What Is the AWS Well-Architected Framework?
The AWS Well-Architected Framework is a set of design principles, best practices, and evaluation questions that AWS has distilled from reviewing hundreds of thousands of customer architectures over more than a decade. It is organised into six pillars, each addressing a distinct dimension of architecture quality.
A Well-Architected Review (WAR) is a structured assessment of a specific workload against those pillars. The output is a prioritised list of findings — what you are doing well and where you have risk.
The Six Pillars
- Operational Excellence: Can you run and monitor systems to deliver business value and continually improve processes? This covers observability, deployment automation, and runbooks for operational events.
- Security: How are you protecting your data, systems, and assets? This covers IAM, network controls, data protection, incident response, and compliance.
- Reliability: How does your workload recover from failures? This covers resilience, disaster recovery, backup and restore, and testing for failure.
- Performance Efficiency: Are you using the right AWS services and configurations for your workload? This covers instance type selection, database choice, caching strategy, and scaling architecture.
- Cost Optimisation: Are you spending appropriately for the value you are delivering? This covers pricing models, resource utilisation, and cost visibility.
- Sustainability: How are you minimising the environmental impact of your workload? This covers resource efficiency, managed services, and carbon-aware architecture.
What a WA Review Actually Involves
A formal AWS Well-Architected Review typically takes 1-3 days depending on the complexity of the workload. The process:
- Workload definition: Agree the scope — typically a specific production workload or application, not the entire AWS estate.
- Lens selection: The core WA framework covers the six pillars. AWS also provides specialised lenses for serverless, SaaS, ML, financial services, and other domains.
- Question walkthrough: A structured set of questions across all six pillars. Each question has a set of best practices — you assess which are implemented, partially implemented, or not implemented.
- Risk identification: Findings are categorised as High Risk Issues (HRIs) or Medium Risk Issues (MRIs) based on their potential business impact.
- Improvement plan: Prioritised remediation recommendations with implementation guidance.
What WA Reviews Typically Uncover
Having conducted WA reviews across dozens of workloads, we see consistent patterns:
- Reliability: Most workloads lack tested recovery procedures. They have backups but have never tested restore. They have multi-AZ deployment but have never simulated an AZ failure.
- Security: Overly permissive IAM policies, missing encryption on data at rest, CloudTrail not enabled in all regions, GuardDuty not deployed.
- Operational Excellence: Missing structured logging and distributed tracing, no runbooks for common operational events, no defined SLOs.
- Cost Optimisation: Significant On-Demand spend where Savings Plans would save 30%+, orphaned resources, no cost allocation tags.
What You Get Out of a WA Review
The immediate output is a WA Review report — a document that scores your workload across the six pillars, lists all findings with risk levels, and provides a prioritised remediation plan.
As an AWS Advanced Tier Partner, GenClouds can submit WA reviews to AWS, which makes your workload eligible for AWS Well-Architected Partner Program benefits including AWS credits for remediation work on qualifying workloads.
The longer-term value is a shared vocabulary and framework for architectural decision-making. Teams that go through a WA review are better equipped to evaluate architectural trade-offs using a consistent set of principles.
When Should You Do a WA Review?
The most common triggers:
- Before a major new workload launch or architectural change
- After a production incident — to identify contributing factors across all pillars
- As part of a migration project — to validate that the migrated workload meets the target architecture
- Annually for any business-critical workload
- When a compliance or security audit raises questions about your architecture
Getting Started
A Well-Architected Review is one of the highest-value, lowest-disruption assessments an AWS customer can undergo. It requires no changes to your production environment — it is a review of your architecture design and operational practices, not a penetration test or live scan.
GenClouds conducts formal WA reviews as a standalone engagement or as part of a broader migration or modernisation project. Contact us to scope a review for your workload.