AWS Well-Architected Framework
Amazon Web Services' prescriptive guidance organized across six pillars — operational excellence, security, reliability, performance, cost optimization, and sustainability.
The AWS Well-Architected Framework is a structured set of architectural best practices, design principles, and evaluation questions developed by Amazon Web Services to help cloud architects build secure, high-performing, resilient, and efficient infrastructure. Organized across six pillars — Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability — the framework provides a consistent vocabulary and evaluation methodology for assessing cloud workloads. AWS offers Well-Architected Reviews, conducted either through AWS Partners or directly through the AWS Well-Architected Tool, which generates prioritized remediation plans based on identified risks.
The Security Pillar is of particular relevance to regulated workloads. It covers identity and access management (implementing least-privilege through IAM policies, roles, and permission boundaries), detection controls (AWS Config, CloudTrail, GuardDuty, Security Hub), infrastructure protection (VPC design, security groups, WAF, Shield), data protection (encryption at rest and in transit, key management with KMS, data classification), and incident response (pre-provisioned IR tooling, automated containment, forensic readiness). Each best practice is mapped to Well-Architected questions, enabling organizations to benchmark their security posture systematically rather than relying on ad-hoc assessment.
The Reliability Pillar addresses the design patterns necessary for highly available, fault-tolerant systems. It covers foundations (service quotas, network topology), workload architecture (distributed system design, loose coupling, graceful degradation), change management (deployment automation, automated testing, canary deployments), and failure management (runbook automation, chaos engineering, backup and recovery). For workloads subject to availability SLAs under contracts or regulations — healthcare systems requiring near-continuous availability, financial trading platforms with sub-second latency requirements, utilities management systems — the Reliability Pillar provides the design vocabulary for achieving and documenting compliance with availability requirements.
AWS periodically publishes Well-Architected Lenses that extend the framework with sector-specific or technology-specific guidance. The SaaS Lens, Financial Services Industry Lens, Healthcare Industry Lens, Government Lens, and Serverless Application Lens each translate the six pillars into the specific context of that domain. These lenses are valuable when the generic framework questions do not adequately capture the nuances of a particular workload type. Organizations undergoing cloud migrations or greenfield cloud deployments should conduct Well-Architected Reviews at the design stage — before building — and schedule periodic re-reviews as the workload evolves. Identified High-Risk Issues (HRIs) should be tracked as project-level work items with defined owners and resolution timelines rather than treated as aspirational guidance.
Compliance-Native Architecture Guide
Design principles and a structured checklist for building software that is compliant by default — not compliant by retrofit. Covers data architecture, access controls, audit trails, and vendor due diligence.