AWS Well-Architected Framework

AWS Well-Architected helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. Based on six pillars — operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability — AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures, and implement designs that can scale over time.

Recent questions

see all

1/18

Unexpected Access Issues Post-AWS Account Verification: Seeking Advice
Hi AWS Community, Recently, I encountered a distressing issue with AWS Support. My AWS account was placed under verification, and during this period, all my access and privileges were revoked until I...
Security, Identity, & Compliance AWS Management Console Security AWS Account Management
0
answers
0
votes
8
views
karimj
asked 15 hours ago
Volume of data sent Log externally
I would like to monitor the volume of data sent externally from my AWS account. I'm looking for to retrieve logs that allow me to have the volume of data sent externally in real time. Who can help me...
AWS CloudTrail Security
1
answers
0
votes
21
views
LMA
asked a day ago
VPN Endpoint Authentication Issue with Azure SAML Provider
I've configured a VPN endpoint with Federated authentication using Azure as the SAML provider. However, I'm facing an issue with the Authorization rules. When I choose "Allow access to users in a...
Amazon VPC Security, Identity, & Compliance AWS Identity and Access Management Networking & Content Delivery Security
1
answers
0
votes
26
views
Sam
asked a day ago
Securing APIs in My Amplify App
I’m currently working on an app using AWS Amplify, and I’ve got a set of APIs that I want to enhance security measures. I’m wondering if there’s a practical way to achieve this through the CLI, or in...
Amazon API Gateway AWS Amplify AWS IAM Identity Center Security
1
answers
0
votes
16
views
rePost-User-9598391
asked 3 days ago
How to Design Scalable and High-Performance Architecture?
Hello, I have a use case described below in detail, need your suggestions for scalable and high-performance AWS architecture. I have shared my thoughts as well regarding the problem statements and...
Architecture Strategy High Performance Compute AWS Auto Scaling AWS Well-Architected Framework Availability
0
answers
0
votes
36
views
AWS Enthusiast
asked 3 days ago
Registering a SSL Certificate in C# .NET AWS Lambdas
I'm trying to connect to a SQL Server 2019 instance (happens to be in an EC2) from a C# .NET AWS lambda. I'm using a self-signed certificate to establish client trust with the SQL instance. There...
AWS Lambda Security .NET on AWS
1
answers
0
votes
84
views
Erik Farrell
asked 4 days ago
Self Service with AWS Managed Active Directory
Hi community, We have a web-based application running in standard n-tier architecture (EC2 instance web server, EC2 instance DB server, application/network load balancers etc) with authentication...
AWS Directory Service Security
1
answers
0
votes
22
views
IanM
asked 4 days ago
Unable to import an RSA 2048 private key to KMS
I have an RSA 2048 private key in the following format: -----BEGIN PRIVATE KEY----- <Key Content> -----END PRIVATE KEY----- I tried to import this to KMS using the RSA_AES_KEY_WRAP_SHA_256 Algorithm....
AWS Key Management Service AWS Command Line Interface Security
2
answers
0
votes
66
views
Webfork
asked 6 days ago
Slow access from other EC2 servers after stop and start of EC2 instance
