Our 5 biggest takeaways from running AWS Well-Architected Reviews

by Ned Hallett
Published on April 2021

A lot of companies are looking for a WAR (that’s a Well-Architected Review), but not all of them know it.

As a cloud-native managed service provider, we’re often asked to help our clients improve their cloud solutions for reliability, security, performance and of course, cost-efficiency.

The AWS Well-Architected Review framework allows us to do just that. It’s a set of questions designed to identify areas for improvement, focussing on five key pillars:

  • Operational Excellence
  • Security
  • Reliability
  • Performance Efficiency
  • Cost Optimization

Really, it’s a one-size-fits-all approach enabling teams to get their cloud infrastructure up to best-practice standards.

But rather than droning on about it – we thought we’d share our top insights from each pillar.

These are the pain points within each that crop up again and again. 

And here’s what you can do about them…

1. For robust operations, you need to deploy infrastructure as code 

reporting

By 2021, most people are aware of the benefits of IaC (infrastructure as code).

  • Increased operational speed and consistency
  • More efficient software development cycles 
  • Less overhead and management 

But again and again, we see companies struggling with the implementation.

Often, the initial move to IaC is undertaken, but the follow-up just isn’t there.

Things like building an automated testing process, refining your procedures on a routine basis and anticipating failure through pre-mortem exercises are all the kinds of things that an IaC approach enables, and it pays to fully explore the benefits of this powerful approach.

2. Where possible, always automate your security features 

SecurityIn a recent WAR review with a leading food and drinks company, we identified a number of security vulnerabilities that could be solved via automation.

Automated security is key to an optimised cloud solution, as it not only saves manual work, but is often far more effective in keeping your cloud secure than a manual solution. 

In the case of this particular client, we were able to point to a number of key security practices ripe for automation:

  • Automate testing and validation of security controls in pipelines – part of the effort to automate deployment cycles for much faster time-to-market, this involves building automatic processes to test and implement security controls in a DevOps pipeline
  • Automating response to events – increasingly we’re able to create automated runbooks for the daily security events most companies now face; these go beyond assisting a human analyst, and can range from automatic malware scans or removals from a network

This allowed us to save this client money and sure them up against threats – although there are, of course, many other security processes which can be great candidates for automation.

3. For reliability, cloud capacity should be top of your list 

web pageIn another recent review with an innovative sticker company, we were really able to underline the importance of capacity.

Without a clear understanding of capacity, under-provisioning, or indeed over-provisioning are inevitable. 

This means you’ll either be wasting money or putting yourself at serious risk of an outage.

In this instance, by helping our client to stop guessing at capacity, and helping them build systems to monitor demand and utilisation, we were able to guide them to a solution in which the right amount of resources was provisioned at the right time – and through a semi-automated process!

4. For performance efficiency, consider switching over SOME of your workload to serverless 

Often, parts of an existing workload can be made cheaper and more efficient by switching to a serverless approach, like Fargate or Lambda on AWS.DevOps

Serverless technology really means on-demand servers rather than no servers, (for more detail, you can read about our thoughts on serverless here).

The point, however, is that many companies won’t look into serverless, thinking it would mean a too thorough rearchitecting of their solution, when in fact, with the right partner, a leaner, more targeted approach can yield results without a ground-up rework.

Serverless technologies can be much cheaper, and scale much faster, so where they make sense, they’re usually a plus.

5. Cost optimization – exploring multiple options can add up to a big saving

Our review with a leading delivery management SaaS product revealed the extent to which savings can be hidden in many places.

Most companies are more than aware that cloud costs can be shaved here and there, but there are so many ways this issue can be tackled that no one can manage them all.

For this client, we were able to make recommendations on: 

  • A formal process for tagging and decommissioning resources, identifying unused resources and switching them off so they’re not wasting money 
  • The best utilisation of cloud pricing models, selecting the right model for every resource based on how they were using it, on-demand, reserved, etc.
  • Building bridges between finance and technology departments, a more organisational recommendation, but exactly that kind that a WAR, which engages multiple stakeholders, is designed to facilitate

A diverse set of recommendations, and one that demonstrates how useful it can be to take the kind of systematic approach laid out in an AWS Well-Architected review.

The takeaways 

  • Many companies are looking for a Well-Architected review partner, they just don’t know it yet
  • A WAR provides a systematic, best-practice approach to optimising your cloud for cost, security, efficiency, reliability and performance 
  • A WAR can engage multiple stakeholders, leading to conversations that bring about real change

How we can help 

As AWS Advanced Consulting and Well-Architected Partners, we’re perfectly placed to take you through the review process. 

Book 15 minutes with one of our architects to begin your journey today.

SHARE