AWS Well-Architected Framework
AWS Well-Architected helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. Based on six pillars — operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability — AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures, and implement designs that can scale over time.
Recent questions
see all1 / 18
- I recently deployed a small word puzzle project using Amazon S3 static hosting. The site loads fine, but I’ve noticed slower performance for users in different regions. For reference, this is the pro...
- Hi all, We are currently experiencing a situation where a single external IP address is continuously sending a very high volume of requests (tens of thousands per minute) to our application behind Am...
- **IAM Identity Center Application Inconsistency After Account Reactivation** I'm experiencing an inconsistency with IAM Identity Center applications after my account was suspended and then reactivate...
- We have multiple AWS accounts across several regions and over time a number of VPC Endpoints ( Interface types) have been created for various services. We suspect many of these endpoints are no longer...
- Service: Amazon EKS Category: Security / Vulnerability ...
- I work in a cloud lab rental company that provides temporary AWS environments for students to practice and learn. We use AWS Control Tower for multi-account management with the following architecture:...
- Hello! Sorry, I know this is probably a common question, but none of the current content reflects my situation. Anyway, I am using Cognito. My Accounts are fully passwordless, with no option built-i...
- I have an AWS batch with an EKS computer environment. I want to use the AWS Secrets Store CSI Driver provider and be able to use Secret Manager secret as a volume and mount it as Env_Var in the Pod. M...
- Hi, I took the [AWS Certified Solutions Architect - Associate (SAA-C03) ](https://aws.amazon.com/certification/certified-solutions-architect-associate/)exam yesterday on February 18, 2026 and receiv...
- Hi, Why is it that I can't see this option under Security tab? What am I missing? Thanks!
-  I am trying to build a dashboard within Quick Suite using cross function datasets. I seem to be the only one withi...asked 3 months ago
- Hello, We recently experienced service instability due to automatic security patches being applied to our Amazon MSK cluster during peak business hours (approx. 10:00 AM local time). These updates tr...
- My account looks completely reset after changing password. I don't see services I use, though they seem to work. The account id also changed.
- How i can resolve accessing aws web service in my internal network?
- We’re using Gateway Load Balancer (GWLB) to insert third-party firewalls into our traffic path using GENEVE tunnelling. One thing we’re unclear on: when traffic is forwarded through GWLB to the firew...
- We have an interface VPCendpoint for an AWS service and attached a security group to it. Does the security group control traffic to the endpoint, or just the traffic from the endpoint to the service ?
- Hi! If a client uses my app to collect data and the data is stored in my database who is the owner of the data? I saw that with legal agreements you can define if for example my company stores the da...asked 3 months ago
- Hi. We have recently migrated from AWS Inspector Classic to AWS Inspector V2 which provides CIS scans for our EC2 fleet. We successfully configured everything and have scans running on several AL2-b...
Recent articles
see all1 / 18
Job PaniaguaEXPERTpublished a day ago1 votes45 viewsThis guide provides a comprehensive overview of AWS commitment-based discount models — Reserved Instances and Savings Plans — including the newly launched Database Savings Plans (December 2025). It is...- Dennis_OEXPERTpublished 4 days ago1 votes57 viewsContact centers regularly capture PII (names, addresses, SSNs, credit card numbers) in call audio and transcripts. To meet PCI DSS, GDPR, and HIPAA controls, this data must be removed from artifacts b...
- Dennis_OEXPERTpublished 4 days ago1 votes44 viewsConnect encrypts customer content at rest by default with a service-managed KMS key, but customers in regulated industries (PCI DSS v4.0, GDPR, HIPAA) typically need full key control — independent rot...
- MassimilianoAWSEXPERTpublished 11 days ago2 votes476 viewsThis article decomposes end-to-end latency in agentic AI applications running on Amazon Bedrock AgentCore Runtime, isolates startup (cold-start) latency as a distinct optimization target, and presents...
- Mateus PradoEXPERTpublished 15 days ago0 votes149 viewsCloudWatch alarms fire when the graph looks clean. They take minutes to react to obvious spikes. They get stuck in INSUFFICIENT_DATA for no apparent reason. These are among the most common questions o...
- Judith MettoudiEXPERTpublished 15 days ago0 votes197 viewsAWS DataSync is a powerful migration tool, but understanding its cost implications is crucial. By selecting the right transfer modes, configuring verification options, choosing appropriate S3 storage ...
