Event Lint: https://pages.awscloud.com/EMEA-field-OE-AWS-Cloud-Week-2020-reg-event.html
When you start thinking about innovations and prepare evaluations plan for AWS architecture, first of all you want to define answers to a lot of questions such as: “What methods should I use (interviews or automation tools)?”, “What questions should I ask and what categories should they cover?”, “Can I use some automation tools to define correct receipts?”, “What best practices should I recommend after evaluation and what will be the best way to implement these improvements?”.
AWS Well-Architecture Framework has answers to all of these questions and can help you to evaluate, build or improve your infrastructure and software architecture. It's a very important tool that will be useful in different phases of SDLC and you can use this on a regular basis.
This speech will expose principles of architecture evaluation using AWS WAF, show structure of framework, general design principles and common categories, materials which will help you learn this framework and AWS architecture more deeply.
Dreaming Music Video Treatment _ Project & Portfolio III
Using AWS Well Architectured Framework for Software Architecture Evaluations and Innovations (AWS Cloud week , 29 of May 2020)
1. Using AWS Well-Architectured Framework
for
software architecture evaluations and innovations.
Oleksandr Savchenko
2. Speaker.
winner of Ukrainian IT Awards in category
Software Engineering in 2019
10+ years in software design & development
worked as Developer, Architect
Head of Core Development in Ciklum
co-founder and contributor of open-source
products
conducts partnership programs with other
big IT companies
3. What to expect for You?
Tools for measure your architecture
Consistent approach and process for
review architecture
How to build well architecture
4. Agenda.
● What is Well Architectured?
● AWS Well Architected Framework
● AWS Well Architected Tool
● AWS Well Architected Partner Program
5. What is Well Architectured ?
solves problems and achieve goals
easy to evaluate and implement
improvements
scalable with business needs over time
6. Business Cases for Architecture
Evaluation.
● understanding and reduce risks
● compare maturity of different delivery teams
● build a backlog
● solution testing
● create new and improve current
● plan & calculation cost
7. Architecture Evaluation Process.
● CxO Team
● Architect
● Engineer
● Product Owner
● Business Person
Goals definition
Preparation
Evaluation
(Interview, Tools)
Analysis
Results
10. AWS WAF. History Timelines
Oct 2015
Nov 2018
Nov 2016
Original publication To include Operational Excellence
pillar, and revised and updated the
other pillars to reduce duplication and
incorporate learnings from carrying
out reviews with thousands of
customers
Updates to simplify question text,
standardize answers,
and improve readability
Review and rewrite of most Q&A to ensure
questions focus on one topic at a time.
Added common terms to definitions
(workload, component etc).
Changed presentation of
question in main body to include
descriptive text.
Nov 2015
June 2018
Nov 2017
Updated the Appendix
with current Amazon
CloudWatch Logs
information
Operational Excellence moved to
front of pillars and rewritten so it
frames other pillars. Refreshed
other
pillars to reflect evolution of AWS
July 2019
Addition of AWS WA Tool,
links to AWS WA Labs, and
AWS WA Partners, minor fixes
to enable multiple language
version of framework.
12. AWS WAF. Structure
❖ General Design Principles
❖ 5 Pillars
❖ Evaluation Questions and Best Practices
13. AWS WAF. General Design Principles
★ Stop guessing your capacity needs
★ Test systems at production scale
★ Automate to make architectural experimentation
easier
★ Allow for evolutionary architectures
★ Drive architectures using data
★ Improve through game days
18. Operational Excellence pillar.
Design Principles
★ Perform operations as code
★ Annotate documentation
★ Make frequent, small, reversible changes
★ Refine operations procedures frequently
★ Anticipate failure
★ Learn from all operational failures
19. Operational Excellence pillar. Questions & Design Sections
Prepare ● OPS 1: How do you determine what your priorities are?
● OPS 2: How do you design your workload so that you can understand its
state?
● OPS 3: How do you reduce defects, ease remediation, and improve flow
into production?
● OPS 4: How do you mitigate deployment risks?
● OPS 5: How do you know that you are ready to support a workload?
● Operational priorities
● Design for operations
● Operational readiness
Operate ● OPS 6: How do you understand the health of your workload?
● OPS 7: How do you understand the health of your operations?
● OPS 8: How do you manage workload and operations events?
● Understanding operational
Health
● Responding to Events
Evolve
● OPS 9: How do you evolve operations? ● Learning from experience
● Sharing learnings
22. Security pillar. Design Principles
★ Implements a strong identity foundation
★ Enable traceability
★ Apply security at all layers
★ Automate security best practices
★ Protect data in transit and at rest
★ Keep people away from data
★ Prepare for security events
23. Identity and access
management
● SEC 1: How do you manage credentials and
authentication?
● SEC 2: How do you control human access?
● SEC 3: How do you control programmatic access?
● Protecting AWS credentials
● Fine-grained authorization
Detective controls
● SEC 4: How do you detect and investigate security
events?
● SEC 5: How do you defend against emerging security
threats?
● Capture and analyze logs
● Integrate auditing controls with
notification and workflow
Infrastructure protection
● SEC 6: How do you protect your networks?
● SEC 7: How do you protect your compute resources?
