AWAF

AWAF
P1: Operational Excellence
Design Principles
Perform operations as code
Annotate documentation
Make frequent, smal, reversible
changes
Refine operations procedures
frequently
Anticipate failure
Learn from all operational failures
Best Practices
Prepare
OPS1: What factors drive your
operational priorities?
OPS2: How do you design your workload
to enable operability?
OPS3: How do you know that you are
ready to support a workload?
Services
Config
Config Rules
Operate
OPS4: What factors drive your
understanding of operational health?
OPS5: How do you manage operational
events?
Services
CloudWatch
CloudTrail
Evolve
OPS6: How do you evolve operations?
Services
Elastic Search
Resources
Documentation
Whitepaper
Video
P2: Security
Design Principles
Implement a strong identity
foundation
Enable traceability
Apply security at all layers
Automate security best practices
Protect data in transit and at rest
Prepare for security events
Best Practice
Identity and Access Management
SEC1: How are you protecting access
to and use of the AWS account root
user credentials?
SEC2: How are you defining roles and
responsibilities of system users to
control human access to the AWS
Management Console API?
SEC3: How are you limiting automated
access to AWS resources (for example
applications scripts, and/or thirdparty
tools or services)?
Services
IAM
MFA
Detective Controls
SEC4: How are you capturing and
analyzing logs?
Services
CloudTrail
Config
CloudWatch
Infrastructure Protection
SEC5: How are you enforcing network
and hostlevel boundary protection?
SEC6: How are you leveraging AWS
servicelevel security features?
SEC7: How are you protecting the
integrity of the operating system?
Service
VPC
Data Protection
SEC8: How are you classifying your
data?
SEC9: How are you encrypting and
protecting your data at rest?
SEC11: How are you encrypting and
protecting your data in transit?
Services
Encrypt RDS, S3, EBS
Macie
KMS
Incident Response
SEC12: How do you ensure that you
have the appropriate incident response?
Services
IAM
CloudFormation
Resources
Documentation
Whitepapers
Videos
P5: Cost Optimization
Design Principle
Adopt a consumption model
Measure overall efficiency
Stop spending money on data center
operations
Analyse and attribute expenditure
Use management services to reduce
cost of ownership
Best Practices
CostEffective resources
COST1: Are you considering cost when
you select AWS services for your
solutions?
COST2: Have you sized your
resources to meet your cost
targets?
COST3: Have you selected the
appropriate pricing model to meet your
cost targets?
Services
Cost Explorer
Matching Supply and Demand
COST4: How do you make sure your
capacity matches but does not
substantially exceed what you need?
Services
Auto Scaling
Expenditure Awarness
COST5: Do you consider datatransfer
charges when designing your
architecture?
COST6: How are you monitoring usage
and spending?
COST7: Do your decommission
resources that you no longer need or
stop resources that are temporarily
not needed?
COST8: What access controls and
procedures do you have in place to
govern AWS usage?
Services
CloudWatch
SNS
Optimizing Over Time
COST9: How do you manage and/or
consider the adoption of new services?
Services
AWS Blog
AWS Website
Trusted Advisor
re:invent / Summits
Twitter
Resources
Documentation
Whitepaper
Video
Tools
AWS TCO Calculators
AWS Simple Monthly Caclulator
P3: Reliability
Design Principles
Test recovery procedures
Automatically recover from failure
Scale horizontally to increase
aggregate system availability
Stop guessing capacity
Manage change in automation
Best Practice
Foundations
REL1: How are you managing AWS
service limits for your accounts?
REL2: How are you planning your
network topology on AWS?
Services
IAM
VPC
Trusted Advisor
Shield
Change Management
REL3: How does your system adapt
to changes in demand?
REL4: How are you monitoring AWS
resources?
REL5: How are you executing change?
Services
CloudTrail
Config
Auto Scaling
CloudWatch
Failure Management
REL6: How are you backing up your
data?
REL7: How does your system
withstand component failures?
REL8: How are you testing your
resiliency?
REL9: How are you planning for
disaster recovery?
Services
CloudFormation
S3
Glacier
KMS
Resources
Documentation
Whitepapers
Videos
Report
AWS Support
P4: Performance Efficiency
Design Principle
Democratize advanced technologies
Go global in minutes
Use serverless architectures
Experiment more often
Mechanical sympathy
Best Practices
Selection
PERF1: How do you select the best
performance architecture?
Compute
PERF2: How did you select your
compute solution?
Instances
Containers
Functions
Services
Auto Scaling
Storage
PERF3: How do you select your
storage solution?
Services
S3
EBS
Database
PERF4: How do you select your Storage
solution?
Services
RDS
DynamoDB
Aurora
Network
PERF5: How do you select your network
solution?
Services
Route 53
VPC
Direct Connect
Review
PERF6: How do you ensure that you
continue to have the most appropriate
resource type as new ressource types
and features are introduced?
Services
AWS BLog
AWS Website
re:invent & summits
twitter
Monitoring
PERF7: How do you monitoring your
resources postlaunch to ensure they
are performing as expected?
Services
Cloudwatch
Lambda
Cloudtrail
Tradeoffs
PERF8: How do you use tradeoffs to
improve performance?
Services
Elastic Cache
CloudFront
Snowball
RDS Read replicas
Ressources
Documentation
Whitepaper
Videos
17