AWS Well-Architected Tool and AWS Trusted Advisor

Learn about the AWS Well-Architected Framework and how the AWS Well-Architected Tool validates our AWS accounts based on it. Further, learn about the AWS Trusted Advisor service that advises on aligning AWS accounts with AWS best practices.

We'll cover the following

When managing complex and rapidly evolving cloud applications, it’s important to avoid common cloud management pitfalls, such as overspending, underutilization/overutilization of resources, and exposure to security vulnerabilities.

AWS services like the AWS Well-Architected Tool and AWS Trusted Advisor are crucial for avoiding these pitfalls and maintaining optimal cloud operations, leading to more resilient and well-optimized cloud environments. They provide essential guidance and automated recommendations that help users identify misconfigurations and inefficiencies, ensuring that cloud deployments are secure and cost-effective.

AWS Well-Architected Framework

The AWS Well-Architected Framework is a guide for building an operationally streamlined, sustainable, cost-optimized, high-performing, reliable, and secure application infrastructure based on AWS’s best practices.

Press + to interact
AWS Well-Architected Framework pillars
AWS Well-Architected Framework pillars

The AWS Well-Architected Framework provides key concepts, design principles, and best practices for maintaining an optimized cloud infrastructure. All of these principles and best practices are based on the six pillars of the AWS Well-Architected Framework:

  • Operational excellence: This pillar ensures that our cloud infrastructure operates smoothly and efficiently. This involves automating everyday tasks, dealing with problems as soon as they arise, and setting clear rules for handling daily operations.

  • Security: This pillar focuses on keeping our cloud data safe. It involves maintaining the confidentiality and integrity of information, identifying and managing who should have access to what data, protecting our systems from internal and external threats, and setting up checks to quickly detect any security events.

  • Reliability: This pillar focuses on ensuring that our cloud infrastructure stays up and running smoothly, even when unexpected problems occur, like server failures or spikes in traffic. It’s about having the ability to quickly get things back to normal and adjust resources to handle changes in demand.

  • Performance efficiency: This pillar focuses on using AWS resources, like compute instances and databases, as efficiently as possible to meet our needs. It means choosing the right tools for the job, tracking how well our systems are performing, and making adjustments to stay efficient as technology changes and our organization grows.

  • Cost optimization: This pillar focuses on managing our AWS cloud spending wisely. It involves understanding where the costs are too high, choosing the most cost-effective resources, and ensuring we’re not using more than we need.

  • Sustainability: This pillar focuses on reducing the environmental impact of our cloud operations. It involves understanding the shared responsibility model for sustainability, using resources efficiently to minimize waste, and considering the environmental implications of our infrastructure and operations.

AWS Well-Architected Tool

The AWS Well-Architected Tool (AWS WA Tool) is a service offered by AWS that helps review the state of cloud infrastructure and validates it against AWS best practices defined by the AWS Well-Architected Framework.

Press + to interact

This tool can guide us through a systematic review of our applications and workloads, focusing on critical aspects like security, reliability, performance efficiency, cost optimization, and operational excellence.

Here are some key points on what the AWS Well-Architected Tool offers and how it works:

  • Workload review: We begin the review process with the AWS WA Tool by defining the relevant workload within the tool, describing its purpose, the resources involved, and the operating environment. A workload in the context of the AWS WA Tool is typically a set of applications running on AWS services that deliver business value.

  • Guided reviews: The tool provides a set of questions based on the six pillars of the AWS Well-Architected Framework. After we answer these questions, it assesses our workloads against best practices and informs us of any areas of improvement.

  • Recommendations: The tool generates specific recommendations to help optimize workloads based on the responses to the review questions. These recommendations are tailored to enhance our cloud architecture’s overall health and efficiency.

  • Reference resources: Alongside recommendations, the tool can link any relevant AWS documentation, whitepapers, and best practice guides, offering resources that we can use to implement the suggestions and learn more about optimal cloud practices.

  • Tracking and reporting: The tool allows for tracking improvements and generating reports of any changes, allowing us to manage our architectural evolution systematically.

  • Accessibility and cost: The AWS WA Tool is accessible directly through the AWS Management Console and is available at no additional charge for AWS users.

AWS Trusted Advisor

AWS Trusted Advisor is a resource that inspects our AWS account against several checks and gives recommendations to enhance the security, performance, availability, and cost.

Press + to interact

Below are the five categories on which Trusted Advisor validates our AWS Account:

  • Cost optimization: Check our AWS account for unused, idle, and reserved capacity resources and highlight the opportunities to reduce cost.

  • Performance: Check AWS services to optimize performance, ensure the use of provisioned throughput, and detect overutilized instances.

  • Security: Check AWS security features and permissions for our AWS infrastructure and recommend improvements.

  • Fault tolerance: Check our applications and recommend actions to improve their availability, performance, and backup capabilities.

  • Service limit: Check the service quota and usage of the services and highlight the actions that need to be taken. 

AWS Trusted Advisor has several checks in each category created by accumulating the best practices from different AWS users. 

AWS Support plans

AWS Support offers four plans to cater the users of different sizes and requirements. The users of each plan have access to the defined features and not all Trusted Advisor checks are available in all plans.

Basic or Developer support plan

This is a default plan selected for the AWS account, and it allows access to all checks in the Service Limit category, but only six checks from the Security category are available. The remaining categories are not available for the users of this plan. A plan upgrade is required to access all the checks. Below is the list of seven core checks that are included in the Developer Support plan:

  • MFA on Root Account

  • Amazon EBS Public Snapshots

  • Amazon RDS Public Snapshots

  • Security Groups - Specific Ports Unrestricted

  • Amazon S3 Bucket Permissions

  • IAM Use (at least one IAM user is required in an AWS account)

  • Service limits

Business, Enterprise On-Ramp, and Enterprise Support plans

The users of these plans have full access to all checks of all categories. They have access to the AWS CloudWatch alarms to get notified and can also use AWS Support API to monitor checks programmatically. 

This lesson taught us about the pillars of the AWS Well-Architected Framework and the AWS Well-Architected Tool that helps us manage our AWS accounts according to this framework. We then learn about the AWS Trusted Advisor service that aligns our AWS account with the AWS best practices.

Get hands-on with 1300+ tech skills courses.