Product logo
DocsBlogPricing

Policy types for @turbot/aws-wellarchitected-framework

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization

The Cost Optimization pillar includes the ability to run systems to deliver business value at the lowest price point. See Cost Optimization for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost
Category
Parent
Targets
Valid Value
[
  "Skip"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 01. How do you implement cloud financial management?

Implementing Cloud Financial Management enables organizations to realize business value and financial success as they optimize their cost and usage and scale on AWS.

See COST 01. How do you implement cloud financial management? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 01. How do you implement cloud financial management? > Establish a cost optimization function

Create a team that is responsible for establishing and maintaining cost awareness across your organization. The team requires people from finance, technology, and business roles across the organization.

See Establish a cost optimization function for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01Function
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 01. How do you implement cloud financial management? > Establish a partnership between finance and technology

Involve finance and technology teams in cost and usage discussions at all stages of your cloud journey. Teams regularly meet and discuss topics such as organizational goals and targets, current state of cost and usage, and financial and accounting practices.

See Establish a partnership between finance and technology for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01Partnership
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 01. How do you implement cloud financial management? > Establish cloud budgets and forecasts

Adjust existing organizational budgeting and forecasting processes to be compatible with the highly variable nature of cloud costs and usage. Processes must be dynamic using trend based or business driver-based algorithms, or a combination.

See Establish cloud budgets and forecasts for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01BudgetForecast
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 01. How do you implement cloud financial management? > Implement cost awareness in your organizational processes

Implement cost awareness into new or existing processes that impact usage, and leverage existing processes for cost awareness. Implement cost awareness into employee training.

See Implement cost awareness in your organizational processes for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01CostAwareness
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 01. How do you implement cloud financial management? > Keep up to date with new service releases

Consult regularly with experts or APN Partners to consider which services and features provide lower cost. Review AWS blogs and other information sources.

See Keep up to date with new service releases for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01Scheduled
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 01. How do you implement cloud financial management? > Monitor cost proactively

Implement tooling and dashboards to monitor cost proactively for the workload. Do not just look at costs and categories when you receive notifications. This helps to identify positive trends and promote them throughout your organization.

See Monitor cost proactively for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01ProactiveProcess
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 01. How do you implement cloud financial management? > Report and notify on cost optimization

Configure AWS Budgets to provide notifications on cost and usage against targets. Have regular meetings to analyze this workload's cost efficiency and to promote cost aware culture.

See Report and notify on cost optimization for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost01UsageReport
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 02. How do you govern usage?

Establish policies and mechanisms to ensure that appropriate costs are incurred while objectives are achieved. By employing a checks-and-balances approach, you can innovate without overspending.

See COST 02. How do you govern usage? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 02. How do you govern usage? > Develop policies based on your organization requirements

Develop policies that define how resources are managed by your organization. Policies should cover cost aspects of resources and workloads, including creation, modification and decommission over the resource lifetime.

See Develop policies based on your organization requirements for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02Policies
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 02. How do you govern usage? > Implement an account structure

Implement a structure of accounts that maps to your organization. This assists in allocating and managing costs throughout your organization.

See Implement an account structure for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02AccountStructure
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 02. How do you govern usage? > Implement cost controls

Implement controls based on organization policies and defined groups and roles. These ensure that costs are only incurred as defined by organization requirements - for example, control access to regions or resource types with IAM policies.

See Implement cost controls for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02Controls
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 02. How do you govern usage? > Implement goals and targets

Implement both cost and usage goals for your workload. Goals provide direction to your organization on cost and usage, and targets provide measurable outcomes for your workloads.

See Implement goals and targets for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02GoalTarget
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 02. How do you govern usage? > Implement groups and roles

Implement groups and roles that align to your policies and control who can create, modify, or decommission instances and resources in each group. For example, implement development, test, and production groups. This applies to AWS services and third-party solutions.

See Implement groups and roles for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02GroupsRoles
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 02. How do you govern usage? > Track project lifecycle

Track, measure, and audit the lifecycle of projects, teams, and environments to avoid using and paying for unnecessary resources.

See Track project lifecycle for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost02TrackLifecycle
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 03. How do you monitor usage and cost?

Establish policies and procedures to monitor and appropriately allocate your costs. This allows you to measure and improve the cost efficiency of this workload.

See COST 03. How do you monitor usage and cost? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 03. How do you monitor usage and cost? > Add organization information to cost and usage

Define a tagging schema based on organization, and workload attributes, and cost allocation categories. Implement tagging across all resources. Use Cost Categories to group costs and usage according to organization attributes.

See Add organization information to cost and usage for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03OrgInformation
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 03. How do you monitor usage and cost? > Allocate costs based on workload metrics

Allocate the workload's costs by metrics or business outcomes to measure workload cost efficiency. Implement a process to analyze the AWS Cost and Usage Report with Amazon Athena, which can provide insight and charge back capability.

See Allocate costs based on workload metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03AllocateOutcome
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 03. How do you monitor usage and cost? > Configure billing and cost management tools

Configure AWS Cost Explorer and AWS Budgets inline with your organization policies.

See Configure billing and cost management tools for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03ConfigTools
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 03. How do you monitor usage and cost? > Configure detailed information sources

Configure the AWS Cost and Usage Report, and Cost Explorer hourly granularity, to provide detailed cost and usage information. Configure your workload to have log entries for every delivered business outcome.

See Configure detailed information sources for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03DetailedSource
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 03. How do you monitor usage and cost? > Establish organization metrics

Establish the organization metrics that are required for this workload. Example metrics of workload are customer reports produced or web pages served to customers.

See Establish organization metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03DefineKpi
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 03. How do you monitor usage and cost? > Identify cost attribution categories

Identify organization categories that could be used to allocate cost within your organization.

See Identify cost attribution categories for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost03DefineAttribution
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 04. How do you decommission resources?

Implement change control and resource management from project inception to end-of-life. This ensures you shut down or terminate unused resources to reduce waste.

See COST 04. How do you decommission resources? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 04. How do you decommission resources? > Decommission resources

Decommission resources triggered by events such as periodic audits, or changes in usage Decommissioning is typically performed periodically, and is manual or automated.

See Decommission resources for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04Decommission
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 04. How do you decommission resources? > Decommission resources automatically

Design your workload to gracefully handle resource termination as you identify and decommission non-critical resources, resources that are not required, or resources with low utilization.

See Decommission resources automatically for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04DecommAutomated
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 04. How do you decommission resources? > Implement a decommissioning process

Implement a process to identify and decommission orphaned resources.

See Implement a decommissioning process for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04ImplementProcess
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 04. How do you decommission resources? > Track resources over their life time

Define and implement a method to track resources and their associations with systems over their life time. You can use tagging to identify the workload or function of the resource.

See Track resources over their life time for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost04Track
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 05. How do you evaluate cost when you select services?

Amazon EC2, Amazon EBS, and Amazon S3 are building-block AWS services. Managed services, such as Amazon RDS and Amazon DynamoDB, are higher level, or application level, AWS services. By selecting the appropriate building blocks and managed services, you can optimize this workload for cost. For example, using managed services, you can reduce or remove much of your administrative and operational overhead, freeing you to work on applications and business-related activities.

See COST 05. How do you evaluate cost when you select services? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 05. How do you evaluate cost when you select services? > Analyze all components of this workload

Ensure every workload component is analyzed, regardless of current size or current costs. Review effort should reflect potential benefit, as current and projected costs.

See Analyze all components of this workload for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05AnalyzeAll
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 05. How do you evaluate cost when you select services? > Identify organization requirements for cost

Work with team members to define the balance between cost optimization and other pillars, such as performance and reliability, for this workload.

See Identify organization requirements for cost for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05Requirements
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 05. How do you evaluate cost when you select services? > Perform a thorough analysis of each component

Look at overall cost to the organization of each component. Look at total cost of ownership by factoring in cost of operations and management, especially when using managed services. Review effort should reflect potential benefit - for example, time spent analyzing is proportional to component cost.

See Perform a thorough analysis of each component for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05ThoroughAnalysis
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 05. How do you evaluate cost when you select services? > Perform cost analysis for different usage over time

Workloads can change over time. Some services or features are more cost effective at different usage levels. By performing analysis on each component over time and at projected usage, you ensure the workload remains effective over its lifetime.

See Perform cost analysis for different usage over time for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05AnalyzeOverTime
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 05. How do you evaluate cost when you select services? > Select components of this workload to optimize cost in line with organization priorities

Factor in cost when selecting all components. This includes using application level and services, such as Amazon RDS, Amazon DynamoDB, Amazon SNS, and Amazon SES to reduce organization cost. Use serverless and containers for compute, such as AWS Lambda, Amazon S3 for websites, and Amazon ECS. Minimize license costs by using open source software, or software does not have license fees - for example, Amazon Linux for compute workloads or migrate to Amazon Aurora.

See Select components of this workload to optimize cost in line with organization priorities for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05SelectForCost
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 05. How do you evaluate cost when you select services? > Select software with cost effective licensing

Open source software will eliminate software licensing costs, which can contribute significant costs to workloads. Where licensed is required, avoid licenses bound to arbitrary attributes such as CPUs, look for licenses that bound to output or outcomes. The cost of these licenses scales more closely to the benefit provide.

See Select software with cost effective licensing for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost05Licensing
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 06. How do you meet cost targets when you select resource type, size and number?

Ensure that you choose the appropriate resource size and number of resources for the task at hand. You minimize waste by selecting the most cost effective type, size, and number.

See COST 06. How do you meet cost targets when you select resource type, size and number? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost06
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 06. How do you meet cost targets when you select resource type, size and number? > Perform cost modeling

Identify organization requirements and perform cost modeling of the workload and each of its components. Perform benchmark activities for the workload under different predicted loads and compare the costs. The modeling effort should reflect potential benefit - for example, time spent is proportional to component cost.

See Perform cost modeling for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost06CostModeling
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 06. How do you meet cost targets when you select resource type, size and number? > Select resource type, size, and number automatically based on metrics

Use metrics from the currently running workload to select the right size and type to optimize for cost. provision throughput, sizing, and storage for services such as Amazon EC2, Amazon DynamoDB, Amazon (PIOPS), Amazon RDS, Amazon EMR, and networking. This can be done with a feedback loop such automatic scaling or by custom code in the workload.

See Select resource type, size, and number automatically based on metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost06Metrics
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 06. How do you meet cost targets when you select resource type, size and number? > Select resource type, size, and number based on data

Select resource size or type based on data about the workload and resource characteristics for example, compute, memory, throughput, write intensive. This selection is typically made using a previous version of the workload (such an on-premises version), using documentation, or using other sources of information about workload.

See Select resource type, size, and number based on data for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost06Data
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 07. How do you use pricing models to reduce cost?

Use the pricing model that is most appropriate for your resources to minimize expense.

See COST 07. How do you use pricing models to reduce cost? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 07. How do you use pricing models to reduce cost? > Implement pricing models for all components of this workload

Permanently running resources should utilize reserved capacity such as Savings Plans or reserved Instances. Short term capacity is configured to use Spot Instances, or Spot Fleet. On demand is only used for short-term workloads that cannot be interrupted and do not run long enough for reserved capacity, between 25% to 75% of the period, depending on the resource type.

See Implement pricing models for all components of this workload for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07ImplementModels
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 07. How do you use pricing models to reduce cost? > Implement regions based on cost

Resource pricing can be different in each region. Factoring in region cost ensures you pay the lowest overall price for this workload.

See Implement regions based on cost for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07RegionCost
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 07. How do you use pricing models to reduce cost? > Perform pricing model analysis

Analyze each component of the workload. Determine if the component and resources will be running for extended periods (for commitment discounts), dynamic and short running (for spot or on-demand). Perform an analysis on the workload using Recommendations feature in AWS Cost Explorer.

See Perform pricing model analysis for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07Analysis
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 07. How do you use pricing models to reduce cost? > Perform pricing model analysis at the master account level

Use Cost Explorer Savings Plans and Reserved Instance recommendations to perform regular analysis at the master level for commitment discounts.

See Perform pricing model analysis at the master account level for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07MasterAnalysis
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 07. How do you use pricing models to reduce cost? > Select third party agreements with cost efficient terms

Cost efficient agreements and terms ensure the cost of these services scales with the benefits they provide. Select agreements pricing that scale when they provide additional benefits to your organization.

See Select third party agreements with cost efficient terms for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost07ThirdParty
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 08. How do you plan for data transfer charges?

Ensure that you plan and monitor data transfer charges so that you can make architectural decisions to minimize costs. A small yet effective architectural change can drastically reduce your operational costs over time.

See COST 08. How do you plan for data transfer charges? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost08
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 08. How do you plan for data transfer charges? > Implement services to reduce data transfer costs

Implement services to reduce data transfer - for example, using a CDN such as Amazon CloudFront to deliver content to end users, caching layers using Amazon ElastiCache, or using AWS Direct Connect instead of VPN for connectivity to AWS.

