Assessing Application Fault Tolerance with AWS Resilience Hub - Visualizing RTO/RPO Target Achievement

Learn how to assess application fault tolerance with Resilience Hub, configure RTO/RPO policies, and leverage improvement recommendations.

The Need for Resilience Assessment and Resilience Hub's Role

Application fault tolerance (resilience) is quantified by RTO (Recovery Time Objective) - how quickly recovery occurs after failure - and RPO (Recovery Point Objective) - what data point can be recovered to. However, many organizations have ambiguous RTO/RPO targets or fail to verify whether their current architecture can meet those targets. Resilience Hub solves this challenge by quantitatively assessing application fault tolerance and visualizing RTO/RPO achievement. It automatically discovers resource configurations from CloudFormation stacks, Terraform state files, AppRegistry-registered applications, or EKS clusters. Four assessment scenarios are available: AZ failure, region failure, application failure, and infrastructure failure, with individual RTO/RPO targets configurable per scenario. Detected resources include EC2, RDS, DynamoDB, S3, ELB, Lambda, ECS, and EKS, and the service analyzes each resource's configuration (Multi-AZ placement, replication, backup settings) to calculate a fault tolerance score.

Resilience Policy Definition and Assessment Execution

Using Resilience Hub begins with defining a resilience policy. The policy sets RTO/RPO targets for each failure scenario - for example, 'AZ failure: RTO 1 hour, RPO 5 minutes', 'Region failure: RTO 4 hours, RPO 1 hour', 'Application failure: RTO 30 minutes, RPO 5 minutes'. Next, register the application by specifying the CloudFormation stack name, which automatically maps resources and dependencies. Running an assessment analyzes each resource's current settings to estimate RTO/RPO and provides prioritized improvement recommendations for resources that fall short. Examples include converting single-AZ RDS to Multi-AZ, enabling S3 cross-region replication, increasing Auto Scaling group minimums, and enabling DynamoDB point-in-time recovery. Each recommendation includes cost impact and estimated RTO/RPO improvement, and re-assessment after implementation shows the score difference.

FIS Integration and Fault Testing

Resilience Hub integrates with FIS (Fault Injection Service) to generate recommended fault test templates based on assessment results. It verifies whether your application can actually meet RTO/RPO targets under scenarios such as AZ failure, EC2 instance termination, RDS failover, EBS I/O pause, and network latency injection. A results scorecard visualizes each component's fault tolerance level with color coding (green: met, yellow: partially unmet, red: unmet), clarifying improvement priorities. Automated SOP (Standard Operating Procedure) generation standardizes incident response procedures and outputs them as Systems Manager Automation documents. Running the cycle of assessment, improvement, testing, and re-assessment continuously improves application resilience. For a systematic study of Resilience Hub, related books on Amazon are also a helpful reference.

Continuous Assessment and Operational Integration

Resilience Hub supports ongoing resilience management, not just one-time assessments. When application resource configurations change, drift detection identifies modifications and prompts re-assessment. EventBridge integration automates notifications and follow-up actions triggered by assessment completion, and embedding assessment steps in CI/CD pipelines detects fault tolerance regressions with each deployment. Organizations integration enables centralized management of applications across multiple accounts. Assessments can be scheduled for automatic monthly or quarterly execution in addition to manual runs.

Design Best Practices and Pitfalls

Effective use of Resilience Hub depends on application definition granularity. Monolithically grouping all resources into one application makes the scorecard unwieldy, so split applications by business domain or team and assign appropriate RTO/RPO tiers to each. Define tiers such as Tier-1 (mission-critical: RTO 5 min / RPO 1 min), Tier-2 (business: RTO 30 min / RPO 1 hour), and Tier-3 (informational: RTO 4 hours / RPO 24 hours) to prevent over-engineering. A common pitfall is that resources not included in CloudFormation stacks (manually created S3 buckets, DNS records) go undetected. Register resources in AppRegistry or add them via Resource Mapping to prevent assessment gaps. Also note that assessments are static configuration analysis and do not guarantee actual recovery times. Combining FIS fault tests is essential to validate scorecard reliability.

Comparison with Other AWS Services

Several AWS services address fault tolerance but serve different roles. AWS Backup provides centralized backup management and restore but does not assess overall architecture fault tolerance. CloudWatch excels at real-time anomaly detection but cannot compare against RTO/RPO targets or generate improvement recommendations. Health Dashboard specializes in AWS infrastructure incident notifications. Resilience Hub's unique value is combining data from these services to deliver comprehensive, application-level fault tolerance assessments and improvement roadmaps. It complements the Well-Architected Tool's reliability pillar: while Well-Architected Review provides qualitative design reviews, Resilience Hub automates quantitative assessment and specific improvement actions.

Resilience Hub Pricing

Resilience Hub pricing is based on the number of application assessments, at approximately $0.10 per assessment. Application definition and RTO/RPO policy configuration incur no additional charges. FIS test execution incurs separate FIS charges. Select applications for assessment based on criticality, and prioritize business-critical applications rather than assessing all uniformly to manage costs. Monthly scheduled assessments keep per-application costs low, but embedding assessments in CI/CD for every deployment requires attention to increased assessment volume.

Summary

Resilience Hub quantitatively assesses application fault tolerance and visualizes RTO/RPO target achievement at the component level. Define targets per failure scenario in a resilience policy, then automatically discover architecture from CloudFormation stacks, Terraform state files, and EKS clusters to run assessments across four failure scenarios. Improvement recommendations include cost impact estimates, and FIS integration automates fault testing. Drift detection and CI/CD integration enable continuous assessment, with application-level segmentation and RTO/RPO tier design being key to effective operation.