Reviewing Workloads with the AWS Well-Architected Tool - Architecture Improvement Based on Six Pillars

Quantify risks through architecture reviews based on six pillars, add organization-specific best practices with custom lenses, and track improvement progress with milestones.

Well-Architected Framework Overview

The Well-Architected Tool is a service for reviewing workload architecture based on AWS best practices. You answer questions for each of the six pillars (Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability) to assess risks. Review results are classified as High Risk Issues (HRI) and Medium Risk Issues (MRI), making improvement priorities clear. Each pillar is evaluated independently, so you can select specific pillars for a partial review. The questions and recommendations reflect insights accumulated from tens of thousands of architecture reviews conducted by AWS.

Review and Improvement Planning

After creating a workload and answering questions for each pillar, a risk report is generated. For example, the Security pillar evaluates IAM best practices, data protection, and incident response readiness. The Reliability pillar examines backup strategy, disaster recovery (DR) planning, and capacity to handle load fluctuations. The Cost Optimization pillar checks for unused resource detection, Reserved Instance utilization, and data transfer cost efficiency. In the improvement plan, you set milestones and manage items to address before the next review. Regular reviews (such as quarterly) enable continuous architecture improvement.

Custom Lenses and Milestones

Custom lenses let you define organization-specific best practices as questions and incorporate them into Well-Architected Tool reviews. You can codify security policies, compliance requirements, and internal standards as lenses, enabling consistent reviews across all teams. Milestones save snapshots at each review point, allowing you to track improvement progress over time. The improvement plan defines action items for each risk, with assigned owners and deadlines for progress management. AWS-provided specialized lenses (Serverless, SaaS, Machine Learning) enable reviews tailored to specific workload types. To deepen your understanding of architecture reviews, specialized books on Amazon can be a helpful resource.

Well-Architected Tool Pricing and Usage

The Well-Architected Tool itself incurs no additional charges. Creating reviews, answering questions, and managing improvement plans are all free. Integration with Organizations enables centralized management of workload reviews across all accounts, providing visibility into organization-wide risk posture. Establish a habit of quarterly reviews and update risk assessments as architecture changes and service updates occur. Supplement with external reviews from Well-Architected Partners to detect risks that internal teams may overlook.

Review Best Practices and Pitfalls

Here are key points for conducting effective Well-Architected reviews and common failure patterns. Include members involved in the workload's design and operations (developers, operations staff, security staff) in the review, avoiding a pattern where only one specific person answers. Responses should be based on actual state rather than ideal state; honest assessment of the current situation produces effective improvement plans. When many HRIs are detected, do not try to address them all at once; focus on 3-5 items with the highest business impact. If you update a review without saving a milestone first, past state is lost, so always record a milestone before implementing improvements. If custom lens questions are too numerous, review fatigue sets in; keep organization-wide lenses to approximately 5-10 questions per pillar.

Differentiating from Trusted Advisor

The Well-Architected Tool and Trusted Advisor are complementary but serve different roles. Trusted Advisor automatically scans resource configurations within your account and presents specific real-time recommendations for cost savings, security, and availability (e.g., unused EBS volumes, overly permissive security groups). The Well-Architected Tool, on the other hand, is a question-based review where humans evaluate overall architecture design decisions; it cannot auto-detect issues but can surface design philosophy and process problems. Using both together is most effective. Use Trusted Advisor to detect and address immediately fixable resource configuration issues, and the Well-Architected Tool to periodically evaluate structural architectural challenges. By integrating with Security Hub and Config Rules, you can automate continuous monitoring of security risks identified in Well-Architected reviews.

Summary

The Well-Architected Tool systematizes architecture reviews based on AWS best practices. It evaluates risks across six pillars (Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability), adds organization-specific best practices with custom lenses, tracks improvement progress over time with milestones, and manages action item owners and deadlines through improvement plans.