See Implement services to reduce data transfer costs for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost08ImplementServices
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 08. How do you plan for data transfer charges? > Perform data transfer modeling

Gather organization requirements and perform data transfer modeling of the workload and each of its components. This identifies the lowest cost for its current data transfer requirements.

See Perform data transfer modeling for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost08Modeling
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 08. How do you plan for data transfer charges? > Select components to optimize data transfer cost

All components are selected, and architecture is designed to reduce data transfer costs. This includes using components such as optimization and Multi-AZ configurations.

See Select components to optimize data transfer cost for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost08OptimizedComponents
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 09. How do you manage demand, and supply resources?

For a workload that has balanced spend and performance, ensure that everything you pay for is used and avoid significantly underutilizing instances. A skewed utilization metric in either direction has an adverse impact on your organization, in either operational costs (degraded performance due to over-utilization), or wasted AWS expenditures (due to over-provisioning).

See COST 09. How do you manage demand, and supply resources? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost09
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 09. How do you manage demand, and supply resources? > Implement a buffer or throttle to manage demand

Buffering and throttling modify the demand on your workload, smoothing out any peaks. Implement throttling when your clients perform retries.Implement buffering to store the request and defer processing until a later time. Ensure your throttles and buffers are designed so clients receive a response in the required time.

See Implement a buffer or throttle to manage demand for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost09BufferThrottle
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 09. How do you manage demand, and supply resources? > Perform an analysis on the workload demand

Analyze the demand of the workload over time. Ensure the analysis covers seasonal trends and accurately represents operating conditions over the full workload lifetime. Analysis effort should reflect potential benefit - for example, time spent is proportional to the workload cost.

See Perform an analysis on the workload demand for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost09CostAnalysis
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 09. How do you manage demand, and supply resources? > Supply resources dynamically

Resources are provisioned in a planned manner. This can be demand-based, such as through automatic scaling, or time-based, where demand is predictable and resources are provided based on time. These methods result in the least amount of over or under provisioning.

See Supply resources dynamically for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost09Dynamic
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 10. How do you evaluate new services?

As AWS releases new services and features, it's a best practice to review your existing architectural decisions to ensure they continue to be the most cost effective.

See COST 10. How do you evaluate new services? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost10
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 10. How do you evaluate new services? > Develop a workload review process

Develop a process that defines the criteria and process for workload review. The review effort should reflect potential benefit: for example, core workloads or workloads with a value of over 10% of the bill are reviewed quarterly, while workloads below 10% are reviewed annually.

See Develop a workload review process for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost10ReviewProcess
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Cost Optimization > COST 10. How do you evaluate new services? > Review and analyze this workload regularly

Existing workloads are regularly reviewed as per defined processes.

See Review and analyze this workload regularly for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/cost10ReviewWorkload
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence

The Operational Excellence pillar includes the ability to support development and run workloads effectively, gain insight into their operations, and to continuously improve supporting processes and procedures to deliver business value. See Operational Excellence for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops
Category
Parent
Targets
Valid Value
[
  "Skip"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 01. How do you determine what your priorities are?

Everyone needs to understand their part in enabling business success. Have shared goals in order to set priorities for resources. This will maximize the benefits of your efforts.

See OPS 01. How do you determine what your priorities are? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 01. How do you determine what your priorities are? > Evaluate compliance requirements

Evaluate external factors, such as regulatory compliance requirements and industry standards, to ensure that you are aware of guidelines or obligations that may mandate or emphasize specific focus. If no compliance requirements are identified, ensure that you apply due diligence to this determination.

See Evaluate compliance requirements for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01ComplianceReqs
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 01. How do you determine what your priorities are? > Evaluate external customer needs

Involve key stakeholders, including business, development, and operations teams, to determine where to focus efforts on external customer needs. This will ensure that you have a thorough understanding of the operations support that is required to achieve your desired business outcomes.

See Evaluate external customer needs for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01ExtCustNeeds
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 01. How do you determine what your priorities are? > Evaluate governance requirements

Ensure that you are aware of guidelines or obligations defined by your organization that may mandate or emphasize specific focus. Evaluate internal factors, such as organization policy, standards, and requirements. Validate that you have mechanisms to identify changes to governance. If no governance requirements are identified, ensure that you have applied due diligence to this determination.

See Evaluate governance requirements for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01GovernanceReqs
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 01. How do you determine what your priorities are? > Evaluate internal customer needs

Involve key stakeholders, including business, development, and operations teams, when determining where to focus efforts on internal customer needs. This will ensure that you have a thorough understanding of the operations support that is required to achieve business outcomes.

See Evaluate internal customer needs for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01IntCustNeeds
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 01. How do you determine what your priorities are? > Evaluate threat landscape

Evaluate threats to the business (for example, competition, business risk and liabilities, operational risks, and information security threats) and maintain current information in a risk registry. Include the impact of risks when determining where to focus efforts.

See Evaluate threat landscape for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01EvalThreatLandscape
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 01. How do you determine what your priorities are? > Evaluate tradeoffs

Evaluate the impact of tradeoffs between competing interests or alternative approaches, to help make informed decisions when determining where to focus efforts or choosing a course of action. For example, accelerating speed to market for new features may be emphasized over cost optimization, or you may choose a relational database for non-relational data to simplify the effort to migrate a system, rather than migrating to a database optimized for your data type and updating your application.

See Evaluate tradeoffs for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01EvalTradeoffs
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 01. How do you determine what your priorities are? > Manage benefits and risks

Manage benefits and risks to make informed decisions when determining where to focus efforts. For example, it may be beneficial to deploy a workload with unresolved issues so that significant new features can be made available to customers. It may be possible to mitigate associated risks, or it may become unacceptable to allow a risk to remain, in which case you will take action to address the risk.

See Manage benefits and risks for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops01ManageRiskBenefit
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 02. How do you structure your organization to support your business outcomes?

Your teams must understand their part in achieving business outcomes. Teams need to understand their roles in the success of other teams, the role of other teams in their success, and have shared goals. Understanding responsibility, ownership, how decisions are made, and who has authority to make decisions will help focus efforts and maximize the benefits from your teams.

See OPS 02. How do you structure your organization to support your business outcomes? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 02. How do you structure your organization to support your business outcomes? > Mechanisms exist to identify responsibility and ownership

Where no individual or team is identified, there are defined escalation paths to someone with the authority to assign ownership or plan for that need to be addressed.

See Mechanisms exist to identify responsibility and ownership for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02FindOwner
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 02. How do you structure your organization to support your business outcomes? > Mechanisms exist to request additions, changes, and exceptions

You are able to make requests to owners of processes, procedures, and resources. Make informed decisions to approve requests where viable and determined to be appropriate after an evaluation of benefits and risks.

See Mechanisms exist to request additions, changes, and exceptions for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02ReqAddChgException
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 02. How do you structure your organization to support your business outcomes? > Operations activities have identified owners responsible for their performance

Understand who has responsibility to perform specific activities on defined workloads and why that responsibility exists. Understanding who has responsibility to perform activities informs who will conduct the activity, validate the result, and provide feedback to the owner of the activity.

See Operations activities have identified owners responsible for their performance for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02DefActivityOwners
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 02. How do you structure your organization to support your business outcomes? > Processes and procedures have identified owners

Understand who has ownership of the definition of individual processes and procedures, why those specific process and procedures are used, and why that ownership exists. Understanding the reasons that specific processes and procedures are used enables identification of improvement opportunities.

See Processes and procedures have identified owners for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02DefProcOwners
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 02. How do you structure your organization to support your business outcomes? > Resources have identified owners

Understand who has ownership of each application, workload, platform, and infrastructure component, what business value is provided by that component, and why that ownership exists. Understanding the business value of these individual components and how they support business outcomes informs the processes and procedures applied against them.

See Resources have identified owners for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02DefResourceOwners
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 02. How do you structure your organization to support your business outcomes? > Responsibilities between teams are predefined or negotiated

There are defined or negotiated agreements between teams describing how they work with and support each other (for example, response times, service level objectives, or service level agreements). Understanding the impact of the teams’ work on business outcomes, and the outcomes of other teams and organizations, informs the prioritization of their tasks and enables them to respond appropriately.

See Responsibilities between teams are predefined or negotiated for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02DefNegTeamAgreements
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 02. How do you structure your organization to support your business outcomes? > Team members know what they are responsible for

Understanding the responsibilities of your role and how you contribute to business outcomes informs the prioritization of your tasks and why your role is important. This enables team members to recognize needs and respond appropriately.

See Team members know what they are responsible for for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops02KnowMyJob
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 03. How does your organizational culture support your business outcomes?

Provide support for your team members so that they can be more effective in taking action and supporting your business outcome.

See OPS 03. How does your organizational culture support your business outcomes? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 03. How does your organizational culture support your business outcomes? > Communications are timely, clear, and actionable

Mechanisms exist and are used to provide timely notice to team members of known risks and planned events. Necessary context, details, and time (when possible) are provided to support determining if action is necessary, what action is required, and to take action in a timely manner. For example, providing notice of software vulnerabilities so that patching can be expedited, or providing notice of planned sales promotions so that a change freeze can be implemented to avoid the risk of service disruption.

See Communications are timely, clear, and actionable for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03EffectiveComms
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 03. How does your organizational culture support your business outcomes? > Diverse opinions are encouraged and sought within and across teams

Leverage cross-organizational diversity to seek multiple unique perspectives. Use this perspective to increase innovation, challenge your assumptions, and reduce the risk of confirmation bias. Grow inclusion, diversity, and accessibility within your teams to gain beneficial perspectives.

See Diverse opinions are encouraged and sought within and across teams for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03DiverseIncAccess
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 03. How does your organizational culture support your business outcomes? > Escalation is encouraged

Team members have mechanisms and are encouraged to escalate concerns to decision makers and stakeholders if they believe outcomes are at risk. Escalation should be performed early and often so that risks can be identified, and prevented from causing incidents.

See Escalation is encouraged for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamEncEscalation
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 03. How does your organizational culture support your business outcomes? > Executive Sponsorship

Senior leadership clearly sets expectations for the organization and evaluates success. Senior leadership is the sponsor, advocate, and driver for the adoption of best practices and evolution of the organization.

See Executive Sponsorship for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03ExecutiveSponsor
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 03. How does your organizational culture support your business outcomes? > Experimentation is encouraged

Experimentation accelerates learning and keeps team members interested and engaged. An undesired result is a successful experiment that has identified a path that will not lead to success. Team members are not punished for successful experiments with undesired results. Experimentation is required for innovation to happen and turn ideas into outcomes.

See Experimentation is encouraged for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamEncExperiment
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 03. How does your organizational culture support your business outcomes? > Resource teams appropriately

Maintain team member capacity, and provide tools and resources, to support your workload needs. Overtasking team members increases the risk of incidents resulting from human error. Investments in tools and resources (for example, providing automation for frequently executed activities) can scale the effectiveness of your team, enabling them to support additional activities.

See Resource teams appropriately for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamResAppro
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 03. How does your organizational culture support your business outcomes? > Team members are empowered to take action when outcomes are at risk

The workload owner has defined guidance and scope empowering team members to respond when outcomes are at risk. Escalation mechanisms are used to get direction when events are outside of the defined scope.

See Team members are empowered to take action when outcomes are at risk for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamEmpTakeAction
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 03. How does your organizational culture support your business outcomes? > Team members are enabled and encouraged to maintain and grow their skill sets

Teams must grow their skill sets to adopt new technologies, and to support changes in demand and responsibilities in support of your workloads. Growth of skills in new technologies is frequently a source of team member satisfaction and supports innovation. Support your team members’ pursuit and maintenance of industry certifications that validate and acknowledge their growing skills. Cross train to promote knowledge transfer and reduce the risk of significant impact when you lose skilled and experienced team members with institutional knowledge. Provide dedicated structured time for learning.

See Team members are enabled and encouraged to maintain and grow their skill sets for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops03TeamEncLearn
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 04. How do you design your workload so that you can understand its state?

Design your workload so that it provides the information necessary across all components (for example, metrics, logs, and traces) for you to understand its internal state. This enables you to provide effective responses when appropriate.

See OPS 04. How do you design your workload so that you can understand its state? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 04. How do you design your workload so that you can understand its state? > Implement and configure workload telemetry

Design and configure your workload to emit information about its internal state and current status. For example, API call volume, HTTP status codes, and scaling events. Use this information to help determine when a response is required.

See Implement and configure workload telemetry for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04WorkloadTelemetry
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 04. How do you design your workload so that you can understand its state? > Implement application telemetry

Instrument your application code to emit information about its internal state, status, and achievement of business outcomes. For example, queue depth, error messages, and response times. Use this information to determine when a response is required.

See Implement application telemetry for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04ApplicationTelemetry
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 04. How do you design your workload so that you can understand its state? > Implement dependency telemetry

Design and configure your workload to emit information about the status (for example, reachability or response time) of resources it depends on. Examples of external dependencies can include, external databases, DNS, and network connectivity. Use this information to determine when a response is required.