Our setup consists of a primary "server" **c3.xlarge** that includes SQL Server 2014 on Windows Server 2012 R2. There are client apps connecting to SQL Server from two other EC2 instances...
Amazon EC2 Compute Performance Efficiency
1
answers
0
votes
47
views
RichardChai
asked 6 days ago
Data transfer charges across account
Hello, Are there any charges for data transfer across 2 different AWS accounts in same region `us-east-1` and in same Availability Zone? So data from account A in region `us-east-1`, AZ `use1-az1` to...
Accepted AnswerAWS Billing AWS Account Management Cost Optimization Availability
2
answers
0
votes
76
views
rePost-User
asked 6 days ago
Our external IP is blocked from accessing our S3 AWS
Our external IP is blocked from accessing our S3 AWS. we are not blocking it via an AWS WAF or network rule. It looks like AWS is blocking it from accessing all of AWS. How do we check if its on an...
Security
2
answers
0
votes
58
views
Paul H
asked 7 days ago
Can we turn off Cloudwatch logs when running ecs:execute-command API?
We log into our containers from time to time using execute-command and notice that all our activities get logged directly to CloudWatch. Is there any way to stop your activity logs from going to...
AWS Systems Manager Amazon Elastic Container Service Security
2
answers
0
votes
62
views
Arman
asked 7 days ago
Sending a Modbus TCP request over a Sonicwall NSV firewall tunnel connection wondering best practices
![Current setup](/media/postImages/original/IMW-Me1zMJQlWUnvqmfmKbYg) Currently I have a tunnel connection on my sonicwall firewall that I set up that uses a site to site connection to connect the X0...
Amazon VPC AWS Lambda Amazon EC2 Security
1
answers
0
votes
75
views
EvanLester
asked 8 days ago
Amazon GuardDuty IP Block List Automation - Implement periodic logging of the current Block List
Hi AWS team, We’re a small company building out our infrastructure on AWS and recently implemented most of the automations detailed in the following AWS Blog Post: [How to use Amazon GuardDuty and...
Amazon GuardDuty Security
1
answers
0
votes
35
views
JPC
asked 8 days ago
Cloudfront Distributions - General "The security token included in the request is invalid"
Hi, last friday, out of nowhere i got an alert "The security token included in the request is invalid". The alert showed just below Custom SSL certificate - optional in each one out of 6...
Amazon CloudFront Security
4
answers
0
votes
135
views
bgbs
asked 8 days ago
Relationships within aws resources
How can I collect all the relationships / connections within my aws resources to build a connections graph between them using boto3 python?
Amazon Simple Storage Service Developer Tools Amazon EC2 DevOps Security
1
answers
0
votes
82
views
Saru
asked 9 days ago
Assigning a hardware MFA to my organisation root account.
I am planning to assign a hardware MFA to my organisation root account, what if I loose the hardware MFA? or is there any disadvantage for using hardware MFA? or is there anything I should know?
AWS Security Hub Security AWS Account Management
2
answers
0
votes
109
views
Sid
asked 11 days ago
8443 Security group
Hello, I have an instance that I set up a reverse proxy for so it can appear as www.example.com vs www.example.com:8443 I do not want anyone to have access to the www.example.com:8443 except myself,...
Amazon EC2 Security Security Group
1
answers
0
votes
101
views
DMaras
asked 12 days ago

