Operations Management

Resilience Assessment - Quantifying Application Fault Tolerance with AWS Resilience Hub

Learn how to assess application fault tolerance with AWS Resilience Hub, including defining RTO/RPO targets, configuring resilience policies, running automated assessments, and leveraging improvement recommendations.

約 5 分で読めます

Why Resilience Assessment Matters

Application fault tolerance (resilience) is quantified by how quickly you can recover from a failure (RTO: Recovery Time Objective) and how much data you can recover (RPO: Recovery Point Objective). However, many organizations have vague RTO/RPO targets or haven't verified whether their current architecture can meet those targets. AWS Resilience Hub is a service that quantitatively assesses application fault tolerance and provides improvement recommendations. It automatically discovers resource configurations from CloudFormation stacks or Terraform State and calculates estimated RTO/RPO for AZ failure, region failure, and application failure scenarios. It then compares these estimates against your defined RTO/RPO targets to determine whether they can be met.

Resilience Policies and Running Assessments

Using Resilience Hub starts with defining a resilience policy. In the policy, you set RTO and RPO targets for each failure scenario. For example: "AZ failure: RTO 1 hour, RPO 5 minutes," "Region failure: RTO 4 hours, RPO 1 hour," "Application failure: RTO 30 minutes, RPO 5 minutes." Next, you register your application. Specifying a CloudFormation stack name automatically discovers the resources within the stack (EC2, RDS, DynamoDB, Lambda, S3, etc.) and maps their dependencies. When you run an assessment, it analyzes each resource's current configuration (Multi-AZ setup, backup settings, replication settings, etc.) and calculates estimated RTO/RPO for each failure scenario. If any resource can't meet the target, specific improvement recommendations are provided.

Improvement Recommendations and FIS Integration

Assessment results present improvement recommendations as specific actions for each resource. For example, a single-AZ RDS instance gets a recommendation to "switch to Multi-AZ deployment," a DynamoDB table without backups gets "enable point-in-time recovery (PITR)," and EC2 instances without Auto Scaling get "create an Auto Scaling group." Each recommendation includes the estimated RTO/RPO improvement if implemented, helping you prioritize. Integration with FIS (Fault Injection Simulator) lets Resilience Hub auto-generate FIS experiment templates for recommended test scenarios (AZ failure simulation, RDS failover, etc.), allowing you to inject actual faults and verify fault tolerance. By cycling through assessment, improvement, testing, and re-assessment, you can continuously improve your application's resilience. For a comprehensive study of cloud disaster recovery, books (Amazon) offer systematic learning.

Operations and Continuous Assessment

Resilience Hub supports ongoing resilience management, not just one-time assessments. When your application's resource configuration changes (CloudFormation stack updates), drift detection identifies the changes and prompts re-assessment. Assessments can be run manually or integrated into CI/CD pipelines for automatic execution at deployment time. Organizations integration enables centralized management of applications across multiple accounts. Pricing is a flat rate of $15 per application per month with no limit on assessment frequency. Positioned as a tool for automating the reliability pillar review of the Well-Architected Framework, it also integrates with the Well-Architected Tool.

Resilience Hub Pricing

Resilience Hub pricing is based on the number of application assessments. Each assessment costs approximately $0.10, with monthly costs depending on assessment frequency. Defining applications and setting RTO/RPO policies incur no additional charges. A recommended operational pattern is to schedule periodic assessments (monthly or quarterly) and run re-assessments after architecture changes. Implementation costs for recommended improvements (Multi-AZ deployment, backup configuration, etc.) are separate.

Summary - Guidelines for Using Resilience Hub

AWS Resilience Hub is a service that quantitatively assesses application fault tolerance using RTO/RPO metrics and provides improvement recommendations. Its key strengths are automatic resource discovery from CloudFormation, assessment across three failure scenarios, and integration with FIS for test execution. We recommend starting by defining RTO/RPO targets for mission-critical production applications and assessing the current state with Resilience Hub. At $15/month per application, the ability to understand potential failure impact in advance delivers significant value.