See Implement dependency telemetry for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04DependencyTelemetry
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 04. How do you design your workload so that you can understand its state? > Implement transaction traceability

Implement your application code and configure your workload components to emit information about the flow of transactions across the workload. Use this information to determine when a response is required and to assist you in identifying the factors contributing to an issue..

See Implement transaction traceability for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04DistTrace
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 04. How do you design your workload so that you can understand its state? > Implement user activity telemetry

Instrument your application code to emit information about user activity, for example, click streams, or started, abandoned, and completed transactions. Use this information to help understand how the application is used, patterns of usage, and to determine when a response is required.

See Implement user activity telemetry for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops04CustomerTelemetry
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 05. How do you reduce defects, ease remediation, and improve flow into production?

Adopt approaches that improve flow of changes into production, that enable refactoring, fast feedback on quality, and bug fixing. These accelerate beneficial changes entering production, limit issues deployed, and enable rapid identification and remediation of issues introduced through deployment activities.

See OPS 05. How do you reduce defects, ease remediation, and improve flow into production? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 05. How do you reduce defects, ease remediation, and improve flow into production? > Fully automate integration and deployment

Automate build, deployment, and testing of the workload. This reduces errors caused by manual processes and reduces the effort to deploy changes.

See Fully automate integration and deployment for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05AutoIntegDeploy
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 05. How do you reduce defects, ease remediation, and improve flow into production? > Implement practices to improve code quality

Implement practices to improve code quality and minimize defects. For example, test-driven development, code reviews, and standards adoption.

See Implement practices to improve code quality for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05CodeQuality
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 05. How do you reduce defects, ease remediation, and improve flow into production? > Make frequent, small, reversible changes

Frequent, small, and reversible changes reduce the scope and impact of a change. This eases troubleshooting, enables faster remediation, and provides the option to roll back a change.

See Make frequent, small, reversible changes for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05FreqSmRevChg
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 05. How do you reduce defects, ease remediation, and improve flow into production? > Perform patch management

Perform patch management to gain features, address issues, and remain compliant with governance. Automate patch management to reduce errors caused by manual processes, and reduce the level of effort to patch.

See Perform patch management for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05PatchMgmt
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 05. How do you reduce defects, ease remediation, and improve flow into production? > Share design standards

Share best practices across teams to increase awareness and maximize the benefits of development efforts.

See Share design standards for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05ShareDesignStds
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 05. How do you reduce defects, ease remediation, and improve flow into production? > Test and validate changes

Test and validate changes to help limit and detect errors. Automate testing to reduce errors caused by manual processes, and reduce the level of effort to test.

See Test and validate changes for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05TestValChg
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 05. How do you reduce defects, ease remediation, and improve flow into production? > Use build and deployment management systems

Use build and deployment management systems. These systems reduce errors caused by manual processes and reduce the level of effort to deploy changes.

See Use build and deployment management systems for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05BuildMgmtSys
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 05. How do you reduce defects, ease remediation, and improve flow into production? > Use configuration management systems

Use configuration management systems to make and track configuration changes. These systems reduce errors caused by manual processes and reduce the level of effort to deploy changes.

See Use configuration management systems for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05ConfMgmtSys
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 05. How do you reduce defects, ease remediation, and improve flow into production? > Use multiple environments

Use multiple environments to experiment, develop, and test your workload. Use increasing levels of controls as environments approach production to gain confidence your workload will operate as intended when deployed.

See Use multiple environments for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05MultiEnv
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 05. How do you reduce defects, ease remediation, and improve flow into production? > Use version control

Use version control to enable tracking of changes and releases.

See Use version control for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops05VersionControl
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 06. How do you mitigate deployment risks?

Adopt approaches that provide fast feedback on quality and enable rapid recovery from changes that do not have desired outcomes. Using these practices mitigates the impact of issues introduced through the deployment of changes.

See OPS 06. How do you mitigate deployment risks? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 06. How do you mitigate deployment risks? > Automate testing and rollback

Automate testing of deployed environments to confirm desired outcomes. Automate rollback to previous known good state when outcomes are not achieved to minimize recovery time and reduce errors caused by manual processes.

See Automate testing and rollback for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06AutoTestingAndRollback
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 06. How do you mitigate deployment risks? > Deploy frequent, small, reversible changes

Use frequent, small, and reversible changes to reduce the scope of a change. This results in easier troubleshooting and faster remediation with the option to roll back a change.

See Deploy frequent, small, reversible changes for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06FreqSmRevChg
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 06. How do you mitigate deployment risks? > Deploy using parallel environments

Implement changes onto parallel environments, and then transition over to the new environment. Maintain the prior environment until there is confirmation of successful deployment. Doing so minimizes recovery time by enabling rollback to the previous environment.

See Deploy using parallel environments for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06DeployToParallelEnv
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 06. How do you mitigate deployment risks? > Fully automate integration and deployment

Automate build, deployment, and testing of the workload. This reduces errors cause by manual processes and reduces the effort to deploy changes.

See Fully automate integration and deployment for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06AutoIntegDeploy
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 06. How do you mitigate deployment risks? > Plan for unsuccessful changes

Plan to revert to a known good state, or remediate in the production environment if a change does not have the desired outcome. This preparation reduces recovery time through faster responses.

See Plan for unsuccessful changes for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06PlanForUnsucessfulChanges
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 06. How do you mitigate deployment risks? > Test and validate changes

Test changes and validate the results at all lifecycle stages to confirm new features and minimize the risk and impact of failed deployments.

See Test and validate changes for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06TestValChg
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 06. How do you mitigate deployment risks? > Test using limited deployments

Test with limited deployments alongside existing systems to confirm desired outcomes prior to full scale deployment. For example, use deployment canary testing or one-box deployments.deploy changes.

See Test using limited deployments for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06TestLimitedDeploy
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 06. How do you mitigate deployment risks? > Use deployment management systems

Use deployment management systems to track and implement change. This reduces errors cause by manual processes and reduces the effort to deploy changes.

See Use deployment management systems for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops06DeployMgmtSys
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 07. How do you know that you are ready to support a workload?

Evaluate the operational readiness of your workload, processes and procedures, and personnel to understand the operational risks related to your workload.

See OPS 07. How do you know that you are ready to support a workload? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 07. How do you know that you are ready to support a workload? > Ensure consistent review of operational readiness

Ensure you have a consistent review of your readiness to operate a workload. Reviews must include, at a minimum, the operational readiness of the teams and the workload, and security requirements. Implement review activities in code and trigger automated review in response to events where appropriate, to ensure consistency, speed of execution, and reduce errors caused by manual processes.

See Ensure consistent review of operational readiness for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07ConstOrr
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 07. How do you know that you are ready to support a workload? > Ensure personnel capability

Have a mechanism to validate that you have the appropriate number of trained personnel to provide support for operational needs. Train personnel and adjust personnel capacity as necessary to maintain effective support.

See Ensure personnel capability for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07PersonnelCapability
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 07. How do you know that you are ready to support a workload? > Make informed decisions to deploy systems and changes

Evaluate the capabilities of the team to support the workload and the workload's compliance with governance. Evaluate these against the benefits of deployment when determining whether to transition a system or change into production. Understand the benefits and risks to make informed decisions.

See Make informed decisions to deploy systems and changes for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07InformedDeployDecisions
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 07. How do you know that you are ready to support a workload? > Use playbooks to investigate issues

Enable consistent and prompt responses to issues that are not well understood, by documenting the investigation process in playbooks. Playbooks are the predefined steps performed to identify the factors contributing to a failure scenario. The results from any process step are used to determine the next steps to take until the issue is identified or escalated.

See Use playbooks to investigate issues for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07UsePlaybooks
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 07. How do you know that you are ready to support a workload? > Use runbooks to perform procedures

Runbooks are documented procedures to achieve specific outcomes. Enable consistent and prompt responses to well-understood events by documenting procedures in runbooks. Implement runbooks as code and trigger the execution of runbooks in response to events where appropriate, to ensure consistency, speed responses, and reduce errors caused by manual processes.

See Use runbooks to perform procedures for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops07UseRunbooks
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 08. How do you understand the health of your workload?

Define, capture, and analyze workload metrics to gain visibility to workload events so that you can take appropriate action.

See OPS 08. How do you understand the health of your workload? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 08. How do you understand the health of your workload? > Alert when workload anomalies are detected

Raise an alert when workload anomalies are detected so that you can respond appropriately if necessary.

See Alert when workload anomalies are detected for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08WorkloadAnomalyAlerts
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 08. How do you understand the health of your workload? > Alert when workload outcomes are at risk

Raise an alert when workload outcomes are at risk so that you can respond appropriately if necessary.

See Alert when workload outcomes are at risk for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08WorkloadOutcomeAlerts
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 08. How do you understand the health of your workload? > Collect and analyze workload metrics

Perform regular proactive reviews of metrics to identify trends and determine where appropriate responses are needed.

See Collect and analyze workload metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08CollectAnalyzeWorkloadMetrics
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 08. How do you understand the health of your workload? > Define workload metrics

Define workload metrics to measure the achievement of KPIs (for example, abandoned shopping carts, orders placed, cost, price, and allocated workload expense). Define workload metrics to measure the health of the workload (for example, interface response time, error rate, requests made, requests completed, and utilization). Evaluate metrics to determine if the workload is achieving desired outcomes, and to understand the health of the workload.

See Define workload metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08DesignWorkloadMetrics
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 08. How do you understand the health of your workload? > Establish workload metrics baselines

Establish baselines for metrics to provide expected values as the basis for comparison and identification of under and over performing components. Identify thresholds for improvement, investigation, and intervention.

See Establish workload metrics baselines for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08WorkloadMetricBaselines
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 08. How do you understand the health of your workload? > Identify key performance indicators

Identify key performance indicators (KPIs) based on desired business outcomes (for example, order rate, customer retention rate, and profit versus operating expense) and customer outcomes (for example, customer satisfaction). Evaluate KPIs to determine workload success.

See Identify key performance indicators for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08DefineWorkloadKpis
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 08. How do you understand the health of your workload? > Learn expected patterns of activity for workload

Establish patterns of workload activity to identify anomalous behavior so that you can respond appropriately if required.

See Learn expected patterns of activity for workload for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08LearnWorkloadUsagePatterns
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 08. How do you understand the health of your workload? > Validate the achievement of outcomes and the effectiveness of KPIs and metrics

Create a business-level view of your workload operations to help you determine if you are satisfying needs and to identify areas that need improvement to reach business goals. Validate the effectiveness of KPIs and metrics and revise them if necessary.

See Validate the achievement of outcomes and the effectiveness of KPIs and metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops08BizLevelViewWorkload
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 09. How do you understand the health of your operations?

Define, capture, and analyze operations metrics to gain visibility to operations events so that you can take appropriate action.

See OPS 09. How do you understand the health of your operations? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 09. How do you understand the health of your operations? > Alert when operations anomalies are detected

Raise an alert when operations anomalies are detected so that you can respond appropriately if necessary.

See Alert when operations anomalies are detected for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09OpsAnomalyAlerts
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 09. How do you understand the health of your operations? > Alert when operations outcomes are at risk

Raise an alert when operations outcomes are at risk so that you can respond appropriately if necessary.

See Alert when operations outcomes are at risk for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09OpsOutcomeAlerts
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 09. How do you understand the health of your operations? > Collect and analyze operations metrics

Perform regular, proactive reviews of metrics to identify trends and determine where appropriate responses are needed.

See Collect and analyze operations metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09CollectAnalyzeOpsMetrics
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 09. How do you understand the health of your operations? > Define operations metrics

Define operations metrics to measure the achievement of KPIs (for example, successful deployments, and failed deployments). Define operations metrics to measure the health of operations activities (for example, mean time to detect an incident (MTTD), and mean time to recovery (MTTR) from an incident). Evaluate metrics to determine if operations are achieving desired outcomes, and to understand the health of your operations activities.

See Define operations metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09DesignOpsMetrics
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 09. How do you understand the health of your operations? > Establish operations metrics baselines

Establish baselines for metrics to provide expected values as the basis for comparison and identification of under and over performing operations activities.

See Establish operations metrics baselines for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09OpsMetricBaselines
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 09. How do you understand the health of your operations? > Identify key performance indicators

Identify key performance indicators (KPIs) based on desired business (for example, new features delivered) and customer outcomes (for example, customer support cases). Evaluate KPIs to determine operations success.

See Identify key performance indicators for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09DefineOpsKpis
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 09. How do you understand the health of your operations? > Learn the expected patterns of activity for operations

Establish patterns of operations activities to identify anomalous activity so that you can respond appropriately if necessary.

See Learn the expected patterns of activity for operations for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09LearnOpsUsagePatterns
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 09. How do you understand the health of your operations? > Validate the achievement of outcomes and the effectiveness of KPIs and metrics

Create a business-level view of your operations activities to help you determine if you are satisfying needs and to identify areas that need improvement to reach business goals. Validate the effectiveness of KPIs and metrics and revise them if necessary.