● Protecting network and host-level
boundaries
● System security configuration and
maintenance
● Enforcing service-level protection
Data protection
● SEC 8: How do you classify your data?
● SEC 9: How do you protect your data at rest?
● SEC 10: How do you protect your data in transit?
● Data classification
● Encryption/tokenization
● Protecting data at rest
● Protecting data in transit
● Data backup/replication/recovery
Incident response ● SEC 11: How do you respond to an incident? ● Cleanroom
Security pillar. Questions & Design Sections
24. Security pillar. Key AWS Services
Key Services for pillar
Identity and access management
Detective controls
Infrastructure protection
Data protection
Incident response
AWS OrganizationsAWS IAM MFA token
AWS IAM
AWS ConfigAWS CloudTrail Amazon CloudWatch
AWS IAM AWS CloudFormation
Amazon VPC AWS Shield AWS WAF
Amazon GuardDuty
Amazon CloudWatch
Amazon CloudFront
Elastic Load Balancing Amazon Elastic Block
Store
Amazon S3 Amazon RDS AWS Key Management
Service
26. Reliability pillar.
Design Principles
★ Test recovery procedures
★ Automatically recover from failure
★ Scale horizontally to increase aggregate system
availability
★ Stop guessing capacity
★ Manage change in automation
27. Foundations ● REL 1: How do you manage service limits?
● REL 2: How do you manage your network topology?
● Limit Management
● Network topology planning
● Application design for High Availability
Change Management ● REL 3: How does your system adapt to changes in
demand?
● REL 4: How do you monitor your resources?
● REL 5: How do you implement change?
● Changes in demand
● Monitoring changes
● Changes in execution
Failure management ● REL 6: How do you back up data?
● REL 7: How does your system withstand
component failures?
● REL 8: How do you test resilience?
● REL 9: How do you plan for disaster recovery?
● Data durability
● Withstanding component failure
● Planning for recovery
Reliability pillar. Questions & Design Sections
30. Performance Efficiency pillar.
Design Principles
★ Democratize advanced technologies
★ Go global in minutes
★ Use serverless architectures
★ Experiment more often
★ Mechanical sympathy
31. Selection ● PERF 1: How do you select the best performing
architecture?
● PERF 2: How do you select your compute solution?
● PERF 3: How do you select your storage solution?
● PERF 4: How do you select your database solution?
● PERF 5: How do you configure your networking solution?
● Compute (Instances, Containers, Functions,
Elasticity)
● Storage
● Database
● Network
Review ● PERF 6: How do you evolve your workload to take
advantage of new releases?
● Performance review: Infrastructure as code,
Deployment pipeline, Well-defined metrics,
Performance test automatically, Load
generation, Performance visibility,
Visualization
● Benchmarking
● Load Testing
Monitoring ● PERF 7: How do you monitor your resources to ensure
they are performing as expected?
● Active monitoring
● Passive monitoring
Trade-offs ● PERF 8: How do you use tradeoffs to improve
performance?
● Caching
● Partitioning or Sharding
● Compression
● Buffering
Performance Efficiency pillar. Questions & Design Sections
32. Performance Efficiency pillar. Key AWS Services
Key Services for pillar
Selection
Review
Monitoring
Trade-offs
Amazon CloudWatch
Amazon CloudWatch AWS Lambda
AWS Blog and What’s New
Amazon ElastiCache Amazon CloudFront AWS Snowball Amazon RDS
Amazon EBSAWS Auto Scaling Amazon S3 Amazon RDS Amazon DynamoDB Amazon Route 53 AWS Direct Connect
34. Cost Optimization pillar.
Design Principles
★ Adopt a consumption model
★ Measure overall efficiency
★ Stop spending money on data center operations
★ Analyze and attribute expenditure
★ Use managed and application level services
to reduce cost of ownership
35. Expenditure
Awareness
● COST 1: How do you govern usage?
● COST 2: How do you monitor usage and cost?
● COST 3: How do you decommission resources?
● Stakeholders
● Visibility and governance
● Cost attribution
● Tagging
● Entity lifecycle tracking
Cost-Effective
Resources
● COST 4: How do you evaluate cost when you
select services?
● COST 5: How do you meet cost targets when you
select resource type and size?
● COST 6: How do you use pricing models to
reduce cost?
● COST 7: How do you plan for data transfer
charges?
● Appropriate provisioning
● Right sizing
● Purchasing options: On Demand Instances,
Spot Instances, and Reserved Instances
● Geographic selection
● Managed services
● Optimize data transfer
Matching supply and
demand
● COST 8: How do you match supply of resources
with demand?
● Demand-based
● Buffer-based
● Time-based
Optimizing Over
Time
● COST 9: How do you evaluate new services? ● Measure, monitor, and improve
● Staying ever green (move to the newest
services, features, and instance types)
Cost Optimization pillar. Questions & Design Sections
36. Cost Optimization pillar. Key AWS Services
Key Services for pillar
Expenditure Awareness
Cost-Effective Resources
Matching supply and demand
Optimizing Over Time
AWS Cost Explorer
AWS Cost Explorer AWS Budgets
AWS Cost Explorer
AWS Auto Scaling
AWS Trusted AdvisorAWS Blog and What’s New