Well-Architected
AWS Well-Architected Framework
The ability to support development and run workloads effectively, gain insight into operations, and continuously improve supporting processes and procedures to deliver business value. Key areas include IaC, deployment pipelines, monitoring, incident response, and runbooks.
- Amazon CloudWatch
- AWS Systems Manager
- AWS CloudFormation
- AWS Config
- AWS CloudTrail
- AWS X-Ray
- AWS OpsWorks
- AWS Service Catalog
- AWS CodePipeline
- AWS CodeBuild
- AWS CodeDeploy
- AWS EventBridge
- AWS Systems Manager Parameter Store
- AWS Systems Manager Session Manager
- AWS Systems Manager Patch Manager
- AWS Auto Scaling
- AWS CloudWatch Logs
Protecting information, systems, and assets while delivering business value through risk assessments and mitigation strategies. Includes identity and access management, detective controls, infrastructure protection, data protection, and incident response.
- AWS IAM
- AWS KMS
- AWS Secrets Manager
- Amazon GuardDuty
- AWS Security Hub
- AWS WAF
- AWS Shield
- Amazon Inspector
- Amazon Macie
- AWS Certificate Manager
- AWS Directory Service
- Amazon Cognito
- AWS Single Sign-On (IAM Identity Center)
- AWS Network Firewall
- AWS Firewall Manager
- Amazon Detective
- AWS Audit Manager
- AWS CloudHSM
- AWS Private Certificate Authority
The ability of a workload to perform its intended function correctly and consistently when expected, including the ability to recover from failures and meet demand. Covers foundations, workload architecture, change management, and failure management.
- AWS Auto Scaling
- Elastic Load Balancing
- Amazon Route 53
- AWS Backup
- Amazon RDS Multi-AZ
- Amazon S3 Cross-Region Replication
- Amazon CloudWatch
- Amazon CloudWatch Alarms
- AWS Service Quotas
- AWS Health Dashboard
- Amazon RDS Read Replicas
- AWS Global Accelerator
- AWS Elastic Disaster Recovery
- AWS Fault Injection Simulator
- Amazon DynamoDB Global Tables
The ability to use computing resources efficiently to meet system requirements and maintain efficiency as demand changes and technologies evolve. Includes selection, review, monitoring, and tradeoffs of compute, storage, database, and network resources.
- Amazon CloudFront
- Amazon ElastiCache
- Amazon RDS Read Replicas
- AWS Lambda
- Amazon EC2 (Graviton, Compute Optimized)
- AWS Global Accelerator
- Amazon S3 Transfer Acceleration
- AWS Compute Optimizer
- Amazon Aurora Global Database
- AWS App Mesh
- Amazon API Gateway Caching
- AWS Elastic Beanstalk
- Amazon EBS (io2, gp3)
- AWS Outposts
Running systems to deliver business value at the lowest price point. Practice cloud financial management, expenditure and usage awareness, cost-effective resources, and managing demand and supply. Includes right-sizing, reserved instances, and spot instances.
- AWS Cost Explorer
- AWS Budgets
- AWS Trusted Advisor
- AWS Compute Optimizer
- AWS Savings Plans
- Amazon EC2 Reserved Instances
- Amazon S3 Intelligent-Tiering
- AWS Cost Anomaly Detection
- AWS Cost and Usage Reports
- Amazon S3 Lifecycle Policies
- AWS License Manager
- Amazon EC2 Spot Instances
- AWS Data Transfer Cost Management
- AWS Resource Groups
Minimizing environmental impacts of running cloud workloads. Focus on energy efficiency, maximizing utilization, selecting efficient resources, reducing downstream impacts, and understanding total cost of ownership including environmental impact.
- AWS Compute Optimizer
- Amazon S3 Intelligent-Tiering
- AWS Lambda
- AWS Graviton Processors
- AWS Instance Scheduler
- AWS Customer Carbon Footprint Tool
- Amazon EC2 Right-Sizing Recommendations
- Amazon S3 Lifecycle Management
- AWS Regions Selection Tool
- AWS Well-Architected Sustainability Pillar
- Amazon EBS Snapshot Archive
- AWS Fargate
Azure Well-Architected Framework
Managing costs to maximize value delivered. Includes cost modeling, budgets, resource optimization, and continuous monitoring. Focus on identifying waste, right-sizing resources, and leveraging Azure cost management tools for visibility and control.
- Azure Cost Management + Billing
- Azure Advisor
- Azure Reservations
- Azure Hybrid Benefit
- Azure Spot VMs
- Azure Cost Analysis
- Azure Budgets
- Azure Cost Alerts
- Azure Pricing Calculator
- Azure Resource Tags
- Azure Policy (Cost Governance)
- Azure Dev/Test Pricing
- Azure Savings Plans
Operations processes that keep systems running in production. Emphasizes DevOps practices, monitoring and diagnostics, testing, deployment, and automation. Build systems that are observable, maintainable, and meet business requirements.
- Azure Monitor
- Application Insights
- Log Analytics
- Azure Automation
- Azure DevOps
- Azure Resource Manager
- Azure Policy
- Azure Blueprints
- Azure Arc
- Azure Update Management
- Azure Change Tracking
- Azure Service Health
- Azure Advisor
- Azure Logic Apps
- Azure Functions
Ability of systems to adapt to changes in load. Includes scaling strategies, performance testing, resource selection, and continuous optimization. Focus on using appropriate services and configurations to meet performance targets efficiently.
