refine operations procedures frequently
- Anticipate failure (game days, chaos engineering)
- Learn from all operational events
| Design Principle | AWS Implementation |
|---|---|
| Infrastructure as Code | CloudFormation, CDK, Terraform |
| Observability | CloudWatch, X-Ray, CloudTrail |
| Small deployments | CodeDeploy (rolling, canary, blue/green) |
| Runbook automation | Systems Manager Automation, Lambda |
| Incident management | EventBridge → SNS → PagerDuty / OpsCenter |
Pillar 2: Security
Design principles:
- Implement a strong identity foundation (least privilege)
- Enable traceability (logging everything)
- Apply security at all layers (edge, VPC, subnet, instance, OS, application)
- Automate security best practices
- Protect data in transit and at rest
- Prepare for security events
| Design Principle | AWS Implementation |
|---|---|
| Identity and access | IAM, STS, Identity Center, Cognito |
| Detection | GuardDuty, Security Hub, Macie, Config |
| Infrastructure protection | VPC, WAF, Shield, Security Groups, NACLs |
| Data protection | KMS, CloudHSM, ACM, S3 encryption |
| Incident response | CloudTrail, EventBridge, Lambda automation |
Pillar 3: Reliability
Design principles:
- Automatically recover from failure
- Test recovery procedures
- Scale horizontally to increase aggregate availability
- Stop guessing capacity (use auto-scaling)
- Manage change through automation
| Design Principle | AWS Implementation |
|---|---|
| Fault isolation | Multi-AZ, Multi-Region, cell-based architecture |
| Auto recovery | Auto Scaling, RDS Multi-AZ failover, Route 53 health checks |
| DR strategies | Backup & Restore, Pilot Light, Warm Standby, Active-Active |
| Change management | CloudFormation change sets, CodePipeline |
| Service quotas | Service Quotas, Trusted Advisor |
Pillar 4: Performance Efficiency
Design principles:
- Democratise advanced technologies (use managed services)
- Go global in minutes (CloudFront, Global Accelerator, multi-region)
- Use serverless architectures
- Experiment more often
- Consider mechanical sympathy (understand how services work to use them best)
| Design Principle | AWS Implementation |
|---|---|
| Compute selection | EC2 (right instance type), Lambda, Fargate, Graviton |
| Storage selection | S3, EBS (gp3/io2), EFS, FSx — match to access pattern |
| Database selection | RDS, Aurora, DynamoDB, ElastiCache — match to query pattern |
| Caching | ElastiCache, DAX, CloudFront, API Gateway cache |
| Networking | Enhanced Networking, Placement Groups, Global Accelerator |
Pillar 5: Cost Optimization
Design principles:
- Implement cloud financial management
- Adopt a consumption model (pay only for what is used)
- Measure overall efficiency
- Stop spending money on undifferentiated heavy lifting
- Analyse and attribute expenditure
| Design Principle | AWS Implementation |
|---|---|
| Right-sizing | Compute Optimizer, Cost Explorer |
| Pricing models | Savings Plans, Reserved Instances, Spot Instances |
| Usage awareness | AWS Budgets, Cost and Usage Report, Cost Allocation Tags |
| Storage optimisation | S3 Lifecycle, Intelligent-Tiering, EBS Snapshot Archive |
| Managed services | Replace self-managed with Lambda, Fargate, RDS, etc. |
Pillar 6: Sustainability
Design principles:
- Understand the environmental impact
- Establish sustainability goals
- Maximise utilisation (right-size, auto-scale)
- Adopt efficient hardware and services (Graviton, serverless)
- Reduce downstream impact
| Design Principle | AWS Implementation |
|---|---|
| Efficient compute | Graviton instances, Lambda, Fargate |
| Data management | S3 Lifecycle (tier and delete), data compression |
| Maximise utilisation | Auto Scaling, Spot Instances, right-sizing |
| Region selection | Choose regions with lower carbon intensity |
| Minimise waste | Delete unused resources, compress data, optimise queries |
Well-Architected Tool
- AWS Well-Architected Tool in the console provides a self-service assessment
- Answer questions per pillar for each workload
- Generates a report with High Risk Items (HRIs) and improvement recommendations
- Milestones track improvements over time
- Available at no cost
Quick Reference
| Pillar | One-Sentence Summary |
|---|---|
| Operational Excellence | Automate operations, monitor everything, improve continuously |
| Security | Least privilege, encrypt everything, detect and respond to threats |
| Reliability | Design for failure, auto-recover, test recovery, scale horizontally |
| Performance Efficiency | Choose the right resources, cache aggressively, go serverless where possible |
| Cost Optimization | Pay only for what is needed, commit for steady-state, spot for flexible |
| Sustainability | Maximise utilisation, use efficient hardware, reduce waste |
AWS Implementation Options
| Architecture Need | Pillar(s) | AWS Services |
|---|---|---|
| Self-service architecture review | All | AWS Well-Architected Tool |
| Automated compliance checks | Security, Reliability | AWS Config, Security Hub |
| Cost visibility and control | Cost Optimization | Cost Explorer, Budgets, Compute Optimizer |
| High availability | Reliability | Multi-AZ, Auto Scaling, Route 53 |
| Performance monitoring | Performance, Operational | CloudWatch, X-Ray, Compute Optimizer |
| Security posture management | Security | GuardDuty, Macie, IAM Access Analyzer |
SAA/SAP Exam Tips
SAA Tip: Questions often reference Well-Architected pillar principles without naming them directly. "Most cost-effective" → Cost Optimization pillar. "Most resilient" → Reliability pillar. "Most secure" → Security pillar.
SAP Tip: The SAP exam tests deep understanding of trade-offs BETWEEN pillars — e.g., Multi-Region Active-Active maximises reliability but increases cost. Know when each trade-off is appropriate.
SAA Tip: Sustainability is the newest pillar (added 2021). Expect 1–2 questions specifically asking for the "most sustainable" or "lowest environmental impact" option — Graviton instances, serverless, and right-sizing are common answers.
Related Services / See Also
- Cost Optimization — detailed strategies for the Cost Optimization pillar
- Disaster Recovery — DR strategies mapped to the Reliability pillar
- Serverless Patterns — architectures aligned with Performance Efficiency and Sustainability
- Auto Scaling — key service for Reliability and Cost Optimization pillars
Built by Fred Cheung @CookedRicer · Powered by Fumadocs & Github Copilot