See Validate the achievement of outcomes and the effectiveness of KPIs and metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops09BizLevelViewOps
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 10. How do you manage workload and operations events?

Prepare and validate procedures for responding to events to minimize their disruption to your workload.

See OPS 10. How do you manage workload and operations events? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 10. How do you manage workload and operations events? > Automate responses to events

Automate responses to events to reduce errors caused by manual processes, and to ensure prompt and consistent responses.

See Automate responses to events for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10AutoEventResponse
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 10. How do you manage workload and operations events? > Communicate status through dashboards

Provide dashboards tailored to their target audiences (for example, internal technical teams, leadership, and customers) to communicate the current operating status of the business and provide metrics of interest.

See Communicate status through dashboards for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10Dashboards
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 10. How do you manage workload and operations events? > Define escalation paths

Define escalation paths in your runbooks and playbooks, including what triggers escalation, and procedures for escalation. Specifically identify owners for each action to ensure effective and prompt responses to operations events.

See Define escalation paths for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10DefineEscalationPaths
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 10. How do you manage workload and operations events? > Enable push notifications

Communicate directly with your users (for example, with email or SMS) when the services they use are impacted, and again when the services return to normal operating conditions, to enable users to take appropriate action.

See Enable push notifications for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10PushNotify
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 10. How do you manage workload and operations events? > Have a process per alert

Have a well-defined response (runbook or playbook), with a specifically identified owner, for any event for which you raise an alert. This ensures effective and prompt responses to operations events and prevents actionable events from being obscured by less valuable notifications.

See Have a process per alert for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10ProcessPerAlert
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 10. How do you manage workload and operations events? > Prioritize operational events based on business impact

Ensure that when multiple events require intervention, those that are most significant to the business are addressed first. For example, impacts can include loss of life or injury, financial loss, or damage to reputation or trust.

See Prioritize operational events based on business impact for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10PrioritizeEvents
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 10. How do you manage workload and operations events? > Use processes for event, incident, and problem management

Have processes to address observed events, events that require intervention (incidents), and events that require intervention and either recur or cannot currently be resolved (problems). Use these processes to mitigate the impact of these events on the business and your customers by ensuring timely and appropriate responses.

See Use processes for event, incident, and problem management for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops10EventIncidentProblemProcess
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 11. How do you evolve operations?

Dedicate time and resources for continuous incremental improvement to evolve the effectiveness and efficiency of your operations.

See OPS 11. How do you evolve operations? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 11. How do you evolve operations? > Allocate time to make improvements

Dedicate time and resources within your processes to make continuous incremental improvements possible.

See Allocate time to make improvements for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11AllocateTimeForImp
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 11. How do you evolve operations? > Define drivers for improvement

Identify drivers for improvement to help you evaluate and prioritize opportunities.

See Define drivers for improvement for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11DriversForImp
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 11. How do you evolve operations? > Document and share lessons learned

Document and share lessons learned from the execution of operations activities so that you can use them internally and across teams.

See Document and share lessons learned for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11ShareLessonsLearned
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 11. How do you evolve operations? > Have a process for continuous improvement

Regularly evaluate and prioritize opportunities for improvement to focus efforts where they can provide the greatest benefits.

See Have a process for continuous improvement for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11ProcessContImp
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 11. How do you evolve operations? > Implement feedback loops

Include feedback loops in your procedures and workloads to help you identify issues and areas that need improvement.

See Implement feedback loops for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11FeedbackLoops
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 11. How do you evolve operations? > Perform Knowledge Management

Mechanisms exist for your team members to discover the information that they are looking for in a timely manner, access it, and identify that it’s current and complete. Mechanisms are present to identify needed content, content in need of refresh, and content that should be archived so that it’s no longer referenced.

See Perform Knowledge Management for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11KnowledgeManagement
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 11. How do you evolve operations? > Perform operations metrics reviews

Regularly perform retrospective analysis of operations metrics with cross-team participants from different areas of the business. Use these reviews to identify opportunities for improvement, potential courses of action, and to share lessons learned.

See Perform operations metrics reviews for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11MetricsReview
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 11. How do you evolve operations? > Perform post-incident analysis

Review customer-impacting events, and identify the contributing factors and preventative actions. Use this information to develop mitigations to limit or prevent recurrence. Develop procedures for prompt and effective responses. Communicate contributing factors and corrective actions as appropriate, tailored to target audiences.

See Perform post-incident analysis for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11PerformRcaProcess
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Operational Excellence > OPS 11. How do you evolve operations? > Validate insights

Review your analysis results and responses with cross-functional teams and business owners. Use these reviews to establish common understanding, identify additional impacts, and determine courses of action. Adjust responses as appropriate.

See Validate insights for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/ops11ValidateInsights
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency

The Performance Efficiency pillar includes the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve. See Performance Efficiency for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf
Category
Parent
Targets
Valid Value
[
  "Skip"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 01. How do you select the best performing architecture?

Often, multiple approaches are required for optimal performance across a workload. Well-architected systems use multiple solutions and features to improve performance.

See PERF 01. How do you select the best performing architecture? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 01. How do you select the best performing architecture? > Benchmark existing workloads

Benchmark the performance of an existing workload to understand how it performs on the cloud. Use the data collected from benchmarks to drive architectural decisions.

See Benchmark existing workloads for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01Benchmark
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 01. How do you select the best performing architecture? > Define a process for architectural choices

Use internal experience and knowledge of the cloud, or external resources such as published use cases, relevant documentation, or whitepapers to define a process to choose resources and services. You should define a process that encourages experimentation and benchmarking with the services that could be used in your workload.

See Define a process for architectural choices for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01Process
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 01. How do you select the best performing architecture? > Factor cost requirements into decisions

Workloads often have cost requirements for operation. Use internal cost controls to select resource types and sizes based on predicted resource need.

See Factor cost requirements into decisions for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01Cost
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 01. How do you select the best performing architecture? > Load test your workload

Deploy your latest workload architecture on the cloud using different resource types and sizes. Monitor the deployment to capture performance metrics that identify bottlenecks or excess capacity. Use this performance information to design or improve your architecture and resource selection.

See Load test your workload for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01LoadTest
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 01. How do you select the best performing architecture? > Understand the available services and resources

Learn about and understand the wide range of services and resources available in the cloud. Identify the relevant services and configuration options for your workload, and understand how to achieve optimal performance.

See Understand the available services and resources for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01EvaluateResources
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 01. How do you select the best performing architecture? > Use guidance from your cloud provider or an appropriate partner

Use cloud company resources, such as solutions architects, professional services, or an appropriate partner to guide your decisions. These resources can help review and improve your architecture for optimal performance.

See Use guidance from your cloud provider or an appropriate partner for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01ExternalGuidance
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 01. How do you select the best performing architecture? > Use policies or reference architectures

Maximize performance and efficiency by evaluating internal policies and existing reference architectures and using your analysis to select services and configurations for your workload.

See Use policies or reference architectures for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf01UsePolicies
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 02. How do you select your compute solution?

The optimal compute solution for a workload varies based on application design, usage patterns, and configuration settings. Architectures can use different compute solutions for various components and enable different features to improve performance. Selecting the wrong compute solution for an architecture can lead to lower performance efficiency.

See PERF 02. How do you select your compute solution? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 02. How do you select your compute solution? > Collect compute-related metrics

One of the best ways to understand how your compute systems are performing is to record and track the true utilization of various resources. This data can be used to make more accurate determinations about resource requirements.

See Collect compute-related metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02CollectMetrics
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 02. How do you select your compute solution? > Determine the required configuration by right-sizing

Analyze the various performance characteristics of your workload and how these characteristics relate to memory, network, and CPU usage. Use this data to choose resources that best match your workload's profile. For example, a memory-intensive workload, such as a database, could be served best by the r-family of instances. However, a bursting workload can benefit more from an elastic container system.

See Determine the required configuration by right-sizing for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02RightSizing
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 02. How do you select your compute solution? > Evaluate the available compute options

Understand the performance characteristics of the compute-related options available to you. Know how instances, containers, and functions work, and what advantages, or disadvantages, they bring to your workload.

See Evaluate the available compute options for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02EvaluateOptions
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 02. How do you select your compute solution? > Re-evaluate compute needs based on metrics

Use system-level metrics to identify the behavior and requirements of your workload over time. Evaluate your workload's needs by comparing the available resources with these requirements and make changes to your compute environment to best match your workload's profile. For example, over time a system might be observed to be more memory-intensive than initially thought, so moving to a different instance family or size could improve both performance and efficiency.

See Re-evaluate compute needs based on metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02UseMetrics
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 02. How do you select your compute solution? > Understand the available compute configuration options

Understand how various options complement your workload, and which configuration options are best for your system. Examples of these options include instance family, sizes, features (GPU, I/O), function sizes, container instances, and single versus multi-tenancy.

See Understand the available compute configuration options for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02ConfigOptions
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 02. How do you select your compute solution? > Use the available elasticity of resources

The cloud provides the flexibility to expand or reduce your resources dynamically through a variety of mechanisms to meet changes in demand. Combined with compute-related metrics, a workload can automatically respond to changes and utilize the optimal set of resources to achieve its goal.

See Use the available elasticity of resources for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf02Elasticity
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 03. How do you select your storage solution?

The optimal storage solution for a system varies based on the kind of access method (block, file, or object), patterns of access (random or sequential), required throughput, frequency of access (online, offline, archival), frequency of update (WORM, dynamic), and availability and durability constraints. Well-architected systems use multiple storage solutions and enable different features to improve performance and use resources efficiently.

See PERF 03. How do you select your storage solution? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf03
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 03. How do you select your storage solution? > Evaluate available configuration options

Evaluate the various characteristics and configuration options and how they relate to storage. Understand where and how to use provisioned IOPS, SSDs, magnetic storage, object storage, archival storage, or ephemeral storage to optimize storage space and performance for your workload.

See Evaluate available configuration options for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf03EvaluatedOptions
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 03. How do you select your storage solution? > Make decisions based on access patterns and metrics

Choose storage systems based on your workload's access patterns and configure them by determining how the workload accesses data. Increase storage efficiency by choosing object storage over block storage. Configure the storage options you choose to match your data access patterns.

See Make decisions based on access patterns and metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf03OptimizePatterns
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 03. How do you select your storage solution? > Understand storage characteristics and requirements

Understand the different characteristics (for example, shareable, file size, cache size, access patterns, latency, throughput, and persistence of data) that are required to select the services that best fit your workload, such as object storage, block storage, file storage, or instance storage.

See Understand storage characteristics and requirements for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf03UnderstandChar
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 04. How do you select your database solution?

The optimal database solution for a system varies based on requirements for availability, consistency, partition tolerance, latency, durability, scalability, and query capability. Many systems use different database solutions for various subsystems and enable different features to improve performance. Selecting the wrong database solution and features for a system can lead to lower performance efficiency.

See PERF 04. How do you select your database solution? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 04. How do you select your database solution? > Choose data storage based on access patterns

Use the access patterns of the workload to decide which services and technologies to use. For example, utilize a relational database for workloads that require transactions, or a key-value store that provides higher throughput but is eventually consistent where applicable.

See Choose data storage based on access patterns for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04AccessPatterns
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 04. How do you select your database solution? > Collect and record database performance metrics

Use tools, libraries, and systems that record performance measurements related to database performance. For example, measure transactions per second, slow queries, or system latency introduced when accessing the database. Use this data to understand the performance of your database systems.

See Collect and record database performance metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04CollectMetrics
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 04. How do you select your database solution? > Evaluate the available options

Evaluate the services and storage options that are available as part of the selection process for your workload's storage mechanisms. Understand how, and when, to use a given service or system for data storage. Learn about available configuration options that can optimize database performance or efficiency, such as provisioned IOPs, memory and compute resources, and caching.

See Evaluate the available options for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04EvaluateOptions
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 04. How do you select your database solution? > Optimize data storage based on access patterns and metrics

Use performance characteristics and access patterns that optimize how data is stored or queried to achieve the best possible performance. Measure how optimizations such as indexing, key distribution, data warehouse design, or caching strategies impact system performance or overall efficiency.

See Optimize data storage based on access patterns and metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04OptimizeMetrics
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 04. How do you select your database solution? > Understand data characteristics

Understand the different characteristics of data in your workload. Determine if the workload requires transactions, how it interacts with data, and what its performance demands are. Use this data to select the best performing database approach for your workload (for example, relational databases, NoSQL Key-value, document, wide column, graph, time series, or in-memory storage).

See Understand data characteristics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf04UnderstandChar
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 05. How do you configure your networking solution?

The optimal network solution for a workload varies based on latency, throughput requirements, jitter, and bandwidth. Physical constraints, such as user or on-premises resources, determine location options. These constraints can be offset with edge locations or resource placement.

