Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

AWS Well-Architected Tool Findings

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: WellArchitected-002

Check for medium and high risks identified in workloads defined in the AWS Well-Architected Tool. The Well-Architected Tool uses the AWS Well-Architected Framework to compare your cloud workloads against best practices across five architectural pillars: security, reliability, performance efficiency, operational excellence, and cost optimization. A given workload can have medium and/or high risks that have been identified based on answers provided to the questions in the Well-Architected Tool. These issues are architectural and operational choices that are not aligned with the best practices from the Well-Architected Framework.

This rule resolution is part of the Conformity Security & Compliance tool for AWS.

Security
Reliability
Performance
efficiency
Operational
excellence
Cost
optimisation

With the AWS Well-Architected Tool tool, you can analyze your workloads using a consistent process, pinpoint any medium or high-risk issues, and identify the next steps that must be taken for improvement.

Audit

To determine if there are any medium and/or high-risk issues in your workload, perform the following:

Using AWS Console

01 Sign in to AWS Management Console.

02 Navigate to AWS Well-Architected Tool dashboard at https://console.aws.amazon.com/wellarchitected/.

03 In the left navigation panel, click Workloads.

04 To access the Workload Overview page of a workload, either click the name of the workload, or select a workload and click View details.

05 Displayed on the Workload Overview page, is the number of a High risks and Medium risks.

06 To find out more about each risk, select a Lens under the Lenses section, this will display the Lens Overview page for that given lens.

07 Click the Improvement plan tab.

08 You can analyze each risk further by clicking the questions associated with each risk. This will display the question, the multiple choice answers, the answer selected and links to the Well-Architected Framework to help you remediate the issue.

Using AWS CLI

01 Run list-workloads using custom query filters to list the IDs of the workloads, available in the selected region. 

aws wellarchitected list-workloads
  --region us-west-2
  --query "WorkloadSummaries[*].{WorkloadId:WorkloadId,WorkloadName:WorkloadName,Lenses:Lenses,RiskCounts:RiskCounts"

02 The command output should return an array with the workloads, with their IDs, Names and RiskCounts: 

[
	{
    	"WorkloadId": "91d51c9ea1a4f94580e280a0023271df",
    	"WorkloadName": "Workload 415bc49c-704f-414a-85bc-eca2e251fccd",
    	"RiskCounts": {
        	"UNANSWERED": 2,
        	"NONE": 2,
        	"MEDIUM": 3,
        	"HIGH": 54
    	}
	},
	{
    	"WorkloadId": "25029df333692945ee0d3b07dcf9a621",
    	"WorkloadName": "Workload 6701c316-b124-4747-963d-53e6070f2eaa",
    	"RiskCounts": {
        	"UNANSWERED": 2,
        	"NONE": 1,
        	"MEDIUM": 2,
        	"HIGH": 56
    	}
	},
	{
    	"WorkloadId": "bec3d5b30a70a17e598e8d2d11c273bc",
    	"WorkloadName": "Workload 7027ca1f-6bcd-43d0-ad9a-f1cd00aab59a",
    	"RiskCounts": {
        	"UNANSWERED": 2,
        	"NONE": 4,
        	"MEDIUM": 5,
        	"HIGH": 50
    	}
	}
]

03 Analyse the metadata returned in the previous step by checking the following output attributes:

  1. WorkloadId - An unique ID assigned to that workload
  2. WorkloadName - The name given to a workload when the workload was created
  3. RiskCounts - A map of the number of each risk type for that given workload

Remediation / Resolution

To find out more about a high or medium level risk and improvement actions recommended by AWS, the following steps can be taken:

Using AWS Console

01 Sign in to AWS Management Console.

02 Navigate to AWS Well-Architected Tool dashboard at https://console.aws.amazon.com/wellarchitected/.

03 In the left navigation panel, click Workloads.

04 To access the Workload Overview page of a workload, either click the name of the workload, or select a workload and click View details.

05 Displayed on the Workload Overview page, is the number of a High risks and Medium risks.

06 To find out more about each risk, select a Lens under the Lenses section, this will display the Lens Overview page for that given lens.

07 Click the Improvement Plan tab.

08 Under the Improvement Items section, is a list of each question that has an associated risk. To find out more about the question and its risk, click the question to display the Question overview page for that given question.

09 On this page, you will find the Question, the Pillar it is associated with, the answer given, the status of the question, the Severity given and links to the AWS Well Architected Framework on improvement plans for this risk.

