Which AWS cloud benefit is shown by an architectures ability to withstand failures?
|
The AWS Well-Architected framework is based on 6 pillars. i.e Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization and Sustainability. This Framework provides key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. It helps you understand the pros and cons of decisions you make while building systems on AWS and learn architectural best practices for designing and operating secure, reliable, efficient, cost-effective, and sustainable workloads in the AWS Cloud. It comprises of Pillars, Design Principles and Questions. Show
Why AWS Well-Architected Framework? Every scenario is different. Whether you are preparing for a new product launch, migration, modernization or evaluating the health of your workloads. It is important to build architectures that deliver on your expectations. Following are the benefits of adopting Well-Architected Framework. Let’s focus on the key pillars of AWS Well Architected Framework. 1. Operational Excellence Pillar:The ability to run systems and gain insight into their operations in order to delivery business value, and to continuously improve supporting processes and procedures. There are six design principles for Operational Excellence in the cloud
Let’s dive into two of those design principles with an example a) Make frequent, small, reversible changes: Making large changes which impact multiple parts of the workload and at the same time has a larger blast radius for issues to impact the business. Using pipeline is a great way to achieve this. AWS core suite of services fit together well to support this best practice and allows to run very quickly and host the repos using a source control service (e.g., AWS Code Commit/GitHub). Using a Continuous Integration service that compiles and tests your code. In this case, code build using a deployment service to deploy your code into your compute services like EC2, Lambda. AWS Code Pipeline is the Continuous Deployment service wrapper around all of it. Using automation enables you to make frequent small and reversible changes. b) Anticipate Failure: Anticipate failures in your architecture. If we take three tier architecture as shown below, there could be failures in any of those tiers. Spreading instances across the subnets or availability zones anticipate not only the failure of an instance but misconfiguration of a network access control or networking configuration that might impact access to that subnet or availability zone. Having Primary and Secondary RDS instance in different AZs helps with the same. It maintains availability and anticipate failure. Think about what happens if the instance in web tier, app tier and database tier fail at the same time. Does it impact your availability? Recommendations: Try to automate the day-to-day operations procedures as code so that human error is avoided to a greater extent. Try to leverage AWS CI/CD pipeline to automate the development, build and deployment activities. Review and update the operational procedures at regular intervals (probably every 6 months once). Anticipate the failures in your architecture and have HA plan in place. 2. Security Pillar:How to take advantage of cloud technologies to protect data, systems, and assets in a way that can improve the security posture. For AWS, Security is job zero. Security pillar is all about taking advantage of cloud technologies to protect the data, systems, and assets. There are seven design principles for Security in the cloud
Let’s dive into two of those design principles with an example a) Implement a Strong Identity foundation: For strong identity foundation, some of the key concepts like centralized identity management, eliminating the reliance on long term static credentials and applying the principles of least privileges. Instead of utilizing the long-term user credentials for accessing the aws resources, use a centralized identify management such as AWS single sign-on to federate access to aws accounts with temporary credentials so that long term credentials are not being issued that might be compromised at some point. This approach allows to scope down and limit access for users in different environments and applications abiding by the principles of least privileges this means only giving the required set of permissions needed to fulfill a task. IAM access analyzer make it east to implement least privileges permissions by generating IAM policies based on the activity. a) Protect Data in Transit and at Rest: Protect data in transit and at rest by leveraging AWS services. AWS provides tools for encryption in transit and at rest. S3, RDS are some of the AWS services natively supports encryption of data at rest. Encrypting the data in transit means wrapping another layer of protection when data is moving. There is no additional charge for provisioning public or private SSL/TLS certificates used with amazon certificate manager which is integrated with elastic load balancing, cloud front or API gateway. Recommendations: Leverage AWS services like IAM, IAM Policies, STS, Control Tower, and AWS Organization to have tighter control in place. Implement preventive and detective controls using services like AWS Config, AWS Cloud Trail, Cloud Watch, AWS WAF and Shield. Regarding data protection in transit and rest, consider the services like AWS KMS, Certificate Manager. AWS CloudFormation helps to get back to desired state. It is always recommended to apply security at all the layers (VPC, Subnet, Compute Service). 3. Reliability Pillar:The ability of a workload to perform its required function correctly and consistently over an expected period of time. Customers need to be able to deploy new features with no impact to the business. There are five design principles for Reliability in the cloud
Let’s dive into two of those design principles with an example a) Automated Recovery: Let’s start with Automated Recovery design principle. Manual recovery will take much longer. Use AWS services to automate
b) Test Recovery Procedures: Chaos engineering is the discipline of experimenting on a distributed system to build confidence in the system’s capability to withstand turbulent conditions in production. Using chaos engineering, you can test how workload fails and validate the recovery procedures. Use automation to simulate the different failures. This method exposes failure pathways which you can test and fix before real failure scenario occurs. Tools like Chaos monkey, or aws fault injection simulator which is a fully managed service used for running fault injection experiments. Recommendations: IAM, Amazon VPC, Service Limits, and AWS Trusted Advisor are the key services that can play the role for the foundations. Instead of provisioning capacity upfront, leverage auto scaling to satisfy the demand. Consider managing the change using automation.Workloads must be able to both withstand failures and automatically repair issues. Follow chaos engineering discipline to experiment the system’s capability. 4. Performance Efficiency Pillar:Focusing on the efficient use of computing resources to meet requirements, and how to maintain efficiency as demand changes and technologies evolve. There are five design principles for Performance Efficiency in the cloud