- Heverin, StephenEXPERTpublished 17 days ago0 votes76 viewsLearn how to upgrade Python in AWS CloudShell so you can install and run the latest cid-cmd CLI for deploying Cloud Intelligence Dashboards. This step-by-step guide uses pyenv to build Python 3.12 in ...
- MikeLimEXPERTpublished 21 days ago5 votes673 viewsHow to install Kiro and Agent Toolkit for AWS including AWS MCP server to manage your AWS environment with natural language prompts
- ChristianEXPERTpublished 23 days ago0 votes108 viewsUK Organisations running Amazon WorkSpaces in AUTO_STOP mode cannot receive patches when powered down. The built-in monthly maintenance window does not meet the Cyber Essentials 14-day patching requir...
- Harish MandhadiEXPERTpublished a month ago0 votes181 viewsAWS Security Agent closes the gap between fast-moving development and slow, end-of-cycle security reviews by embedding validation across design, code, and testing phases. Rather than treating security...
- Jatinder SinghEXPERTpublished a month ago2 votes84 viewsA detailed performance analysis between Amazon OpenSearch's specialized OM2 and general-purpose M7g instances to help you optimize performance and cost.
- Jatinder SinghEXPERTpublished a month ago0 votes57 viewsA detailed performance analysis between Amazon OpenSearch's specialized OM2 and general-purpose M7g instances to help you optimize performance and cost
- Andrew_REXPERTpublished a month ago0 votes64 viewsThis article explains how to use the structured data in AWS Health Planned Lifecycle Events to create and manage change requests in ServiceNow, with practical approaches for organizing change tasks ba...
- Henrique SantanaEXPERTpublished a month ago0 votes53 viewsSession CNS360 presented a layered security framework for serverless applications on AWS, from foundational IAM controls and API protection through OAuth 2.0 identity flows. The session also shows how...
- shubhranshuEXPERTpublished 2 months ago2 votes85 viewsI'm using the Apache Airflow REST API in my Amazon Managed Workflows for Apache Airflow (Amazon MWAA) version 3.0 environment, and some API endpoints work while others return a `{"detail": "Forbidden"...
- Amrita PandeyEXPERTpublished 3 months ago0 votes199 viewsAWS Extended Support charges escalate significantly over time—Year 2 doubles the rate, Year 3+ triples it. For organizations with hundreds of resources, these costs can reach tens of thousands monthly...
- AWS OFFICIALUpdated 3 months ago1 votes216 viewsThis article shows you how to identify and secure open proxies in your AWS environment to prevent abuse, protect your IP address reputation, and control costs.
- AWS OFFICIALUpdated 3 months ago0 votes197 viewsThis article shows how AWS Unified Operations helps financial institutions enhance their overall operational excellence to meet Digital Operational Resilience Act (DORA) requirements.
Recent selections
see all1 / 5
- Benjamin LecoqEXPERTpublished 2 years ago9 votes17.3K viewsRe:invent 2024 takes place in Las Vegas (Nevada) from Monday 12/02 to Friday 12/06. This selection will focus on cost optimization related announcements
- Jonathan_DEXPERTpublished 3 years ago4 votes12.2K viewsDo you have critical workloads running in AWS? Review these handpicked resources to find ways to ensure your applications are resilient to failures.
- AWS OFFICIALUpdated 2 years ago0 votes114 viewsDo you want to monitor your Amazon WorkSpaces usage and optimize your costs? Deploy Cost Optimizer for Amazon WorkSpaces to review your WorkSpaces usage and manage costs.
- AWS OFFICIALUpdated 2 years ago0 votes94 viewsThis selection includes content and solutions supporting FSI related compliance and requirements covering security, immutable storage, and general guidance.
- AWS OFFICIALUpdated 2 years ago0 votes209 viewsAs a best practice, AWS recommends that you use AWS Identity and Access Management (IAM) roles instead of IAM users with long-term credentials such as access keys.
1 / 18
Riku_Kobayashi
EXPERTGary Mclean
EXPERTAntonio Lagrotteria
EXPERTOleksii Bebych
EXPERTOsvaldo Marte
EXPERTSedat SALMAN
EXPERTAdeleke Adebowale .J.
EXPERTTushar Jagdale
EXPERTMatt Barbieri
EXPERTSHAJAM
EXPERTAWS-User-alantam
EXPERTIndranil Banerjee AWS
EXPERTGK
EXPERTGunasekaran, Makendran
EXPERTGarre Sandeep
EXPERTThanniru Anil Kumar
EXPERTMax Clements
EXPERT
