AWS

What’s an AWS Well-Architected Review and is it Worth it?

Posted on by Lee Brinckley

Amazon Web Services (AWS) has become very popular as a cloud solution for many organizations. Pay-per-use model, the ability to scale based on usage, self-service, and high resiliency are all attractive benefits to AWS. As a result, organizations see lower IT costs, better quality and quicker time to market, but this is not always the case. AWS noticed that many technology teams were building systems for their applications with legacy practices instead of AWS best practices. AWS’s best practices are built on five pillars – operational excellence, security, reliability, performance efficiency, and cost optimization. When a technology team builds with legacy practices, they are actually building against the AWS framework,  causing their AWS environment to produce high costs, lower quality and slower time to market. This means an organization could be spending 1,000s more a month than necessary. When performance is slow, it keeps their team from working efficiently and troubleshooting preventable issues and the organization could be losing profitable opportunities.

The Well-Architected Framework Review was created by AWS as a way to test the system against their five pillars. The goal of the review is to see what has been done right and what needs to be addressed immediately. AWS empowers their Advanced Consulting Partners to conduct the Well-Architected Framework Review and remediate any architectural concerns.

Does a Well-Architected review really make that much difference? Let’s look at each pillar to answer this question with a few self-assessing questions.

Operational Excellence – As your business and technology continue to evolve, can your operations support the change? Can your procedures support your business needs and respond effectively as your business grows?

Security – Did you put into place the necessary security practices before you launched your system? Do you have a well-defined process for security incidents to prevent catastrophic financial losses? Is your environment architected in a way to meet changing compliance regulations?

Reliability – Do you have monitoring and mechanisms in place for changes in demand (such as bandwidth) or requirements? Can your system detect an issue and resolve it? Can your system stand the test of time?

Performance Excellence – Can your system make tradeoffs to improve performance, such as using compression or caching, or relaxing consistency requirements? Can your system enable different features or solutions to improve performance?

Cost Optimization – Can your system use appropriate instances or resources to have the most cost-efficient impact? Are you overcompensating to be safe or taking the time to benchmark for the best possible cost outcome?

If you answered “no” or “I don’t know” to any of the questions, it would be a good idea to do a Well-Architected Framework Review. On average, it takes less than a week to complete and requires only a few hours of your time. It is possible that you could be wasting money and production time and losing profitable opportunities. If your AWS system is not built on the strong foundation of the AWS pillars, you may experience several costly issues that take months to fix.

To learn more about the AWS Well-Architecture Framework Review, contact us.

Receive $5,000 in AWS credits when we do a remediation
based on our review

Please select a valid form

AWS

Could a Well-Architected Framework Review Have Prevented the Capital One Breach?

Posted on by Lee Brinckley
06
Aug

On the heels of the Equifax data breach settlement, Capital One announced their disastrous data breach. According Capital One, the breach took place on March 22 and 23, 2019. The hacker gained access to approximately 106 million records of personal information that included names, addresses, dates of birth, credit scores, transaction data, social security numbers and bank account numbers.

Capital One hosts its data on AWS servers. Because of the breach, AWS has come under scrutiny, but upon further investigation, the breach was caused by an open-source Web Application Firewall (WAF) misconfiguration on Capital One’s part, not AWS. The WAF had too many permissions, therefore allowing the hacker to trick the server with a well-known method called a Server Side Request Forgery (SSRF) attack and gain access to the data.

SSRF is becoming a problem for organizations who host their data on AWS. Although the underlying infrastructure of the AWS cloud server is secure and stable, it is common for developers to build servers with outdated practices. Therefore, the organization’s data becomes vulnerable to an SSRF attack and other methods of compromise.

Amazon knows this very well and created the Well-Architected Framework service for AWS customers to help them build their architecture securely and detect common exploitation techniques. Amazon’s Well-Architected Framework is built on the five pillars of AWS:

Operational Excellence

The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

Security

The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Reliability

The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.

Performance Efficiency

The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.

Cost Optimization

The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or suboptimal resources.

As an AWS Partner, we perform Well-Architected reviews for your AWS and application architecture by following the five pillars. We look for vulnerabilities, misconfigurations and identify what needs to be remediated.  We work with you to remediate any issues we’ve found so that you can rest knowing that your architected solution is built solidly on the five pillars. For a limited time, receive $5,000 in AWS credits when we do a remediation based on our review.

An AWS Well-Architected Framework Review would have caught Capital One’s disastrous misconfiguration. No one wants to be on the homepage of a news outlet like Capital One (and Equifax) because their data was stolen. If you are an AWS customer and you have never had your application architecture inspected, it is time.

I want to learn more about the AWS Well-Architected Review.

Please select a valid form
Posted in AWS  |  Tagged