- Azure CDN
- Azure Cache for Redis
- Azure Front Door
- Application Gateway
- Traffic Manager
- Azure ExpressRoute
- Azure Ultra Disk
- Azure Premium SSD
- Azure NetApp Files
- Azure Autoscale
- Azure Load Balancer
- Azure Database for MySQL/PostgreSQL (Read Replicas)
- Azure Cosmos DB
- Azure Virtual Machine Scale Sets
Ability of systems to recover from failures and continue to function. Covers resiliency, availability targets, disaster recovery, and testing. Build self-healing systems with high availability and meet recovery time and recovery point objectives.
- Azure Availability Zones
- Azure Site Recovery
- Azure Backup
- Azure Load Balancer
- Traffic Manager
- Azure Availability Sets
- Azure Geo-replication
- Azure Service Health
- Azure Chaos Studio
- Azure Virtual Machine Scale Sets
- Azure SQL Database (Active Geo-Replication)
- Azure Monitor
- Azure Front Door
Protecting applications and data from threats. Implement defense in depth with identity management, network security, data encryption, and security operations. Use Azure Security Center, Sentinel, and security best practices throughout lifecycle.
- Azure Active Directory
- Azure Key Vault
- Microsoft Defender for Cloud
- Azure Sentinel
- Azure Firewall
- Azure DDoS Protection
- Azure Application Gateway WAF
- Azure Information Protection
- Azure Privileged Identity Management
- Azure Private Link
- Azure Bastion
- Azure Security Center
- Azure Policy
- Azure Confidential Computing
- Microsoft Entra ID
Google Cloud Architecture Framework
Deploy, operate, monitor, and manage cloud workloads effectively. Includes release engineering, monitoring, incident management, and continuous improvement. Use Cloud Operations Suite (formerly Stackdriver) for comprehensive observability.
- Cloud Monitoring (Stackdriver)
- Cloud Logging
- Cloud Trace
- Cloud Profiler
- Cloud Deployment Manager
- Cloud Build
- Cloud Functions
- Cloud Scheduler
- Cloud Tasks
- Error Reporting
- Cloud Debugger
- Cloud Console
- Cloud Shell
- Cloud Source Repositories
Protect data and systems with layered security controls. Implement zero-trust security model, encrypt data at rest and in transit, manage access with IAM, and maintain compliance with regulatory requirements using Security Command Center.
- Cloud IAM
- Cloud KMS
- Security Command Center
- Cloud Armor
- VPC Service Controls
- Cloud HSM
- Binary Authorization
- Web Security Scanner
- Certificate Authority Service
- Cloud Identity
- Cloud Data Loss Prevention
- Access Context Manager
- Cloud Asset Inventory
- Assured Workloads
- Identity-Aware Proxy
Design resilient systems that meet availability and recovery objectives. Use regional and multi-regional deployment, implement graceful degradation, design for failure, and test recovery procedures regularly with Chaos Engineering principles.
- Cloud Load Balancing
- Cloud DNS
- Cloud Storage (Multi-regional)
- Persistent Disk Snapshots
- Cloud SQL High Availability
- Cloud Spanner (Multi-region)
- Cloud CDN
- Cloud Armor
- Google Cloud Backup and DR
- Cloud Monitoring
- Cloud Healthcare API
- Traffic Director
- Compute Engine Instance Groups
Maximize business value while minimizing costs. Use committed use discounts, sustained use discounts, preemptible VMs, right-sizing, and Cloud Billing for cost visibility. Implement budgets, alerts, and cost allocation labels.
- Cloud Billing
- Committed Use Discounts
- Sustained Use Discounts
- Recommender
- Active Assist
- Cloud Billing Reports
- Budgets and Alerts
- Billing Export to BigQuery
- Preemptible VMs
- Spot VMs
- Cloud Functions (Pay-per-use)
- Resource Quotas
- Cloud Monitoring for Cost Tracking
Design systems for optimal performance and efficiency. Select appropriate compute, storage, and network resources, implement caching strategies, optimize data access patterns, and use performance monitoring to identify bottlenecks.
- Cloud CDN
- Memorystore (Redis/Memcached)
- Cloud Load Balancing
- Premium Network Tier
- Cloud Interconnect
- Cloud Armor
- Cloud Storage Transfer Service
- Cloud SQL Read Replicas
- Cloud Spanner
- Cloud Bigtable
- Cloud Profiler
- Cloud Trace
- Compute Engine Machine Types
Review Process & Tools
Free service for reviewing workloads against AWS best practices. Provides automated guidance, risk assessment, and improvement plans based on the six pillars. Includes milestone tracking and workload comparison capabilities.
Personalized cloud consultant that analyzes resource configuration and usage telemetry. Provides recommendations for reliability, security, performance, operational excellence, and cost optimization. Integrated with Azure portal for easy implementation.
Provides usage recommendations to optimize Google Cloud resources. Includes recommendations for cost savings, security hardening, performance improvements, and sustainability. Uses machine learning to analyze patterns and suggest optimizations.
Systematic evaluation of system architecture against well-architected principles. Includes stakeholder workshops, documentation review, workload assessment, risk identification, and prioritized recommendations with implementation roadmap.
Lightweight documentation format for capturing important architectural decisions, their context, and consequences. Helps teams understand why decisions were made and provides historical reference for future architecture evolution.
Commercial tools for multi-cloud architecture assessment and optimization. Provide automated scanning, compliance checking, cost optimization, security analysis, and recommendations across AWS, Azure, and GCP environments.