Are You Well Architected? The Well-Architected Framework - Part 2

In this episode, we cover the following topics:

• Pillars in depth
  • Security
    • "Ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies"
    • Design principles
      • Implement strong identity foundation
      • Enable traceability
      • Security at all layers
      • Automate security best practices
      • Protect data in transit and at rest
      • Keep people away from data
      • Prepare for security events
    • Key service: AWS IAM
    • Focus areas
      • Identity and access management
        • Services: IAM, AWS Organizations, MFA
      • Detective controls
        • Services: CloudTrail, CloudWatch, AWS Config, GuardDuty
      • Infrastructure protection
        • Services: VPC, Shield, WAF
      • Data protection
        • Services: KMS, ELB (encryption), Macie (detect sensitive data)
      • Incident response
        • Services: IAM, CloudFormation
    • Best practices
      • Identity and access management
        • AWS Cognito
          • Act as broker between login providers
          • Securely access any AWS service from mobile device
      • Data protection
        • Encrypt
          • Encryption at rest
          • Encryption in transit
          • Encrypted backups
        • Versioning
        • Storage resiliency
        • Detailed logging
      • Incident response
        • Employ strategy of templated "clean rooms"
          • Create new trusted environment to conduct investigation
          • Use CloudFormation to easily create the "clean room" environment
  • Reliability
    • "Ability to recover from failures, dynamically acquire resources to meet demand and mitigate disruptions such as network issues"
    • Design principles
      • Test recovery procedures
      • Auto recover from failures
      • Scale horizontally to increase availability
      • Stop guessing capacity
      • Manage change with automation
    • Key service: CloudWatch
    • Focus areas
      • Foundations
        • Services: IAM, VPC, Trusted Advisor (visibility into service limits), Shield (protect from DDoS)
      • Change management
        • Services: CloudTrail, AWS Config, CloudWatch, Auto Scaling
      • Failure management
        • Services: CloudFormation, S3, Glacier, KMS
    • Best practices
      • Foundations
        • Take into account physical and service limits
        • High availability
          • No single points of failure (SPOF)
          • Multi-AZ design
          • Load balancing
          • Auto scaling
          • Redundant connectivity
          • Software resilience
      • Failure management
        • Backup and disaster recovery
          • RPO, RTO
        • Inject failures to test resiliency
    • Key points
      • Plan network topology
      • Manage your AWS service and rate limits
      • Monitor your system
      • Automate responses to demand
      • Backup
• In the next episode, we'll cover the remaining 2 pillars and discuss how to perform a Well-Architected Review.

Links

• AWS Well-Architected
• AWS Well-Architected Framework - Online/HTML version
  • includes drill down pages for each review question, with recommended action items to address that issue
• AWS re:Invent 2018: How AWS Minimizes the Blast Radius of Failures - ARC338
• Shuffle Sharding: Massive and Magical Fault Isolation
  
  

Whitepapers

• AWS Well-Architected Framework
• Operational Excellence Pillar
• Security Pillar
• Reliability Pillar
• Performance-Efficiency Pillar
• Cost Optimization Pillar

End song:
The Runner (David Last Remix) - Fax

For a full transcription of this episode, please visit the episode webpage.

We'd love to hear from you! You can reach us at:

• Web: https://mobycast.fm
• Voicemail: 844-818-0993
• Email: ask@mobycast.fm
• Twitter: https://twitter.com/hashtag/mobycast