Service 59

Well-Architected Framework

ArchitectureFrameworkDesign

The Well-Architected Framework is AWS's distilled opinion on what good cloud architecture looks like, drawn from years of customer reviews. First published in 2015, it is organized into six pillars, each a distinct concern worth designing for explicitly.

It is a set of questions, not a pass/fail checklist — a guide for the conversation about trade-offs. Use it as a reference, not a stick: real workloads have cost, time, and organizational constraints that sometimes push against the recommendations.

The Six Pillars

Operational Excellence — how well you run and observe the system. Security — how well you protect data, identity, and configuration. Reliability — how well the system recovers from failure. Performance Efficiency — how well it uses the resources it consumes. Cost Optimization — how well you control spend. Sustainability — added in 2021, how well you minimize environmental impact.

The pillars overlap: a reliability improvement often helps operational excellence; a cost optimization can cut performance. The framework treats them as separate axes so the trade-offs become visible.

Design Principles in Practice

Each pillar maps to AWS services and habits. Operational Excellence leans on the Monitoring and Developer-Tools services — perform operations as code, make small reversible changes, anticipate failure. Security starts from a strong identity foundation (Identity Center, roles over keys, least privilege) and applies controls at every layer. Reliability favors automatic recovery, tested failover, and horizontal scaling.

Performance Efficiency and Cost Optimization frequently move together — the easiest performance win is often a newer instance generation (M5→M7g) that is 20–40% cheaper at similar performance. Sustainability tracks cost too: a workload using fewer resources costs and emits less.

The Tool and Lenses

The free Well-Architected Tool walks you through a guided self-review of one workload, generating high- and medium-risk issues with remediation links, milestones for tracking progress, and an improvement plan. Lenses extend the framework for specific domains — Serverless, SaaS, Machine Learning, Financial Services, Government, HPC, IoT, Hybrid Networking.

For most teams the framework is most useful as a quarterly review of one workload at a time, not a one-time exercise.

Well-Architected Framework vs Trusted Advisor vs Security Hub

Well-Architected Framework — a guided, question-based review of a workload's design across six pillars. Periodic, human-driven.

Trusted Advisor — automated live checks against best practices in your account right now — narrower, continuous.

Security Hub — continuous security-posture scoring against standards — the security pillar's live counterpart.

Common Mistakes

Treating the framework as a pass/fail checklist instead of a conversation about trade-offs for your specific workload.
Running the review once and never again — the framework pays back as a recurring quarterly review, not a one-time exercise.
Underinvesting in observability until something breaks, then overinvesting in dashboards nobody looks at, instead of steady modest investment.
Targeting the strictest standard on every pillar everywhere, which is expensive and usually unnecessary.
Ignoring the Sustainability pillar as separate work when most of it moves with cost and is the same underlying decisions.
Skipping the relevant lens (Serverless, SaaS, ML) for a workload that fits one cleanly, missing domain-specific guidance.

Best Practices

Use the free Well-Architected Tool for a guided self-review, one workload at a time.
Run reviews quarterly and save milestones to track progress.
Apply the relevant lens on top of the six core pillars when a workload fits one.
Treat Performance Efficiency, Cost Optimization, and Sustainability as overlapping — wins in one often help the others.
Make the trade-offs explicit per pillar rather than optimizing one in isolation.
Use the framework to surface the Reliability and Security questions teams forget to ask themselves.

Comparable services GCP Google Cloud Architecture FrameworkAzure Azure Well-Architected Framework

Knowledge Check

What are the six pillars of the Well-Architected Framework?

Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, Sustainability
Compute, Storage, Networking, Databases, Security, Cost Management and Billing
Availability, Durability, Latency, Throughput, Cost Visibility, Compliance and Auditing Coverage
Identity, Encryption at Rest, Backup and Restore, Monitoring, Auto Scaling, Resource Tagging and Inventory

How should the framework be used?

As a set of questions guiding a trade-off conversation, reviewed periodically — not a one-time pass/fail checklist
As a one-time certification you pass at launch and never need to revisit again
As an automated CI/CD pipeline gate that inspects each release and blocks non-compliant deployments from ever shipping
As a monthly billing report summarizing account spend by service

Which pillars most often move together?

Performance Efficiency, Cost Optimization, and Sustainability — using fewer resources helps all three
Security and Cost Optimization — tighter controls always reduce your bill
Reliability and Sustainability only — more redundancy means a smaller footprint
None of them — the six pillars are fully independent of one another and never trade off against each other in practice

What does the Well-Architected Tool produce?

A guided self-review with high- and medium-risk issues, remediation links, milestones, and an improvement plan
A live security score graded continuously against CIS and PCI DSS standards
An automatically remediated account in which every flagged high- and medium-risk issue has already been fixed in place for you
A forecast of account spend, broken out by service, for the next 12 months

You got correct