Recent articles

see all

1/11

CloudFormation Auto Scaling Group sample template for mixed X86 (Intel, AMD) and AWS Graviton instances
MichaelFischer
EXPERT
published 4 days ago1 votes230 views
You can take advantage of multiple processor families when building Amazon EC2 Auto Scaling Groups, including X86-based instances and Arm64-based instances including AWS Graviton. This provides you...
ARTICLE
Amazon EC2 Spot Instances Amazon EC2 Auto Scaling Operational Excellence AWS Graviton
Troubleshoot performance issues (packet drop, latency, or slow throughput) between on-premises and AWS VPC when using AWS site-to-site VPN.
Narinder Singh Kharbanda
EXPERT
published a month ago1 votes759 views
In this document we will be discussing how you can troubleshooting performance Issue between on-premises and AWS VPC when using AWS site-to-site VPN.
ARTICLE
Performance Efficiency AWS Virtual Private Network (VPN)
Free AWS In-Person Training: Graviton Essentials Developer Day - New York
Markus Adhiwiyogo
EXPERT
published 2 months ago0 votes548 views
Training & hands-on activities to learn about AWS Graviton
ARTICLE
Amazon EC2 Compute Containers Cost Optimization Training and Certification
Free In-Person Cost Optimization Training
Markus Adhiwiyogo
EXPERT
published 3 months ago1 votes677 views
Free in-person training event for those interested in cost reduction
ARTICLE
Amazon EC2 Spot Instances Amazon EC2 Auto Scaling Cost Optimization AWS Savings Plans
Optimize AWS costs without architectural changes or engineering overhead
rdoty
EXPERT
published 4 months ago2 votes5045 views
Recommendations to recognize cost savings on AWS
ARTICLE
Cost Optimization
Explained: AWS IoT Custom Authorizer with Cryptographic Token Validation
Paco
EXPERT
published 4 months ago2 votes583 views
This article gives a brief explanation of the supported authentication options when using AWS IoT Core and demonstrate how setup Custom Authentication with the token validation feature to prevent...
ARTICLE
AWS IoT Core Device Security Security AWS Crypto Tools
What's new: AWS Resource Access Manager supports fine-grained customer managed permissions
Fabian
EXPERT
published 5 months ago2 votes470 views
You can now define the granularity of your customer managed permissions by precisely specifying who can do what under which conditions for the resource types included in your resource share.
ARTICLE
Security, Identity, & Compliance AWS Resource Access Manager Security Amazon VPC IP Address Manager
Four Ways Small(er) Nonprofits Can Save Money Using AWS
Benjaglu
EXPERT
published 6 months ago1 votes264 views
Learn how AWS can help your nonprofit save costs and free-up resources to use on mission critical work.
ARTICLE
Cost Optimization Nonprofit
Amazon Redshift Roles (RBAC)
Jon Roberts
EXPERT
published 7 months ago2 votes2978 views
Simplified Migration of Groups to Roles
ARTICLE
Database Amazon Redshift Security
How to Rotate your External IdP Certificates in AWS IAM Identity Center (successor to AWS Single Sign-On) with Zero Downtime
Matt-B
EXPERT
published 8 months ago0 votes2194 views
In 2020, we announced that AWS Single Sign-On supports zero-downtime external IdP certificate rotation. In this article, I will will demonstrate two examples using Azure AD and Okta. I will also...
ARTICLE
AWS Identity and Access Management Management & Governance AWS IAM Identity Center Security
Best Practices for Distributors in delegating and restricting access privileges to downstream partners
Tong Jun Qun
EXPERT
published 9 months ago0 votes580 views
When a partner moves their existing accounts to a distributor to gain financial and operational benefits via distribution, the financial responsibility and risk moves over to the distributor. To be...
ARTICLE
Security AWS Account Management Cloud Financial Management

Popular users

popular

see all

1/18

Riku_Kobayashi
EXPERT
12714 points1902 answers
rePost Polyglot
EXPERT
44 points1160 answers
Brettski-AWS
EXPERT
6018 points816 answers
Didier_Durand
EXPERT
5231 points899 answers
Gary Mclean
EXPERT
3936 points520 answers
kentrad
EXPERT
4477 points663 answers
secondabhi_aws
EXPERT
4854 points405 answers
Antonio_Lagrotteria
EXPERT
7457 points546 answers
Uri
EXPERT
3461 points507 answers
skinsman
EXPERT
2400 points507 answers
Greg_B
EXPERT
2147 points327 answers
Steve_M
EXPERT
2420 points352 answers
Sedat_Salman
EXPERT
6174 points437 answers
Tushar_J
EXPERT
3197 points291 answers
Indranil Banerjee AWS
EXPERT
2002 points315 answers
MichaelDombrowski-AWS
EXPERT
1427 points223 answers
iwasa
EXPERT
1733 points223 answers
Leeroy Hannigan
EXPERT
1557 points210 answers

AWS Well-Architected Framework

Recent questions

Unexpected Access Issues Post-AWS Account Verification: Seeking Advicelg...

Volume of data sent Log externallylg...

VPN Endpoint Authentication Issue with Azure SAML Providerlg...

Securing APIs in My Amplify Applg...

How to Design Scalable and High-Performance Architecture?lg...

Registering a SSL Certificate in C# .NET AWS Lambdaslg...

Self Service with AWS Managed Active Directorylg...

Unable to import an RSA 2048 private key to KMSlg...

Slow access from other EC2 servers after stop and start of EC2 instancelg...

Data transfer charges across accountlg...

Our external IP is blocked from accessing our S3 AWSlg...

Can we turn off Cloudwatch logs when running ecs:execute-command API?lg...

Sending a Modbus TCP request over a Sonicwall NSV firewall tunnel connection wondering best practiceslg...