10 Repeat step 7-8 for each risk shown in the Improvement plan tab.

11 Then repeat step 6 to 10 for each Lens.

Using AWS CLI

01 Run list-workloads using custom query filters to list the IDs of the workloads, available in the selected region. 

aws wellarchitected list-workloads
  --region us-west-2
  --query "WorkloadSummaries[*].{WorkloadId:WorkloadId,WorkloadName:WorkloadName,Lenses:Lenses,RiskCounts:RiskCounts}"

02 The command output should return an array with the workloads, with their IDs, Names and RiskCounts: 

[
	{
    	"WorkloadId": "91d51c9ea1a4f94580e280a0023271df",
    	"WorkloadName": "Workload 415bc49c-704f-414a-85bc-eca2e251fccd",
    	"Lenses": [
        	"wellarchitected",
        	"serverless"
    	],
    	"RiskCounts": {
        	"UNANSWERED": 2,
        	"NONE": 2,
        	"MEDIUM": 3,
        	"HIGH": 54
    	}
	},
	{
    	"WorkloadId": "25029df333692945ee0d3b07dcf9a621",
    	"WorkloadName": "Workload 6701c316-b124-4747-963d-53e6070f2eaa",
    	"Lenses": [
        	"wellarchitected",
        	"serverless"
    	],
    	"RiskCounts": {
        	"UNANSWERED": 2,
        	"NONE": 1,
        	"MEDIUM": 2,
        	"HIGH": 56
    	}
	},
	{
    	"WorkloadId": "bec3d5b30a70a17e598e8d2d11c273bc",
    	"WorkloadName": "Workload 7027ca1f-6bcd-43d0-ad9a-f1cd00aab59a",
    	"Lenses": [
        	"wellarchitected",
        	"serverless"
    	],
    	"RiskCounts": {
        	"UNANSWERED": 2,
        	"NONE": 4,
        	"MEDIUM": 5,
        	"HIGH": 50
    	}
	}
]

03 For a workload that has associated High and/or Medium risks, run the list-lens-review-improvements command for a given lens and workload: 

aws wellarchitected list-lens-review-improvements
  --workload-id bec3d5b30a70a17e598e8d2d11c273bc
  --lens-alias wellarchitected

04 The command output should return a list of ImprovementSummaries for each question that has a risk associated with it. 

{
	"WorkloadId": "bec3d5b30a70a17e598e8d2d11c273bc",
	"LensAlias": "wellarchitected",
	"ImprovementSummaries": [
    	{
        	"QuestionId": "securely-operate",
        	"PillarId": "security",
        	"QuestionTitle": "How do you securely operate your workload?",
        	"Risk": "HIGH",
        	"ImprovementPlanUrl": "https://d2e5hy6ocwdfvi.cloudfront.net/TypeII/en/wellarchitected/wellarchitected.securely-operate.improvement-plan.en.html"
    	},
    	{
        	"QuestionId": "identities",
        	"PillarId": "security",
        	"QuestionTitle": "How do you manage identities for people and machines?",
        	"Risk": "HIGH",
        	"ImprovementPlanUrl": "https://d2e5hy6ocwdfvi.cloudfront.net/TypeII/en/wellarchitected/wellarchitected.identities.improvement-plan.en.html"
    	},
    	{
        	"QuestionId": "permissions",
        	"PillarId": "security",
        	"QuestionTitle": "How do you manage permissions for people and machines?",
        	"Risk": "HIGH",
        	"ImprovementPlanUrl": "https://d2e5hy6ocwdfvi.cloudfront.net/TypeII/en/wellarchitected/wellarchitected.permissions.improvement-plan.en.html"
    	},
    	{
        	"QuestionId": "detect-investigate-events",
        	"PillarId": "security",
        	"QuestionTitle": "How do you detect and investigate security events?",
        	"Risk": "HIGH",
        	"ImprovementPlanUrl": "https://d2e5hy6ocwdfvi.cloudfront.net/TypeII/en/wellarchitected/wellarchitected.detect-investigate-events.improvement-plan.en.html"
    	},
    	{
        	"QuestionId": "network-protection",
        	"PillarId": "security",
        	"QuestionTitle": "How do you protect your network resources?",
        	"Risk": "HIGH",
        	"ImprovementPlanUrl": "https://d2e5hy6ocwdfvi.cloudfront.net/TypeII/en/wellarchitected/wellarchitected.network-protection.improvement-plan.en.html"
    	},
    	{
        	"QuestionId": "protect-compute",
        	"PillarId": "security",
        	"QuestionTitle": "How do you protect your compute resources?",
        	"Risk": "HIGH",
        	"ImprovementPlanUrl": "https://d2e5hy6ocwdfvi.cloudfront.net/TypeII/en/wellarchitected/wellarchitected.protect-compute.improvement-plan.en.html"
    	},
    	{
        	"QuestionId": "data-classification",
        	"PillarId": "security",
        	"QuestionTitle": "How do you classify your data?",
        	"Risk": "HIGH",
        	"ImprovementPlanUrl": "https://d2e5hy6ocwdfvi.cloudfront.net/TypeII/en/wellarchitected/wellarchitected.data-classification.improvement-plan.en.html"
    	}
	]
}
Note: A pagination token will be returned in this list if the ImprovementSummaries is greater than 10, pass this token into the same command to generate the next page of ImprovementSummaries

05 Analyse the metadata returned in the previous step by checking the following output attributes:

  1. QuestionId - An ID given to that question
  2. PillarId - The pillar associated with the given question
  3. QuestionTitle - The question that was asked
  4. Risk - The risk given based off the answer received
  5. ImprovementPlanUrl - A URL to further AWS documentation for a Improvement plan for the given risk

06 Repeat step 3-5 for each lens of a given workload

07 Repeat step 3-6 for each workload with high and/or medium risks

References

Publication date Nov 6, 2020

Related WellArchitected rules