See PERF 05. How do you configure your networking solution? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 05. How do you configure your networking solution? > Choose appropriately sized dedicated connectivity or VPN for hybrid workloads

When there is a requirement for on-premise communication, ensure that you have adequate bandwidth for workload performance. Based on bandwidth requirements, a single dedicated connection or a single VPN might not be enough, and you must enable traffic load balancing across multiple connections.

See Choose appropriately sized dedicated connectivity or VPN for hybrid workloads for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05Hybrid
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 05. How do you configure your networking solution? > Choose network protocols to improve performance

Make decisions about protocols for communication between systems and networks based on the impact to the workload’s performance.

See Choose network protocols to improve performance for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05Protocols
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 05. How do you configure your networking solution? > Choose your workload’s location based on network requirements

Use the cloud location options available to reduce network latency or improve throughput. Utilize AWS Regions, Availability Zones, placement groups, and edge locations such as Outposts, Local Regions, and Wavelength, to reduce network latency or improve throughput.

See Choose your workload’s location based on network requirements for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05Location
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 05. How do you configure your networking solution? > Evaluate available networking features

Evaluate networking features in the cloud that may increase performance. Measure the impact of these features through testing, metrics, and analysis. For example, take advantage of network-level features that are available to reduce latency, network distance, or jitter.

See Evaluate available networking features for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05EvaluateFeatures
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 05. How do you configure your networking solution? > Leverage load-balancing and encryption offloading

Distribute traffic across multiple resources or services to allow your workload to take advantage of the elasticity that the cloud provides. You can also use load balancing for offloading encryption termination to improve performance and to manage and route traffic effectively.

See Leverage load-balancing and encryption offloading for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05EncryptionOffload
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 05. How do you configure your networking solution? > Optimize network configuration based on metrics

Use collected and analyzed data to make informed decisions about optimizing your network configuration. Measure the impact of those changes and use the impact measurements to make future decisions.

See Optimize network configuration based on metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05Optimize
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 05. How do you configure your networking solution? > Understand how networking impacts performance

Analyze and understand how network-related decisions impact workload performance. For example, network latency often impacts the user experience, and using the wrong protocols can starve network capacity through excessive overhead.

See Understand how networking impacts performance for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf05UnderstandImpact
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 06. How do you evolve your workload to take advantage of new releases?

When architecting workloads, there are finite options that you can choose from. However, over time, new technologies and approaches become available that could improve the performance of your workload.

See PERF 06. How do you evolve your workload to take advantage of new releases? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf06
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 06. How do you evolve your workload to take advantage of new releases? > Define a process to improve workload performance

Define a process to evaluate new services, design patterns, resource types, and configurations as they become available. For example, run existing performance tests on new instance offerings to determine their potential to improve your workload.

See Define a process to improve workload performance for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf06DefineProcess
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 06. How do you evolve your workload to take advantage of new releases? > Evolve workload performance over time

As an organization, use the information gathered through the evaluation process to actively drive adoption of new services or resources when they become available.

See Evolve workload performance over time for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf06Evolve
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 06. How do you evolve your workload to take advantage of new releases? > Stay up-to-date on new resources and services

Evaluate ways to improve performance as new services, design patterns, and product offerings become available. Determine which of these could improve performance or increase the efficiency of the workload through ad-hoc evaluation, internal discussion, or external analysis.

See Stay up-to-date on new resources and services for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf06KeepUpToDate
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 07. How do you monitor your resources to ensure they are performing?

System performance can degrade over time. Monitor system performance to identify degradation and remediate internal or external factors, such as the operating system or application load.

See PERF 07. How do you monitor your resources to ensure they are performing? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 07. How do you monitor your resources to ensure they are performing? > Analyze metrics when events or incidents occur

In response to (or during) an event or incident, use monitoring dashboards or reports to understand and diagnose the impact. These views provide insight into which portions of the workload are not performing as expected.

See Analyze metrics when events or incidents occur for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07ReviewMetrics
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 07. How do you monitor your resources to ensure they are performing? > Establish Key Performance Indicators (KPIs) to measure workload performance

Identify the KPIs that indicate whether the workload is performing as intended. For example, an API-based workload might use overall response latency as an indication of overall performance, and an e-commerce site might choose to use the number of purchases as its KPI.

See Establish Key Performance Indicators (KPIs) to measure workload performance for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07EstablishKpi
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 07. How do you monitor your resources to ensure they are performing? > Monitor and alarm proactively

Use key performance indicators (KPIs), combined with monitoring and alerting systems, to proactively address performance-related issues. Use alarms to trigger automated actions to remediate issues where possible. Escalate the alarm to those able to respond if automated response is not possible. For example, you may have a system that can predict expected key performance indicators (KPI) values and alarm when they breach certain thresholds, or a tool that can automatically halt or roll back deployments if KPIs are outside of expected values.

See Monitor and alarm proactively for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07Proactive
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 07. How do you monitor your resources to ensure they are performing? > Record performance-related metrics

Use a monitoring and observability service to record performance-related metrics. For example, record database transactions, slow queries, I/O latency, HTTP request throughput, service latency, or other key data.

See Record performance-related metrics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07RecordMetrics
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 07. How do you monitor your resources to ensure they are performing? > Review metrics at regular intervals

As routine maintenance, or in response to events or incidents, review which metrics are collected. Use these reviews to identify which metrics were key in addressing issues and which additional metrics, if they were being tracked, would help to identify, address, or prevent issues.

See Review metrics at regular intervals for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07ReviewMetricsCollected
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 07. How do you monitor your resources to ensure they are performing? > Use monitoring to generate alarm-based notifications

Using the performance-related key performance indicators (KPIs) that you defined, use a monitoring system that generates alarms automatically when these measurements are outside expected boundaries.

See Use monitoring to generate alarm-based notifications for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf07GenerateAlarms
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 08. How do you use tradeoffs to improve performance?

When architecting solutions, determining tradeoffs enables you to select an optimal approach. Often you can improve performance by trading consistency, durability, and space for time and latency.

See PERF 08. How do you use tradeoffs to improve performance? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 08. How do you use tradeoffs to improve performance? > Identify how tradeoffs impact customers and efficiency

When evaluating performance-related improvements, determine which choices will impact your customers and workload efficiency. For example, if using a key-value data store increases system performance, it is important to evaluate how the eventually consistent nature of it will impact customers.

See Identify how tradeoffs impact customers and efficiency for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08UnderstandImpact
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 08. How do you use tradeoffs to improve performance? > Learn about design patterns and services

Research and understand the various design patterns and services that help improve workload performance. As part of the analysis, identify what you could trade to achieve higher performance. For example, using a cache service can help to reduce the load placed on database systems; however, it requires some engineering to implement safe caching or possible introduction of eventual consistency in some areas.

See Learn about design patterns and services for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08DesignPatterns
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 08. How do you use tradeoffs to improve performance? > Measure the impact of performance improvements

As changes are made to improve performance, evaluate the collected metrics and data. Use this information to determine impact that the performance improvement had on the workload, the workload’s components, and your customers. This measurement helps you understand the improvements that result from the tradeoff, and helps you determine if any negative side-effects were introduced.

See Measure the impact of performance improvements for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08Measure
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 08. How do you use tradeoffs to improve performance? > Understand the areas where performance is most critical

Understand and identify areas where increasing the performance of your workload will have a positive impact on efficiency or customer experience. For example, a website that has a large amount of customer interaction can benefit from using edge services to move content delivery closer to customers.

See Understand the areas where performance is most critical for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08CriticalAreas
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Performance Efficiency > PERF 08. How do you use tradeoffs to improve performance? > Use various performance-related strategies

Where applicable, utilize multiple strategies to improve performance. For example, using strategies like caching data to prevent excessive network or database calls, using read-replicas for database engines to improve read rates, sharding or compressing data where possible to reduce data volumes, and buffering and streaming of results as they are available to avoid blocking.

See Use various performance-related strategies for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/perf08ImplementStrategy
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability

The Reliability pillar includes the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle. See Reliability for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel
Category
Parent
Targets
Valid Value
[
  "Skip"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 01. How do you manage service quotas and constraints?

For cloud-based workload architectures, there are service quotas (which are also referred to as service limits). These quotas exist to prevent accidentally provisioning more resources than you need and to limit request rates on API operations so as to protect services from abuse. There are also resource constraints, for example, the rate that you can push bits down a fiber-optic cable, or the amount of storage on a physical disk.

See REL 01. How do you manage service quotas and constraints? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 01. How do you manage service quotas and constraints? > Accommodate fixed service quotas and constraints through architecture

Be aware of unchangeable service quotas and physical resources, and architect to prevent these from impacting reliability.

See Accommodate fixed service quotas and constraints through architecture for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01AwareFixedLimits
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 01. How do you manage service quotas and constraints? > Automate quota management

Implement tools to alert you when thresholds are being approached. By using AWS Service Quotas APIs, you can automate quota increase requests.

See Automate quota management for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01AutomatedMonitorLimits
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 01. How do you manage service quotas and constraints? > Aware of service quotas and constraints

You are aware of your default quotas and quota increase requests for your workload architecture. You additionally know which resource constraints, such as disk or network, are potentially impactful.

See Aware of service quotas and constraints for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01AwareQuotasAndConstraints
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 01. How do you manage service quotas and constraints? > Ensure that a sufficient gap exists between the current quotas and the maximum usage to accommodate failover

When a resource fails, it may still be counted against quotas until its successfully terminated. Ensure that your quotas cover the overlap of all failed resources with replacements before the failed resources are terminated. You should consider an Availability Zone failure when calculating this gap.

See Ensure that a sufficient gap exists between the current quotas and the maximum usage to accommodate failover for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01SuffBufferLimits
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 01. How do you manage service quotas and constraints? > Manage service quotas across accounts and regions

If you are using multiple AWS accounts or AWS Regions, ensure that you request the appropriate quotas in all environments in which your production workloads run.

See Manage service quotas across accounts and regions for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01LimitsConsidered
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 01. How do you manage service quotas and constraints? > Monitor and manage quotas

Evaluate your potential usage and increase your quotas appropriately allowing for planned growth in usage.

See Monitor and manage quotas for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel01MonitorManageLimits
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 02. How do you plan your network topology?

Workloads often exist in multiple environments. These include multiple cloud environments (both publicly accessible and private) and possibly your existing data center infrastructure. Plans must include network considerations such as intra- and inter-system connectivity, public IP address management, private IP address management, and domain name resolution.

See REL 02. How do you plan your network topology? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 02. How do you plan your network topology? > Enforce non-overlapping private IP address ranges in all private address spaces where they are connected

The IP address ranges of each of your VPCs must not overlap when peered or connected via VPN. You must similarly avoid IP address conflicts between a VPC and on-premises environments or with other cloud providers that you use. You must also have a way to allocate private IP address ranges when needed.

See Enforce non-overlapping private IP address ranges in all private address spaces where they are connected for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02NonOverlapIp
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 02. How do you plan your network topology? > Ensure IP subnet allocation accounts for expansion and availability

Amazon VPC IP address ranges must be large enough to accommodate workload requirements, including factoring in future expansion and allocation of IP addresses to subnets across Availability Zones. This includes load balancers EC2 instances, and container-based applications.

See Ensure IP subnet allocation accounts for expansion and availability for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02IpSubnetAllocation
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 02. How do you plan your network topology? > Prefer hub-and-spoke topologies over many-to-many mesh

If more than two network address spaces (for example, VPCs and on-premises networks) are connected via VPC peering, AWS Direct Connect, or VPN, then use a hub-and-spoke model, like that provided by AWS Transit Gateway.

See Prefer hub-and-spoke topologies over many-to-many mesh for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02PreferHubAndSpoke
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 02. How do you plan your network topology? > Provision redundant connectivity between private networks in the cloud and on-premises environments

Use multiple AWS Direct Connect (DX) connections or VPN tunnels between separately deployed private networks. Use multiple DX locations for high availability. If using multiple AWS Regions, ensure redundancy in at least two of them. You might want to evaluate AWS Marketplace appliances that terminate VPNs. If you use AWS Marketplace appliances, deploy redundant instances for high availability in different Availability Zones.

See Provision redundant connectivity between private networks in the cloud and on-premises environments for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02HaConnPrivateNetworks
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 02. How do you plan your network topology? > Use highly available network connectivity for your workload public endpoints

These endpoints and the routing to them must be highly available. To achieve this, use highly available DNS, content delivery networks (CDNs), API Gateway, load balancing, or reverse proxies.

See Use highly available network connectivity for your workload public endpoints for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel02HaConnUsers
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 03. How do you design your workload service architecture?

Build highly scalable and reliable workloads using a service-oriented architecture (SOA) or a microservices architecture. Service-oriented architecture (SOA) is the practice of making software components reusable via service interfaces. Microservices architecture goes further to make components smaller and simpler.

See REL 03. How do you design your workload service architecture? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel03
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 03. How do you design your workload service architecture? > Build services focused on specific business domains and functionality

SOA builds services with well-delineated functions defined by business needs. Microservices use domain models and bounded context to limit this further so that each service does just one thing. Focusing on specific functionality enables you to differentiate the reliability requirements of different services, and target investments more specifically. A concise business problem and having a small team associated with each service also enables easier organizational scaling.