Amazon GuardDuty IP Block List Automation - Implement periodic logging of the current Block Listlg...

Cloudfront Distributions - General "The security token included in the request is invalid"lg...

Relationships within aws resourceslg...

Assigning a hardware MFA to my organisation root account.lg...

8443 Security grouplg...

Recent articles

CloudFormation Auto Scaling Group sample template for mixed X86 (Intel, AMD) and AWS Graviton instanceslg...

Troubleshoot performance issues (packet drop, latency, or slow throughput) between on-premises and AWS VPC when using AWS site-to-site VPN.lg...

Free AWS In-Person Training: Graviton Essentials Developer Day - New Yorklg...

Free In-Person Cost Optimization Traininglg...

Optimize AWS costs without architectural changes or engineering overheadlg...

Explained: AWS IoT Custom Authorizer with Cryptographic Token Validationlg...

What's new: AWS Resource Access Manager supports fine-grained customer managed permissionslg...

Four Ways Small(er) Nonprofits Can Save Money Using AWSlg...

Amazon Redshift Roles (RBAC)lg...

How to Rotate your External IdP Certificates in AWS IAM Identity Center (successor to AWS Single Sign-On) with Zero Downtimelg...

Best Practices for Distributors in delegating and restricting access privileges to downstream partnerslg...

Popular users

Riku_Kobayashilg...

rePost Polyglotlg...

Brettski-AWSlg...

Didier_Durandlg...

Gary Mcleanlg...

kentradlg...

secondabhi_awslg...

Antonio_Lagrotterialg...

Urilg...

skinsmanlg...

Greg_Blg...

Steve_Mlg...

Sedat_Salmanlg...

Tushar_Jlg...

Indranil Banerjee AWSlg...

MichaelDombrowski-AWSlg...

iwasalg...

Leeroy Hanniganlg...

Unexpected Access Issues Post-AWS Account Verification: Seeking Advice

Volume of data sent Log externally

VPN Endpoint Authentication Issue with Azure SAML Provider

Securing APIs in My Amplify App

How to Design Scalable and High-Performance Architecture?

Registering a SSL Certificate in C# .NET AWS Lambdas

Self Service with AWS Managed Active Directory

Unable to import an RSA 2048 private key to KMS

Slow access from other EC2 servers after stop and start of EC2 instance

Data transfer charges across account

Our external IP is blocked from accessing our S3 AWS

Can we turn off Cloudwatch logs when running ecs:execute-command API?

Sending a Modbus TCP request over a Sonicwall NSV firewall tunnel connection wondering best practices

Amazon GuardDuty IP Block List Automation - Implement periodic logging of the current Block List

Cloudfront Distributions - General "The security token included in the request is invalid"

Relationships within aws resources

Assigning a hardware MFA to my organisation root account.

8443 Security group

CloudFormation Auto Scaling Group sample template for mixed X86 (Intel, AMD) and AWS Graviton instances

Troubleshoot performance issues (packet drop, latency, or slow throughput) between on-premises and AWS VPC when using AWS site-to-site VPN.

Free AWS In-Person Training: Graviton Essentials Developer Day - New York

Free In-Person Cost Optimization Training

Optimize AWS costs without architectural changes or engineering overhead

Explained: AWS IoT Custom Authorizer with Cryptographic Token Validation

What's new: AWS Resource Access Manager supports fine-grained customer managed permissions

Four Ways Small(er) Nonprofits Can Save Money Using AWS

Amazon Redshift Roles (RBAC)

How to Rotate your External IdP Certificates in AWS IAM Identity Center (successor to AWS Single Sign-On) with Zero Downtime

Best Practices for Distributors in delegating and restricting access privileges to downstream partners

Riku_Kobayashi

rePost Polyglot

Brettski-AWS

Didier_Durand

Gary Mclean

kentrad

secondabhi_aws

Antonio_Lagrotteria

Uri

skinsman

Greg_B

Steve_M

Sedat_Salman

Tushar_J

Indranil Banerjee AWS

MichaelDombrowski-AWS

iwasa

Leeroy Hannigan