Related Services

AWS Resilience HubA service that assesses application resilience and visualizes recovery target complianceAWS Fault Injection SimulatorA service that intentionally injects faults into AWS environments to test system resilienceAWS CloudFormationAn IaC service that defines and provisions AWS resources as code using templates

Related Articles

Chaos Engineering in Practice - Verifying Fault Tolerance with AWS Fault Injection SimulatorLearn about practicing chaos engineering with AWS Fault Injection Simulator (FIS). Covers designing fault injection scenarios, injecting faults into EC2, ECS, and RDS, and conducting safe experiments.Architecture Review - Systematically Evaluate Workloads with the AWS Well-Architected ToolLearn about architecture reviews using the AWS Well-Architected Tool. Covers evaluation based on the six pillars, improvement planning, and custom lens usage.Assessing Application Fault Tolerance with AWS Resilience Hub - Visualizing RTO/RPO Target AchievementLearn how to assess application fault tolerance with Resilience Hub, configure RTO/RPO policies, and leverage improvement recommendations.

More on This Topic

How AWS Keeps Time Internally - Amazon Time Sync Service and Leap Second Smearing DesignLearn how Amazon Time Sync Service works, how GPS and atomic clocks provide high-precision time sources, the design decision to absorb leap seconds through smearing, and why time synchronization matters in distributed systems.Centralizing SaaS Audit Logs with AWS AppFabric - OCSF Standardization and Security Lake IntegrationLearn how AppFabric collects audit logs from SaaS applications, standardizes them to OCSF format, and builds analysis pipelines.Implementing Feature Flags with AWS AppConfig - Safe Configuration Deployment and RollbackRoll out configuration changes independently from code deployments using Linear and Exponential strategies. Ensure safety with automatic rollback triggered by CloudWatch alarms.Architecture Review - Systematically Evaluate Workloads with the AWS Well-Architected ToolLearn about architecture reviews using the AWS Well-Architected Tool. Covers evaluation based on the six pillars, improvement planning, and custom lens usage.Audit Log Design and Operations - Complete API Activity Recording with CloudTrailLearn how to design audit logs using AWS CloudTrail, including recording API activity, long-term storage in S3, and compliance automation through integration with AWS Config.Lessons from AWS Incident Reports (COE) - How Past Major Outages Shaped Design PrinciplesAnalyze the root causes of past major incidents including the S3 outage, us-east-1 DNS failure, and Kinesis outage from AWS's published Correction of Errors (COE) and incident reports, and explain how they changed AWS's design principles.Tag Design Determines Operations - Trivia and Practical Naming Conventions for AWS Resource Tagging StrategyWe explain why AWS resource tags are not just labels but the foundation for cost allocation, access control, and automation, covering tag key naming conventions, how to use the 50-tag limit, and governance through tag policies.Why AWS Service Quotas Exist - Multi-Tenant Design That Protects Shared InfrastructureExplain how AWS service quotas (formerly service limits) are not mere restrictions but a design to protect other customers in a multi-tenant environment, covering the noisy neighbor problem, soft vs hard limits, and what happens behind quota increase requests.

Similar Articles and Services

Assessing Application Fault Tolerance with AWS Resilience Hub - Visualizing RTO/RPO Target AchievementLearn how to assess application fault tolerance with Resilience Hub, configure RTO/RPO policies, and leverage improvement recommendations.AWS Resilience HubA resilience management service that quantitatively assesses application fault tolerance, visualizes compliance against RTO/RPO targets, and provides improvement recommendationsAWS DR Strategy Options - Designing Disaster Recovery Step by Step from Pilot Light to Multi-SiteWe explain the breadth and flexibility of disaster recovery options AWS provides, focusing on Pilot Light, Warm Standby, Multi-Site Active/Active strategies, and Elastic Disaster Recovery.Building Disaster Recovery with AWS Elastic Disaster Recovery - Continuous Replication and Recovery TestingContinuously replicate on-premises servers to AWS and validate recovery procedures with recovery drills. Learn the end-to-end workflow through failback.