See Build services focused on specific business domains and functionality for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel03BusinessDomains
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 03. How do you design your workload service architecture? > Choose how to segment your workload

Monolithic architecture should be avoided. Instead, you should choose between SOA and microservices. When making each choice, balance the benefits against the complexities—what is right for a new product racing to first launch is different than what a workload built to scale from the start needs. The benefits of using smaller segments include greater agility, organizational flexibility, and scalability. Complexities include possible increased latency, more complex debugging, and increased operational burden.

See Choose how to segment your workload for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel03MonolithSoaMicroservice
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 03. How do you design your workload service architecture? > Provide service contracts per API

Service contracts are documented agreements between teams on service integration and include a machine-readable API definition, rate limits, and performance expectations. A versioning strategy allows clients to continue using the existing API and migrate their applications to the newer API when they are ready. Deployment can happen anytime, as long as the contract is not violated. The service provider team can use the technology stack of their choice to satisfy the API contract. Similarly, the service consumer can use their own technology.

See Provide service contracts per API for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel03ApiContracts
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 04. How do you design interactions in a distributed system to prevent failures?

Distributed systems rely on communications networks to interconnect components, such as servers or services. Your workload must operate reliably despite data loss or latency in these networks. Components of the distributed system must operate in a way that does not negatively impact other components or the workload. These best practices prevent failures and improve mean time between failures (MTBF).

See REL 04. How do you design interactions in a distributed system to prevent failures? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 04. How do you design interactions in a distributed system to prevent failures? > Do constant work

Systems can fail when there are large, rapid changes in load. For example, a health check system that monitors the health of thousands of servers should send the same size payload (a full snapshot of the current state) each time. Whether no servers are failing, or all of them, the health check system is doing constant work with no large, rapid changes.

See Do constant work for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04ConstantWork
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 04. How do you design interactions in a distributed system to prevent failures? > Identify which kind of distributed system is required

Hard real-time distributed systems require responses to be given synchronously and rapidly, while soft real-time systems have a more generous time window of minutes or more for response. Offline systems handle responses through batch or asynchronous processing. Hard real-time distributed systems have the most stringent reliability requirements.

See Identify which kind of distributed system is required for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04Identify
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 04. How do you design interactions in a distributed system to prevent failures? > Implement loosely coupled dependencies

Dependencies such as queuing systems, streaming systems, workflows, and load balancers are loosely coupled. Loose coupling helps isolate behavior of a component from other components that depend on it, increasing resiliency and agility

See Implement loosely coupled dependencies for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04LooselyCoupledSystem
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 04. How do you design interactions in a distributed system to prevent failures? > Make all responses idempotent

An idempotent service promises that each request is completed exactly once, such that making multiple identical requests has the same effect as making a single request. An idempotent service makes it easier for a client to implement retries without fear that a request will be erroneously processed multiple times. To do this, clients can issue API requests with an idempotency token—the same token is used whenever the request is repeated. An idempotent service API uses the token to return a response identical to the response that was returned the first time that the request was completed.

See Make all responses idempotent for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel04Idempotent
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 05. How do you design interactions in a distributed system to mitigate or withstand failures?

Distributed systems rely on communications networks to interconnect components (such as servers or services). Your workload must operate reliably despite data loss or latency over these networks. Components of the distributed system must operate in a way that does not negatively impact other components or the workload. These best practices enable workloads to withstand stresses or failures, more quickly recover from them, and mitigate the impact of such impairments. The result is improved mean time to recovery (MTTR).

See REL 05. How do you design interactions in a distributed system to mitigate or withstand failures? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 05. How do you design interactions in a distributed system to mitigate or withstand failures? > Control and limit retry calls

Use exponential backoff to retry after progressively longer intervals. Introduce jitter to randomize those retry intervals, and limit the maximum number of retries.

See Control and limit retry calls for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05LimitRetries
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 05. How do you design interactions in a distributed system to mitigate or withstand failures? > Fail fast and limit queues

If the workload is unable to respond successfully to a request, then fail fast. This allows the releasing of resources associated with a request, and permits the service to recover if it’s running out of resources. If the workload is able to respond successfully but the rate of requests is too high, then use a queue to buffer requests instead. However, do not allow long queues that can result in serving stale requests that the client has already given up on.

See Fail fast and limit queues for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05FailFast
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 05. How do you design interactions in a distributed system to mitigate or withstand failures? > Implement emergency levers

These are rapid processes that may mitigate availability impact on your workload. They can be operated in the absence of a root cause. An ideal emergency lever reduces the cognitive burden on the resolvers to zero by providing fully deterministic activation and deactivation criteria. Example levers include blocking all robot traffic or serving a static response. Levers are often manual, but they can also be automated.

See Implement emergency levers for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05EmergencyLevers
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 05. How do you design interactions in a distributed system to mitigate or withstand failures? > Implement graceful degradation to transform applicable hard dependencies into soft dependencies

When a component's dependencies are unhealthy, the component itself can still function, although in a degraded manner. For example, when a dependency call fails, failover to a predetermined static response.

See Implement graceful degradation to transform applicable hard dependencies into soft dependencies for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05GracefulDegradation
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 05. How do you design interactions in a distributed system to mitigate or withstand failures? > Make services stateless where possible

Services should either not require state, or should offload state such that between different client requests, there is no dependence on locally stored data on disk or in memory. This enables servers to be replaced at will without causing an availability impact. Amazon ElastiCache or Amazon DynamoDB are good destinations for offloaded state.

See Make services stateless where possible for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05FailureStateless
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 05. How do you design interactions in a distributed system to mitigate or withstand failures? > Set client timeouts

Set timeouts appropriately, verify them systematically, and do not rely on default values as they are generally set too high

See Set client timeouts for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05ClientTimeouts
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 05. How do you design interactions in a distributed system to mitigate or withstand failures? > Throttle requests

This is a mitigation pattern to respond to an unexpected increase in demand. Some requests are honored but those over a defined limit are rejected and return a message indicating they have been throttled. The expectation on clients is that they will back off and abandon the request or try again at a slower rate.

See Throttle requests for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel05ThrottleRequests
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 06. How do you monitor workload resources?

Logs and metrics are powerful tools to gain insight into the health of your workload. You can configure your workload to monitor logs and metrics and send notifications when thresholds are crossed or significant events occur. Monitoring enables your workload to recognize when low-performance thresholds are crossed or failures occur, so it can recover automatically in response.

See REL 06. How do you monitor workload resources? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 06. How do you monitor workload resources? > Automate responses (Real-time processing and alarming)

Use automation to take action when an event is detected, for example, to replace failed components

See Automate responses (Real-time processing and alarming) for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06AutomateResponseMonitor
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 06. How do you monitor workload resources? > Conduct reviews regularly

Frequently review how workload monitoring is implemented and update it based on significant events and changes

See Conduct reviews regularly for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06ReviewMonitoring
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 06. How do you monitor workload resources? > Define and calculate metrics (Aggregation)

Store log data and apply filters where necessary to calculate metrics, such as counts of a specific log event, or latency calculated from log event timestamps

See Define and calculate metrics (Aggregation) for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06NotificationAggregation
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 06. How do you monitor workload resources? > Monitor all components for the workload (Generation)

Monitor the components of the workload with Amazon CloudWatch or third-party tools. Monitor AWS services with Personal Health Dashboard

See Monitor all components for the workload (Generation) for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06MonitorResources
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 06. How do you monitor workload resources? > Monitor end-to-end tracing of requests through your system

Use AWS X-Ray or third-party tools so that developers can more easily analyze and debug distributed systems to understand how their applications and its underlying services are performing

See Monitor end-to-end tracing of requests through your system for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06EndToEnd
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 06. How do you monitor workload resources? > Send notifications (Real-time processing and alarming)

Organizations that need to know, receive notifications when significant events occur

See Send notifications (Real-time processing and alarming) for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06NotificationMonitor
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 06. How do you monitor workload resources? > Storage and Analytics

Collect log files and metrics histories and analyze these for broader trends and workload insights

See Storage and Analytics for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel06StorageAnalytics
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 07. How do you design your workload to adapt to changes in demand?

A scalable workload provides elasticity to add or remove resources automatically so that they closely match the current demand at any given point in time.

See REL 07. How do you design your workload to adapt to changes in demand? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 07. How do you design your workload to adapt to changes in demand? > Load test your workload

Adopt a load testing methodology to measure if scaling activity meets workload requirements.

See Load test your workload for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07LoadTestedAdapt
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 07. How do you design your workload to adapt to changes in demand? > Obtain resources upon detection of impairment to a workload

Scale resources reactively when necessary if availability is impacted, to restore workload availability.

See Obtain resources upon detection of impairment to a workload for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07ReactiveAdaptAuto
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 07. How do you design your workload to adapt to changes in demand? > Obtain resources upon detection that more resources are needed for a workload

Scale resources proactively to meet demand and avoid availability impact.

See Obtain resources upon detection that more resources are needed for a workload for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07ProactiveAdaptAuto
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 07. How do you design your workload to adapt to changes in demand? > Use automation when obtaining or scaling resources

When replacing impaired resources or scaling your workload, automate the process by using managed AWS services, such as Amazon S3 and AWS Auto Scaling. You can also use third-party tools and AWS SDKs to automate scaling.

See Use automation when obtaining or scaling resources for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel07AutoscaleAdapt
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 08. How do you implement change?

Controlled changes are necessary to deploy new functionality, and to ensure that the workloads and the operating environment are running known software and can be patched or replaced in a predictable manner. If these changes are uncontrolled, then it makes it difficult to predict the effect of these changes, or to address issues that arise because of them.

See REL 08. How do you implement change? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 08. How do you implement change? > Deploy changes with automation

Deployments and patching are automated to eliminate negative impact.

See Deploy changes with automation for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08AutomatedChangemgmt
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 08. How do you implement change? > Deploy using immutable infrastructure

This is a model that mandates that no updates, security patches, or configuration changes happen in-place on production workloads. When a change is needed, the architecture is built onto new infrastructure and deployed into production.

See Deploy using immutable infrastructure for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08ImmutableInfrastructure
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 08. How do you implement change? > Integrate functional testing as part of your deployment

Functional tests are run as part of automated deployment. If success criteria are not met, the pipeline is halted or rolled back.

See Integrate functional testing as part of your deployment for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08FunctionalTesting
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 08. How do you implement change? > Integrate resiliency testing as part of your deployment

Resiliency tests (as part of chaos engineering) are run as part of the automated deployment pipeline in a pre-prod environment.

See Integrate resiliency testing as part of your deployment for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08ResiliencyTesting
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 08. How do you implement change? > Use runbooks for standard activities such as deployment

Runbooks are the predefined steps used to achieve specific outcomes. Use runbooks to perform standard activities, whether done manually or automatically. Examples include deploying a workload, patching it, or making DNS modifications.

See Use runbooks for standard activities such as deployment for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel08PlannedChangemgmt
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 09. How do you back up data?

Back up data, applications, and configuration to meet your requirements for recovery time objectives (RTO) and recovery point objectives (RPO).

See REL 09. How do you back up data? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 09. How do you back up data? > Identify and back up all data that needs to be backed up, or reproduce the data from sources

Amazon S3 can be used as a backup destination for multiple data sources. AWS services such as Amazon EBS, Amazon RDS, and Amazon DynamoDB have built in capabilities to create backups. Third-party backup software can also be used. Alternatively, if the data can be reproduced from other sources to meet RPO, you might not require a backup

See Identify and back up all data that needs to be backed up, or reproduce the data from sources for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09IdentifiedBackupsData
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 09. How do you back up data? > Perform data backup automatically

Configure backups to be taken automatically based on a periodic schedule, or by changes in the dataset. RDS instances, EBS volumes,DynamoDB tables, and S3 objects can all be configured for automatic backup. AWS Marketplace solutions or third-party solutions can also be used.

See Perform data backup automatically for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09AutomatedBackupsData
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 09. How do you back up data? > Perform periodic recovery of the data to verify backup integrity and processes

Validate that your backup process implementation meets your recovery time objectives (RTO) and recovery point objectives (RPO) by performing a recovery test.

See Perform periodic recovery of the data to verify backup integrity and processes for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09PeriodicRecoveryTestingData
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 09. How do you back up data? > Secure and encrypt backups

Detect access using authentication and authorization, such as AWS IAM, and detect data integrity compromise by using encryption.

See Secure and encrypt backups for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel09SecuredBackupsData
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 10. How do you use fault isolation to protect your workload?

Fault isolated boundaries limit the effect of a failure within a workload to a limited number of components. Components outside of the boundary are unaffected by the failure. Using multiple fault isolated boundaries, you can limit the impact on your workload.

