The 5 Steps of the AWS Well-Architected Framework Review Process

The AWS Well-Architected Framework Review process occurs in 5 different steps: preparation, review meeting, read-out, quick wins, and follow-up review. Below, we go into detail about what each step entails.

Step 1: Preparation
The key part of preparation is to have the Solution Architect review the accounts. If the account review is conducted by Cprime or an internal Solution Architect, read access will be required to analyze the accounts properly. From a security perspective, the Solution Architect should have sufficient access to be able to probe the IAM portion to determine what policies are in place, which users are in place, and what other security policies are active.

In addition, the Solution Architect will be able to probe how the different subnets are setup, how information is distributed across the nets and the availability zones, as well as review scaling capabilities and how they have been configured. As part of the initial portion, AWS also encourages a business to fill out the Well-Architected Tool.

Step 2: Review Meeting

The Review meeting should be, depending upon the amount of preparation invested, approximately 2 to 4 hours in duration. This meeting will not be a tremendously in-depth analysis.

When conducted by the business itself, there is the risk to drill-down to excessive levels of detail. When conducted with an outside partner, the partner typically recommends a 2 to 4 hour meeting after the analysis of the current architecture’s content and status. The Solution Architect walks through the framework, what was examined and asks questions concerning architectural issues that require any additional clarification.

Step 3: Read-out

After the Review meeting is completed, a Read-out is held. It is vital to hold this within a few days of the Review, so that during the Read-out, findings and any proposed recommendations or remediation fixes are all still fresh. A business gathers the key people concerned and presents the summary of what was found and what was proposed to address those findings. Any business decision-makers empowered to approve actions and fix issues should be in attendance.

Step 4: Quick Wins

AWS encourages implementation of some of the proposed changes as soon as possible, within a week or two after the review. This provides the business with the benefit of some quick wins and affirms that the Review had value. Further, it will help gain business support to make any larger changes deemed necessary. The business can note the value of what was changed right after the Review, and see the larger benefit of investing as necessary to implement the larger changes the Review findings uncovered.

Step 5: Follow Up Review

AWS further encourages businesses to do a follow-up review after 30 to 60 days to determine how well the implementations were conducted, and whether implementations improved the architecture. One of the AWS benefits of a review is that it may qualify a business for some funding programs for remediation. AWS has several different funding programs to assist businesses with some of the costs of doing changes, using services that are available. While these are eminently worth looking into, the caveat is that AWS is constantly changing their programs. Again, this is but one use of a review that may qualify businesses for some of the funding programs that might become available in the future.

Reviews are not a one-time event. AWS strongly encourages businesses to conduct reviews periodically. The reason being, architectures tend to drift over time. Businesses make changes to the architecture, incorporating new features and adding new capabilities. During these times, it can be difficult to keep things well-architected. AWS constantly introduces new services. This may result in the situation that what is a good architecture today won’t necessarily be optimal in another 6 or 9 months.

As previously indicated, a AWS Well-Architected Framework Review prior to launch is worth considering, especially if a major refactoring is being conducted. On existing workloads, reviews should be done periodically, about every 6 months.

Found this blog interesting? Visit our resource library for more information.

Peter Panec