AWS Well-Architected Tool in Use

01 Sign in to AWS Management Console.

02 Navigate to AWS Well-Architected Tool dashboard at https://console.aws.amazon.com/wellarchitected/. If you are being redirected to the service Get started page, i.e.

Amazon Well-Architected Tool is not currently enabled in the selected AWS region.

03 Change the AWS region from the navigation bar and repeat the audit process for the rest of the regions available. If Well-Architected Tool service is not in use within your AWS account, see Remediation/Resolution section to enable the service in order to plan on how to architect for AWS cloud using established best practices.

04 Repeat steps no. 1 – 3 for each Amazon Web Services account that you want to examine for AWS Well-Architected Tool status.

01 Run the list-workloads command using custom query filters to list the IDs of the workloads, available in the selected region.

aws wellarchitected list-workloads
  --region us-west-2
  --query "WorkloadSummaries[*].WorkloadId"

02 The command output should return an array with the workload’s IDs. If the service is not in use an empty array will be returned:

[]

01 Sign in to AWS Management Console.

02 Navigate to AWS Well-Architected Tool dashboard at https://console.aws.amazon.com/wellarchitected/.

03 In the navigation panel, select Workloads.

04 Click the Define workload button from the dashboard top menu to initiate the setup process.

05 On the Define workload page, within Workload properties section, provide the following information:

1. In the Name box, enter a unique name for your new Well-Architected Tool workload.
2. In the Description box, enter a short description of the workload that you want to define.
3. Choose the type of industry associated with your workload from the Industry type dropdown list.
4. From the Industry dropdown list, select the industry that best matches your workload.
5. In the Environment category, choose the environment in which your workload runs. This can be Production – when your applications run in a production environment or Pre-production – when these run in a pre-production or staging environment.
6. Within Regions section, check AWS Regions checkbox and select the regions in which your workload runs, and/or check Non-AWS regions checkbox and type the regions outside AWS cloud (on-premises or other cloud provider) in which your workload runs. Use both options if that is appropriate for your workload.
7. If required, in the Account IDs box, enter the IDs of the AWS accounts associated with your defined workload. You can specify up to 100 unique AWS account IDs, separated by commas.
8. Click Define workload to create your Well-Architected Tool workload.
9. Choose the newly created Well-Architected Tool workload and click on its name to access the workload configuration page.
10. Select the Review tab and click Continue review to start with the review process.
11. On Review workload page, you have to answer questions across the five pillars of the AWS Well-Architected Framework: security, reliability, performance efficiency, operational excellence and cost optimization. For each available question, choose the AWS best practice(s) that you are currently following from the list provided. If you need more details about a certain best practice, click on the Info button next to each entry to view the additional information provided in the right panel. If you select Question does not apply to this workload or None of these option, AWS recommends that you include the reason in the Notes box. These notes are included in the workload review report and can be helpful in the future as new changes are made to your workload
12. Click Next to continue with the next question. Make sure that you answer to all the questions provided by the AWS Well-Architected Tool service in this section.

06 After you answer all of the available questions, the review overview for your workload is displayed. In the Review overview section, click Save milestone button to capture the architectural health of your workload at this stage of the review. Inside Save milestone dialog box, provide a name for your milestone in the Milestone name box and click Save to confirm the action.

07 (Optional) You may also want to generate a workload review report at this time. To do that, click the >Generate report button available in the Review overview section. The file contains the status of the workload review for each of the five pillars of the AWS Well-Architected Framework, and the answers to all of the review questions. If successful, a PDF file that contains the workload review status is created, and you can save it on your machine.

08 Based on your answers during the workload review, the Amazon Well-Architected Tool service identifies areas of high and medium risk as measured against the AWS Well-Architected Framework best practices and uses the collected data to generate an improvement plan from your cloud workload. To view the improvement plan for your current workload, select the Improvement plan tab from the dashboard top panel. On the Improvement plan panel, within Improvement plan overview section, check for any potential risks found. If one or more risks are found:

select In progress option from the Improvement status dropdown list to update the improvement plan status in order to indicate that improvements are in progress.

09 The Improvement items section shows the recommended improvement items identified for your workload. The questions are ordered based on severity, with the high risk items listed first followed by the medium risk items. For each improvement item listed, click Recommended improvement items tab to expand the panel with the suggested best practices for the selected question. Each recommended improvement action links to detailed expert AWS guidance to help you eliminate, or at least mitigate, the identified risk(s).

10 As part of the improvement plan, choose an item from Improvement items section and follow the AWS guidance to remediate the issue by mitigating or eliminating the item risk. Once the selected workload risk is mitigated or eliminated, click on the pertinent question associated with the risk and update the answer to reflect the implemented changes. You can also add a note within the Notes box to record your improvement. Click Save and exit button to update the workload review. Once the change is processed, return to the Improvement plan overview section and check the number of High/Medium risks available. At this point you should notice a lower number of risks, meaning that your actions have improved your workload profile.

11 Repeat step no. 10 for each item available in Improvement items section. Once the improvement plan is complete, check the Improvement plan overview to make sure that all the risks were eliminated, then select Complete from the Improvement status dropdown list to update the improvement plan status for your workload.

12 To capture the architectural health of your workload at this point, select the Review tab, and click the Save milestone button from the dashboard top menu to save your progress as a milestone. Inside Save milestone dialog box, provide a name for your new milestone in the Milestone name box, then click Save to confirm your action.

13 If required, change the AWS region from the navigation bar and repeat steps no. 4 – 12 to make use of Amazon Well-Architected Tool service in other regions.

14 Repeat steps no. 1 – 13 for each Amazon Web Services account that you want to review with AWS Well-Architected Tool.

01 Run create-workload command (OSX/Linux/UNIX) to create an AWS Well-Architected workload. The following parameters are required:

1. --name, provide a unique name for your new Well-Architected Tool workload.
2. --description, provide a short description of the workload that you want to define.
3. --environment, this can be either PRODUCTION – when your applications run in a production environment or PREPRODUCTION – when these run in a pre-production or staging environment.
4. --review-owner, the review owner of the workload. The name, email address, or identifier for the primary group or individual that owns the workload review process.
5. --lenses, A list of Lenses. Current possible Lenses are serverless and wellarchitected

aws wellarchitected create-workload
  --name "Web Application"
  --description "A AWAF workload for my web application"
  --environment "PREPRODUCTION"
  --review-owner "owner@email.com"
  --lenses "serverless"