Skip to content

Running a Well-Architected Framework Review

WORK IN PROGRESS

I am still working on writing this out this post.

I wrote an article on this in 2020 on best practices for leading a Well-Architected Framework Review. You can read that here.

Also, recently AWS posted some tips for conducting a review as well on their APN Blog. Here is the link for that here.

Before the review

Determining the scope of the Well-Architected Framework Review (WAFR) is an important first step. Limiting the scope to a workload is best as it allows you to dig into the architecture.

  • Determine the scope of the review.
    • Try to limit the review to a workload or an account. It becomes difficult to get a good understanding of a large number of workloads or accounts.
  • Gather intel on the workload/account.
    • If possible get read-only access to the account to run a tool like ScoutSuite or Prowler
    • Get a diagram of the current architecture.
    • Review the configuration of the workload/account.
      • Is there a tagging schema?
      • Is SecurityHub, GuardDuty, IAM Access Analyzer, Macie, or any other services in use?
      • Are best practices being followed?
    • Create a new workload in the AWS Well-Architected Tool to document what you find.
    • Write out any questions that you have on the architecture or about the account.

Schedule the review

  • Ensure that the right people are able to join the review.
  • Plan for the review to take 3 to 4 hours.
    • Once you have performed one or two it gets easier to get the flow of how they should go.

Perform the review

It is important to review each pillar of the Well-Architected Framework. Skipping a pillar or only focusing on 1 pillar is not recommended. It does not allow you to get the full picture of what is going on. If it is desired to go over only 1 pillar, for example the security pillar, then it would be best to do a Security Audit instead.

Not all questions and best practices are going to apply to every workload. AWS Well-Architected Tool has the ability to mark a question or best practice

  • Start with the Operational Excellence section.
  • Go through each question under the Pillars.
    • Simply asking the question will not enable you to gather all of the information needed.
    • Ask the main question, then dive into the best practices under the question.
    • The point of each question is to get an understanding of what best practices are you following that

Compile the results

  • Add all notes to the Well-Architected Tool under each appropriate question
  • Once finished with the Tool, generate a report and review the items
    • Determine what issues are a High, Medium, or Low Priority to you
  • Use the output to create a plan to resolve and remediate the items found