MindMap Gallery AWAF
This is a mind map that contains information about AWAF.
Edited at 2020-10-12 03:07:02AWAF
P1: Operational Excellence
Design Principles
Perform operations as code
Annotate documentation
Make frequent, smal, reversiblechanges
Refine operations proceduresfrequently
Anticipate failure
Learn from all operational failures
Best Practices
Prepare
OPS1: What factors drive youroperational priorities?
OPS2: How do you design your workloadto enable operability?
OPS3: How do you know that you areready to support a workload?
Services
Config
Config Rules
Operate
OPS4: What factors drive yourunderstanding of operational health?
OPS5: How do you manage operationalevents?
Services
CloudWatch
CloudTrail
Evolve
OPS6: How do you evolve operations?
Services
Elastic Search
Resources
Documentation
Whitepaper
Video
P5: Cost Optimization
Design Principle
Adopt a consumption model
Measure overall efficiency
Stop spending money on data centeroperations
Analyse and attribute expenditure
Use management services to reducecost of ownership
Best Practices
CostEffective resources
COST1: Are you considering cost whenyou select AWS services for yoursolutions?
COST2: Have you sized yourresources to meet your costtargets?
COST3: Have you selected theappropriate pricing model to meet yourcost targets?
Services
Cost Explorer
Matching Supply and Demand
COST4: How do you make sure yourcapacity matches but does notsubstantially exceed what you need?
Services
Auto Scaling
Expenditure Awarness
COST5: Do you consider datatransfercharges when designing yourarchitecture?
COST6: How are you monitoring usageand spending?
COST7: Do your decommissionresources that you no longer need orstop resources that are temporarilynot needed?
COST8: What access controls andprocedures do you have in place togovern AWS usage?
Services
CloudWatch
SNS
Optimizing Over Time
COST9: How do you manage and/orconsider the adoption of new services?
Services
AWS Blog
AWS Website
Trusted Advisor
re:invent / Summits
Resources
Documentation
Whitepaper
Video
Tools
AWS TCO Calculators
AWS Simple Monthly Caclulator
P3: Reliability
Design Principles
Test recovery procedures
Automatically recover from failure
Scale horizontally to increaseaggregate system availability
Stop guessing capacity
Manage change in automation
Best Practice
Foundations
REL1: How are you managing AWSservice limits for your accounts?
REL2: How are you planning yournetwork topology on AWS?
Services
IAM
VPC
Trusted Advisor
Shield
Change Management
REL3: How does your system adaptto changes in demand?
REL4: How are you monitoring AWSresources?
REL5: How are you executing change?
Services
CloudTrail
Config
Auto Scaling
CloudWatch
Failure Management
REL6: How are you backing up yourdata?
REL7: How does your systemwithstand component failures?
REL8: How are you testing yourresiliency?
REL9: How are you planning fordisaster recovery?
Services
CloudFormation
S3
Glacier
KMS
Resources
Documentation
Whitepapers
Videos
Report
AWS Support
P4: Performance Efficiency
Design Principle
Democratize advanced technologies
Go global in minutes
Use serverless architectures
Experiment more often
Mechanical sympathy
Best Practices
Selection
PERF1: How do you select the bestperformance architecture?
Compute
PERF2: How did you select yourcompute solution?
Instances
Containers
Functions
Services
Auto Scaling
Storage
PERF3: How do you select yourstorage solution?
Services
S3
EBS
Database
PERF4: How do you select your Storagesolution?
Services
RDS
DynamoDB
Aurora
Network
PERF5: How do you select your networksolution?
Services
Route 53
VPC
Direct Connect
Review
PERF6: How do you ensure that youcontinue to have the most appropriateresource type as new ressource typesand features are introduced?
Services
AWS BLog
AWS Website
re:invent & summits
Monitoring
PERF7: How do you monitoring yourresources postlaunch to ensure theyare performing as expected?
Services
Cloudwatch
Lambda
Cloudtrail
Tradeoffs
PERF8: How do you use tradeoffs toimprove performance?
Services
Elastic Cache
CloudFront
Snowball
RDS Read replicas
Ressources
Documentation
Whitepaper
Videos
P2: Security
Design Principles
Implement a strong identityfoundation
Enable traceability
Apply security at all layers
Automate security best practices
Protect data in transit and at rest
Prepare for security events
Best Practice
Identity and Access Management
SEC1: How are you protecting accessto and use of the AWS account rootuser credentials?
SEC2: How are you defining roles andresponsibilities of system users tocontrol human access to the AWSManagement Console API?
SEC3: How are you limiting automatedaccess to AWS resources (for exampleapplications scripts, and/or thirdpartytools or services)?
Services
IAM
MFA
Detective Controls
SEC4: How are you capturing andanalyzing logs?
Services
CloudTrail
Config
CloudWatch
Infrastructure Protection
SEC5: How are you enforcing networkand hostlevel boundary protection?
SEC6: How are you leveraging AWSservicelevel security features?
SEC7: How are you protecting theintegrity of the operating system?
Service
VPC
Data Protection
SEC8: How are you classifying yourdata?
SEC9: How are you encrypting andprotecting your data at rest?
SEC11: How are you encrypting andprotecting your data in transit?
Services
Encrypt RDS, S3, EBS
Macie
KMS
Incident Response
SEC12: How do you ensure that youhave the appropriate incident response?
Services
IAM
CloudFormation
Resources
Documentation
Whitepapers
Videos