See REL 10. How do you use fault isolation to protect your workload? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel10
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 10. How do you use fault isolation to protect your workload? > Automate recovery for components constrained to a single location

If components of the workload can only run in a single Availability Zone or on-premises data center, you must implement the capability to do a complete rebuild of the workload within your defined recovery objectives.

See Automate recovery for components constrained to a single location for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel10SingleAzSystem
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 10. How do you use fault isolation to protect your workload? > Deploy the workload to multiple locations

Distribute workload data and resources across multiple Availability Zones or, where necessary, across AWS Regions. These locations can be as diverse as required.

See Deploy the workload to multiple locations for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel10MultiazRegionSystem
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 10. How do you use fault isolation to protect your workload? > Use bulkhead architectures

Like the bulkheads on a ship, this pattern ensures that a failure is contained to a small subset of requests/users so the number of impaired requests is limited, and most can continue without error. Bulkheads for data are usually called partitions or shards, while bulkheads for services are known as cells.

See Use bulkhead architectures for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel10UseBulkhead
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 11. How do you design your workload to withstand component failures?

Workloads with a requirement for high availability and low mean time to recovery (MTTR) must be architected for resiliency.

See REL 11. How do you design your workload to withstand component failures? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 11. How do you design your workload to withstand component failures? > Automate healing on all layers

Upon detection of a failure, use automated capabilities to perform actions to remediate.

See Automate healing on all layers for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11AutoHealingSystem
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 11. How do you design your workload to withstand component failures? > Fail over to healthy resources

Ensure that if a resource failure occurs, that healthy resources can continue to serve requests. For location failures (such as Availability Zone or AWS Region) ensure you have systems in place to fail over to healthy resources in unimpaired locations.

See Fail over to healthy resources for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11Failover2good
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 11. How do you design your workload to withstand component failures? > Monitor all components of the workload to detect failures

Continuously monitor the health of your workload so that you and your automated systems are aware of degradation or complete failure as soon as they occur. Monitor for key performance indicators (KPIs) based on business value.

See Monitor all components of the workload to detect failures for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11MonitoringHealth
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 11. How do you design your workload to withstand component failures? > Send notifications when events impact availability

Notifications are sent upon the detection of significant events, even if the issue caused by the event was automatically resolved.

See Send notifications when events impact availability for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11NotificationsSentSystem
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 11. How do you design your workload to withstand component failures? > Use static stability to prevent bimodal behavior

Bimodal behavior is when your workload exhibits different behavior under normal and failure modes, for example, relying on launching new instances if an Availability Zone fails. You should instead build workloads that are statically stable and operate in only one mode. In this case, provision enough instances in each Availability Zone to handle the workload load if one AZ were removed and then use Elastic Load Balancing or Amazon Route 53 health checks to shift load away from the impaired instances.

See Use static stability to prevent bimodal behavior for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel11StaticStability
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 12. How do you test reliability?

After you have designed your workload to be resilient to the stresses of production, testing is the only way to ensure that it will operate as designed, and deliver the resiliency you expect.

See REL 12. How do you test reliability? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 12. How do you test reliability? > Conduct game days regularly

Use game days to regularly exercise your failure procedures as close to production as possible (including in production environments) with the people who will be involved in actual failure scenarios. Game days enforce measures to ensure that production testing does not impact users.

See Conduct game days regularly for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12GameDaysResiliency
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 12. How do you test reliability? > Perform post-incident analysis

Review customer-impacting events, and identify the contributing factors and preventative action items. Use this information to develop mitigations to limit or prevent recurrence. Develop procedures for prompt and effective responses. Communicate contributing factors and corrective actions as appropriate, tailored to target audiences. Have a method to communicate these causes to others as needed.

See Perform post-incident analysis for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12RcaResiliency
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 12. How do you test reliability? > Test functional requirements

These include unit tests and integration tests that validate required functionality.

See Test functional requirements for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12TestFunctional
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 12. How do you test reliability? > Test resiliency using chaos engineering

Run tests that inject failures regularly into pre-production and production environments. Hypothesize how your workload will react to the failure, then compare your hypothesis to the testing results and iterate if they do not match. Ensure that production testing does not impact users.

See Test resiliency using chaos engineering for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12FailureInjectionResiliency
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 12. How do you test reliability? > Test scaling and performance requirements

This includes load testing to validate that the workload meets scaling and performance requirements.

See Test scaling and performance requirements for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12TestNonFunctional
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 12. How do you test reliability? > Use playbooks to investigate failures

Enable consistent and prompt responses to failure scenarios that are not well understood, by documenting the investigation process in playbooks. Playbooks are the predefined steps performed to identify the factors contributing to a failure scenario. The results from any process step are used to determine the next steps to take until the issue is identified or escalated.

See Use playbooks to investigate failures for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel12PlaybookResiliency
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 13. How do you plan for disaster recovery (DR)?

Having backups and redundant workload components in place is the start of your DR strategy. RTO and RPO are your objectives for restoration of availability. Set these based on business needs. Implement a strategy to meet these objectives, considering locations and function of workload resources and data.

See REL 13. How do you plan for disaster recovery (DR)? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 13. How do you plan for disaster recovery (DR)? > Automate recovery

Use AWS or third-party tools to automate system recovery and route traffic to the DR site or region.

See Automate recovery for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13AutoRecovery
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 13. How do you plan for disaster recovery (DR)? > Define recovery objectives for downtime and data loss

The workload has a recovery time objective (RTO) and recovery point objective (RPO).

See Define recovery objectives for downtime and data loss for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13ObjectiveDefinedRecovery
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 13. How do you plan for disaster recovery (DR)? > Manage configuration drift at the DR site or region

Ensure that the infrastructure, data, and configuration are as needed at the DR site or region. For example, check that AMIs and service quotas are up to date.

See Manage configuration drift at the DR site or region for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13ConfigDrift
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 13. How do you plan for disaster recovery (DR)? > Test disaster recovery implementation to validate the implementation

Regularly test failover to DR to ensure that RTO and RPO are met.

See Test disaster recovery implementation to validate the implementation for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13DrTested
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Reliability > REL 13. How do you plan for disaster recovery (DR)? > Use defined recovery strategies to meet the recovery objectives

A disaster recovery (DR) strategy has been defined to meet objectives.

See Use defined recovery strategies to meet the recovery objectives for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/rel13DisasterRecovery
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security

The Security pillar includes the ability to protect data, systems, and assets to take advantage of cloud technologies to improve your security. See Security for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec
Category
Parent
Targets
Valid Value
[
  "Skip"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 01. How do you securely operate your workload?

To operate your workload securely, you must apply overarching best practices to every area of security. Take requirements and processes that you have defined in operational excellence at an organizational and workload level, and apply them to all areas. Staying up to date with AWS and industry recommendations and threat intelligence helps you evolve your threat model and control objectives. Automating security processes, testing, and validation allow you to scale your security operations.

See SEC 01. How do you securely operate your workload? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 01. How do you securely operate your workload? > Automate testing and validation of security controls in pipelines

Establish secure baselines and templates for security mechanisms that are tested and validated as part of your build, pipelines, and processes. Use tools and automation to test and validate all security controls continuously. For example, scan items such as machine images and infrastructure as code templates for security vulnerabilities, irregularities, and drift from an established baseline at each stage.

See Automate testing and validation of security controls in pipelines for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01TestValidatePipeline
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 01. How do you securely operate your workload? > Evaluate and implement new security services and features regularly

AWS and APN Partners constantly release new features and services that allow you to evolve the security posture of your workload.

See Evaluate and implement new security services and features regularly for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01ImplementServicesFeatures
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 01. How do you securely operate your workload? > Identify and prioritize risks using a threat model

Use a threat model to identify and maintain an up-to-date register of potential threats. Prioritize your threats and adapt your security controls to prevent, detect, and respond. Revisit and maintain this in the context of the evolving security landscape.

See Identify and prioritize risks using a threat model for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01ThreatModel
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 01. How do you securely operate your workload? > Identify and validate control objectives

Based on your compliance requirements and risks identified from your threat model, derive and validate the control objectives and controls that you need to apply to your workload. Ongoing validation of control objectives and controls help you measure the effectiveness of risk mitigation.

See Identify and validate control objectives for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01ControlObjectives
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 01. How do you securely operate your workload? > Keep up to date with security recommendations

Stay up to date with both AWS and industry security recommendations to evolve the security posture of your workload.

See Keep up to date with security recommendations for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01UpdatedRecommendations
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 01. How do you securely operate your workload? > Keep up to date with security threats

Recognize attack vectors by staying up to date with the latest security threats to help you define and implement appropriate controls.

See Keep up to date with security threats for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01UpdatedThreats
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 01. How do you securely operate your workload? > Secure AWS account

Secure access to your accounts, for example by enabling MFA and restrict use of the root user, and configure account contacts.

See Secure AWS account for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01AwsAccount
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 01. How do you securely operate your workload? > Separate workloads using accounts

Organize workloads in separate accounts and group accounts based on function or a common set of controls rather than mirroring your company’s reporting structure. Start with security and infrastructure in mind to enable your organization to set common guardrails as your workloads grow.

See Separate workloads using accounts for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec01MultiAccounts
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 02. How do you manage identities for people and machines?

There are two types of identities you need to manage when approaching operating secure AWS workloads. Understanding the type of identity you need to manage and grant access helps you ensure the right identities have access to the right resources under the right conditions. Human Identities: Your administrators, developers, operators, and end users require an identity to access your AWS environments and applications. These are members of your organization, or external users with whom you collaborate, and who interact with your AWS resources via a web browser, client application, or interactive command-line tools. Machine Identities: Your service applications, operational tools, and workloads require an identity to make requests to AWS services - for example, to read data. These identities include machines running in your AWS environment such as Amazon EC2 instances or AWS Lambda functions. You may also manage machine identities for external parties who need access. Additionally, you may also have machines outside of AWS that need access to your AWS environment.

See SEC 02. How do you manage identities for people and machines? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 02. How do you manage identities for people and machines? > Audit and rotate credentials periodically

When you cannot rely on temporary credentials and require long term credentials, audit credentials to ensure that the defined controls (for example, MFA) are enforced, rotated regularly, and have appropriate access level.

See Audit and rotate credentials periodically for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02Audit
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 02. How do you manage identities for people and machines? > Leverage user groups and attributes

Place users with common security requirements in groups defined by your identity provider, and put mechanisms in place to ensure that user attributes that may be used for access control (e.g., department or location) are correct and updated. Use these groups and attributes, rather than individual users, to control access. This allows you to manage access centrally by changing a user’s group membership or attributes once, rather than updating many individual policies when a user’s access needs change.

See Leverage user groups and attributes for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02GroupsAttributes
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 02. How do you manage identities for people and machines? > Rely on a centralized identity provider

For workforce identities, rely on an identity provider that enables you to manage identities in a centralized place. This enables you to create, manage, and revoke access from a single location making it easier to manage access. This reduces the requirement for multiple credentials and provides an opportunity to integrate with HR processes.

See Rely on a centralized identity provider for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02IdentityProvider
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 02. How do you manage identities for people and machines? > Store and use secrets securely

For workforce and machine identities that require secrets such as passwords to third party applications, store them with automatic rotation using the latest industry standards in a specialized service.

See Store and use secrets securely for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02Secrets
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 02. How do you manage identities for people and machines? > Use strong sign-in mechanisms

Enforce minimum password length, and educate users to avoid common or re-used passwords. Enforce multi-factor authentication (MFA) with software or hardware mechanisms to provide an additional layer.

See Use strong sign-in mechanisms for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02EnforceMechanisms
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 02. How do you manage identities for people and machines? > Use temporary credentials

Require identities to dynamically acquire temporary credentials. For workforce identities, use AWS Single Sign-On, or federation with IAM roles to access AWS accounts. For machine identities, require the use of IAM roles instead of long term access keys.

See Use temporary credentials for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec02Unique
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 03. How do you manage permissions for people and machines?

Manage permissions to control access to people and machine identities that require access to AWS and your workload. Permissions control who can access what, and under what conditions.

See SEC 03. How do you manage permissions for people and machines? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 03. How do you manage permissions for people and machines? > Analyze public and cross account access

Continuously monitor findings that highlight public and cross account access. Reduce public access and cross account access to only resources that require this type of access.

See Analyze public and cross account access for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03AnalyzeCrossAccount
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 03. How do you manage permissions for people and machines? > Define access requirements

Each component or resource of your workload needs to be accessed by administrators, end users, or other components. Have a clear definition of who or what should have access to each component, choose the appropriate identity type and method of authentication and authorization.

See Define access requirements for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03Define
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 03. How do you manage permissions for people and machines? > Define permission guardrails for your organization

Establish common controls that restrict access to all identities in your organization. For example, you can restrict access to specific AWS Regions, or prevent your operators from deleting common resources, such as an IAM role used for your central security team.

See Define permission guardrails for your organization for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03DefineGuardrails
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 03. How do you manage permissions for people and machines? > Establish emergency access process

A process that allows emergency access to your workload in the unlikely event of an automated process or pipeline issue. This will help you rely on least privilege access, but ensure users can obtain the right level of access when they require it. For example, establish a process for administrators to verify and approve their request.