Let’s dive into two of those design principles with an example a) Use Serverless architectures: First is to use serverless architecture, it removes the need for you to run and maintain physical servers. For e.g., if you have a workload that needs to run daily rather than having an EC2 machine running whole day, you can trigger serverless compute such as lambda, fargate, run the jobs when need it so that there is a better utilization of resource, less management on the machine and no need to configure scaling. Serverless is more than compute. Any AWS services where you don’t manage service is called serverless. Serverless service comes with automatic scaling, building high availability and pay for value billing model. A common example is S3 where customers use as object storage, it provides unlimited capacity and 11 9’s of durability and 99.99% availability. b) Modern Web application architecture: Consider an application that traditionally built on an EC2 instance with load balancer. A certain increase in demand is still bound by scaling EC2 instances even with an auto scaling policy, instance may take several minutes until they serve the request. In the below architecture, you use S3 to host static websites, API gateway to receive api calls and to trigger lambda to perform business logics. This new architecture removes the infrastructure that you don’t need to manage. In the new architecture, you often need to configure settings like concurrency or throughput rather than CPU, RAM, or Disks. It helps tracking usage against costs better because each component you’ll be pay for what you use. Recommendations: Consider deploying the workloads in multiple AZs / multiple regions. Amazon Cloud Watch can help monitor the performance. Consider data access patterns, store data in various storage tiers (Standard/ Intelligent tiering/Glacier archive). 5. Cost Optimization Pillar: The ability to run systems to delivery business value at the lowest price point. The ultimate goal is to run your system on AWS as cost effective as possible at the same time providing value to the customers. There are five design principles for Cost Optimization in the cloud
Let’s dive into two of those design principles with an example a) Adopt a consumption model: In this design principle, focus on paying only for computing resources that are required. For e.g., production environments are usually required to run 24 hrs a day through out the year however, Dev test environments are usually used during business hours, and they will remain idle outside of these times. As shown in the diagram, non-production resources can be shutdown when not needed. Through this measure, you can save up to 70% for non-prod workloads. AWS Consumption based on environments (Image Credit – AWS) Key takeaway:
b) Stop spending money on undifferentiated heavy lifting: Using managed services will greatly reduce the operational burden on your teams. In this case service like RDS will allow to focus on adding vale to the business instead of spending time on patching instances. Another good example is shift to serverless architecture which removes the need for you to run and maintain physical servers and virtual machines. In this approach you will have better utilization of resources and less management on the machine. This approach will enable valuable engineering resources to focus on developing new features and providing value to the customers. Key Takeaway: Identify what services do you currently run that could be replaced by an AWS managed service. Focus on innovation rather than keeping the lights on. Recommendations: Consider stopping the Test/Dev resources during the non-business hours. Leverage AWS Cost Explorer, and AWS Budgets forecasting and budgeting features to improve cost predictability. Leverage directional reserved instance and EC2 right-sizing recommendations from AWS Cost explorer to start reducing the cost associated with steady-state workloads and underutilized resources. 6. Sustainability Pillar: The Sustainability pillar focuses on the environmental impacts, especially energy consumption and efficiency since they are important levers for architects to inform direct action to reduce resource usage. There are six design principles for sustainability in the cloud
Right sizing the cloud infrastructure, proportional to the variable application load, seasonal spikes, spanning across different time slots, will optimize the infra resource utilization. Selecting the right choice of XaaS solution will reduce carbon emission from the server. Decommissioning leads to power savings, reduce server sprawl and reduce IT Energy costs. Recommendations: Consider using AWS managed services to reduce the amount of infrastructure need to support the workloads. Try to consolidate the unused servers to more efficient hardware. Right size the workloads to maximize the efficiency of the underlying hardware. References: https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html https://aws.amazon.com/architecture/well-architected/ ************************************************************************** In my next blog, i will cover on the Well Architected review process, steps involved and will share some of the best practices. Please feel free to comment if you have any queries/comments and stay tuned for my next write-up. 🙂 Which AWS cloud benefit is shown by an architectures ability to withstand failure with minimal downtime?AWS Elastic Disaster Recovery (AWS DRS) minimizes downtime and data loss with fast, reliable recovery of on-premises and cloud-based applications using affordable storage, minimal compute, and point-in-time recovery.
Which AWS cloud benefit is shown by an architecture's ability to withstand failures with minimal downtime agility elasticity scalability High availability?High availability is an AWS Cloud benefit that is shown by an architecture's ability to withstand failures with minimal downtime.
Which AWS cloud feature is shown by an architecture's capacity to recover quickly from failures?The reliability pillar focuses on workloads performing their intended functions and how to recover quickly from failure to meet demands.
Which of the following are benefits of the AWS cloud?AWS Cloud Benefits. Cost savings.. Security.. Scalability.. Flexibility.. |