See Establish emergency access process for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03EmergencyProcess
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 03. How do you manage permissions for people and machines? > Grant least privilege access

Grant only the access that identities require by allowing access to specific actions on specific AWS resources under specific conditions. Rely on groups and identity attributes to dynamically set permissions at scale, rather than defining permissions for individual users. For example, you can allow a group of developers access to manage only resources for their project. This way, when a developer is removed from the group, access for the developer is revoked everywhere that group was used for access control, without requiring any changes to the access policies.

See Grant least privilege access for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03LeastPrivileges
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 03. How do you manage permissions for people and machines? > Manage access based on life cycle

Integrate access controls with operator and application life cycle and your centralized federation provider. For example, remove a user’s access when they leave the organization or change roles.

See Manage access based on life cycle for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03Lifecycle
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 03. How do you manage permissions for people and machines? > Reduce permissions continuously

As teams and workloads determine what access they need, remove permissions they no longer use and establish review processes to achieve least privilege permissions. Continuously monitor and reduce unused identities and permissions.

See Reduce permissions continuously for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03ContinuousReduction
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 03. How do you manage permissions for people and machines? > Share resources securely

Govern the consumption of shared resources across accounts or within your AWS Organization. Monitor shared resources and review shared resource access.

See Share resources securely for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec03ShareSecurely
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 04. How do you detect and investigate security events?

Capture and analyze events from logs and metrics to gain visibility. Take action on security events and potential threats to help secure your workload.

See SEC 04. How do you detect and investigate security events? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 04. How do you detect and investigate security events? > Analyze logs, findings, and metrics centrally

All logs, metrics, and telemetry should be collected centrally, and automatically analyzed to detect anomalies and indicators of unauthorized activity. A dashboard can provide you easy to access insight into real-time health. For example, ensure that Amazon GuardDuty and Security Hub logs are sent to a central location for alerting and analysis.

See Analyze logs, findings, and metrics centrally for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04AnalyzeAll
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 04. How do you detect and investigate security events? > Automate response to events

Using automation to investigate and remediate events reduces human effort and error, and enables you to scale investigation capabilities. Regular reviews will help you tune automation tools, and continuously iterate. For example, automate responses to Amazon GuardDuty events by automating the first investigation step, then iterate to gradually remove human effort.

See Automate response to events for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04AutoResponse
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 04. How do you detect and investigate security events? > Configure service and application logging

Configure logging throughout the workload, including application logs, resource logs, and AWS service logs. For example, ensure that AWS CloudTrail, Amazon CloudWatch Logs, Amazon GuardDuty and AWS Security Hub are enabled for all accounts within your organization.

See Configure service and application logging for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04AppServiceLogging
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 04. How do you detect and investigate security events? > Implement actionable security events

Create alerts that are sent to and can be actioned by your team. Ensure that alerts include relevant information for the team to take action. For example, ensure that Amazon GuardDuty and AWS Security Hub alerts are sent to the team to action, or sent to response automation tooling with the team remaining informed by messaging from the automation framework.

See Implement actionable security events for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec04ActionableEvents
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 05. How do you protect your network resources?

Any workload that has some form of network connectivity, whether it’s the internet or a private network, requires multiple layers of defense to help protect from external and internal network-based threats.

See SEC 05. How do you protect your network resources? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 05. How do you protect your network resources? > Automate network protection

Automate protection mechanisms to provide a self-defending network based on threat intelligence and anomaly detection. For example, intrusion detection and prevention tools that can pro-actively adapt to current threats and reduce their impact.

See Automate network protection for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05AutoProtect
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 05. How do you protect your network resources? > Control traffic at all layers

Apply controls with a defense in depth approach for both inbound and outbound traffic. For example, for Amazon Virtual Private Cloud (VPC) this includes security groups, Network ACLs, and subnets. For AWS Lambda, consider running in your private VPC with VPC-based controls.

See Control traffic at all layers for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05Layered
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 05. How do you protect your network resources? > Create network layers

Group components that share reachability requirements into layers. For example, a database cluster in a VPC with no need for internet access should be placed in subnets with no route to or from the internet. In a serverless workload operating without a VPC, similar layering and segmentation with microservices can achieve the same goal.

See Create network layers for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05CreateLayers
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 05. How do you protect your network resources? > Implement inspection and protection

Inspect and filter your traffic at each layer. For example, use a web application firewall to help protect against inadvertent access at the application network layer. For Lambda functions, third-party tools can add application-layer firewalling to your runtime environment.

See Implement inspection and protection for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec05Inspection
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 06. How do you protect your compute resources?

Compute resources in your workload require multiple layers of defense to help protect from external and internal threats. Compute resources include EC2 instances, containers, AWS Lambda functions, database services, IoT devices, and more.

See SEC 06. How do you protect your compute resources? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 06. How do you protect your compute resources? > Automate compute protection

Automate your protective compute mechanisms including vulnerability management, reduction in attack surface, and management of resources.

See Automate compute protection for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06AutoProtection
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 06. How do you protect your compute resources? > Enable people to perform actions at a distance

Removing the ability for interactive access reduces the risk of human error, and the potential for manual configuration or management. For example, use a change management workflow to deploy EC2 instances using infrastructure as code, then manage EC2 instances using tools instead of allowing direct access or a bastion host.

See Enable people to perform actions at a distance for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06ActionsDistance
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 06. How do you protect your compute resources? > Implement managed services

Implement services that manage resources, such as Amazon RDS, AWS Lambda, and Amazon ECS, to reduce your security maintenance tasks as part of the shared responsibility model.

See Implement managed services for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06ImplementManagedServices
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 06. How do you protect your compute resources? > Perform vulnerability management

Frequently scan and patch for vulnerabilities in your code, dependencies, and in your infrastructure to help protect against new threats.

See Perform vulnerability management for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06VulnerabilityManagement
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 06. How do you protect your compute resources? > Reduce attack surface

Reduce your attack surface by hardening operating systems, minimizing components, libraries, and externally consumable services in use.

See Reduce attack surface for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06ReduceSurface
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 06. How do you protect your compute resources? > Validate software integrity

Implement mechanisms (for example, code signing) to validate that the software, code, and libraries used in the workload are from trusted sources and have not been tampered with.

See Validate software integrity for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec06ValidateSoftwareIntegrity
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 07. How do you classify your data?

Classification provides a way to categorize data, based on criticality and sensitivity in order to help you determine appropriate protection and retention controls.

See SEC 07. How do you classify your data? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 07. How do you classify your data? > Automate identification and classification

Automate identification and classification of data to reduce the risk of human error from manual interactions.

See Automate identification and classification for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07AutoClassification
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 07. How do you classify your data? > Define data lifecycle management

Your defined lifecycle strategy should be based on sensitivity level, as well as legal and organization requirements. Aspects including the duration you retain data for, data destruction, data access management, data transformation, and data sharing should be considered.

See Define data lifecycle management for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07LifecycleManagement
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 07. How do you classify your data? > Define data protection controls

Protect data according to its classification level. For example, secure data classified as public by using relevant recommendations while protecting sensitive data with additional controls.

See Define data protection controls for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07DefineProtection
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 07. How do you classify your data? > Identify the data within your workload

This includes the type and classification of data, the associated business processes. data owner, applicable legal and compliance requirements, where it’s stored, and the resulting controls that are needed to be enforced. This may include classifications to indicate if the data is intended to be publicly available, if the data is internal use only such as customer personally identifiable information (PII), or if the data is for more restricted access such as intellectual property, legally privileged or marked sensititve, and more.

See Identify the data within your workload for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec07IdentifyData
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 08. How do you protect your data at rest?

Protect your data at rest by implementing multiple controls, to reduce the risk of unauthorized access or mishandling.

See SEC 08. How do you protect your data at rest? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 08. How do you protect your data at rest? > Automate data at rest protection

Use automated tools to validate and enforce data at rest protection continuously, for example, verify that there are only encrypted storage resources.

See Automate data at rest protection for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08AutomateProtection
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 08. How do you protect your data at rest? > Enforce access control

Enforce access control with least privileges and mechanisms, including backups, isolation, and versioning, to help protect your data at rest. Prevent operators from granting public access to your data.

See Enforce access control for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08AccessControl
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 08. How do you protect your data at rest? > Enforce encryption at rest

Enforce your encryption requirements based on the latest standards and recommendations to help protect your data at rest.

See Enforce encryption at rest for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08Encrypt
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 08. How do you protect your data at rest? > Implement secure key management

Encryption keys must be stored securely, with strict access control, for example, by using a key management service such as AWS KMS. Consider using different keys, and access control to the keys, combined with the AWS IAM and resource policies, to align with data classification levels and segregation requirements.

See Implement secure key management for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08KeyMgmt
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 08. How do you protect your data at rest? > Use mechanisms to keep people away from data

Keep all users away from directly accessing sensitive data and systems under normal operational circumstances. For example, provide a dashboard instead of direct access to a data store to run queries. Where CI/CD pipelines are not used, determine which controls and processes are required to adequately provide a normally disabled break-glass access mechanism.

See Use mechanisms to keep people away from data for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec08UsePeopleAway
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 09. How do you protect your data in transit?

Protect your data in transit by implementing multiple controls to reduce the risk of unauthorized access or loss.

See SEC 09. How do you protect your data in transit? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 09. How do you protect your data in transit? > Authenticate network communications

Verify the identity of communications by using protocols that support authentication, such as Transport Layer Security (TLS) or IPsec.

See Authenticate network communications for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09Authentication
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 09. How do you protect your data in transit? > Automate detection of unintended data access

Use tools such as GuardDuty to automatically detect attempts to move data outside of defined boundaries based on data classification level, for example, to detect a trojan that is copying data to an unknown or untrusted network using the DNS protocol.

See Automate detection of unintended data access for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09AutoUnintendedAccess
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 09. How do you protect your data in transit? > Enforce encryption in transit

Enforce your defined encryption requirements based on appropriate standards and recommendations to help you meet your organizational, legal, and compliance requirements.

See Enforce encryption in transit for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09Encrypt
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 09. How do you protect your data in transit? > Implement secure key and certificate management

Store encryption keys and certificates securely and rotate them at appropriate time intervals while applying strict access control; for example, by using a certificate management service, such as AWS Certificate Manager (ACM).

See Implement secure key and certificate management for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec09KeyCertMgmt
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 10. How do you anticipate, respond to, and recover from incidents?

Preparation is critical to timely and effective investigation, response to, and recovery from security incidents to help minimize disruption to your organization.

See SEC 10. How do you anticipate, respond to, and recover from incidents? for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10
Category
Parent
Targets
Valid Value
[
  "Skip",
  "Check: Choices based on sub policies",
  "Check: None of these",
  "Check: Question does not apply to this workload",
  "Enforce: Choices based on sub policies",
  "Enforce: None of these",
  "Enforce: Question does not apply to this workload"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "Check: Choices based on sub policies",
    "Check: None of these",
    "Check: Question does not apply to this workload",
    "Enforce: Choices based on sub policies",
    "Enforce: None of these",
    "Enforce: Question does not apply to this workload"
  ],
  "example": [
    "Skip"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Automate containment capability

Automate containment and recovery of an incident to reduce response times and organizational impact.

See Automate containment capability for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10AutoContain
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Develop incident management plans

Create plans to help you respond to, communicate during, and recover from an incident. For example, you can start an incident response plan with the most likely scenarios for your workload and organization. Include how you would communicate and escalate both internally and externally.

See Develop incident management plans for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10DevelopManagementPlans
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Identify key personnel and external resources

Identify internal and external personnel, resources, and legal obligations that would help your organization respond to an incident.

See Identify key personnel and external resources for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10IdentifyPersonnel
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Pre-deploy tools

Ensure that security personnel have the right tools pre-deployed into AWS to reduce the time for investigation through to recovery.

See Pre-deploy tools for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10PreDeployTools
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Pre-provision access

Ensure that incident responders have the correct access pre-provisioned into AWS to reduce the time for investigation through to recovery.

See Pre-provision access for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10PreProvisionAccess
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Prepare forensic capabilities

Identify and prepare forensic investigation capabilities that are suitable, including external specialists, tools, and automation.

See Prepare forensic capabilities for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10PrepareForensic
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}

AWS > Well-Architected Tool > AWS Well-Architected Framework > Security > SEC 10. How do you anticipate, respond to, and recover from incidents? > Run game days

Practice incident response game days (simulations) regularly, incorporate lessons learned into your incident management plans, and continuously improve.

See Run game days for more information.

URI
tmod:@turbot/aws-wellarchitected-framework#/policy/types/sec10RunGameDays
Category
Parent
Targets
Valid Value
[
  "Skip",
  "True",
  "False"
]
Schema
{
  "type": "string",
  "enum": [
    "Skip",
    "True",
    "False"
  ],
  "default": "Skip"
}