AWSGlossary

AWS Well-Architected Framework: What It Is and How to Use It

Definition

The AWS Well-Architected Framework is AWS's collection of architectural best practices for building and operating workloads in the cloud. It is organized into six pillars and a large set of design principles, questions, and implementation guidance. The framework is both a conceptual reference (read the whitepapers) and an actionable tool — via the AWS Well-Architected Tool — that lets you review specific workloads against the pillars, score them, and track improvements over time.

It is foundational knowledge for every AWS certification from Cloud Practitioner upward and a common vocabulary for cloud architects across AWS.

The 6 Pillars

1. Operational Excellence

Goal: run and monitor systems to deliver business value and continuously improve supporting processes.

Design principles: Perform operations as code (Infrastructure as Code via CloudFormation / CDK / Terraform), make frequent small reversible changes, refine operations procedures frequently, anticipate failure, learn from all operational failures.

Key services: CloudFormation, CDK, Systems Manager, CloudWatch, CloudTrail, AWS Config, Organizations, Amazon Q Developer for codebases.

2. Security

Goal: protect data, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Design principles: Implement a strong identity foundation with least privilege, enable traceability, apply security at all layers (defense in depth), automate security best practices, protect data in transit and at rest, keep people away from data, prepare for security events.

Key services: IAM, IAM Identity Center, Organizations (SCPs), KMS, Secrets Manager, GuardDuty, Security Hub, AWS Config, Amazon Macie, WAF, Shield.

3. Reliability

Goal: ensure a workload performs its intended function correctly and consistently, and recovers quickly from failure.

Design principles: Automatically recover from failure, test recovery procedures, scale horizontally to increase aggregate availability, stop guessing capacity, manage change through automation.

Key patterns: Multi-AZ, Multi-Region, asynchronous messaging between components (SQS, SNS, EventBridge), RTO / RPO targets, documented disaster-recovery strategies (backup & restore, pilot light, warm standby, multi-site active-active).

Key services: Auto Scaling, Route 53, ELB, RDS Multi-AZ, Aurora Global Database, AWS Backup, AWS Elastic Disaster Recovery (DRS), Fault Injection Service (FIS).

4. Performance Efficiency

Goal: use IT and computing resources efficiently, selecting the right types and sizes as demand and technology evolve.

Design principles: Democratize advanced technologies, go global in minutes (edge services, multi-Region), use serverless architectures, experiment more often, consider mechanical sympathy (pick the right tool).

Key decisions: compute selection (EC2 family, Lambda, containers), storage (EBS type, S3 storage class), database engine (RDS vs Aurora vs DynamoDB vs DocumentDB), network optimization (CloudFront, Global Accelerator, enhanced networking, placement groups), caching (ElastiCache, DAX, CloudFront).

5. Cost Optimization

Goal: deliver business value at the lowest price point.

Design principles: Implement cloud financial management (FinOps), adopt a consumption model, measure overall efficiency, stop spending money on undifferentiated heavy lifting (use managed services), analyze and attribute expenditure.

Key levers: right-sizing, Savings Plans and Reserved Instances for predictable workloads, Spot Instances for fault-tolerant workloads, S3 storage classes and lifecycle policies, data-transfer minimization, Auto Scaling, AWS Cost Explorer, AWS Budgets, AWS Cost and Usage Reports (CUR), tagging for cost allocation.

6. Sustainability

Goal: minimize the environmental impact of running cloud workloads (added in 2021).

Design principles: Understand your impact, establish sustainability goals, maximize utilization, anticipate and adopt new more efficient hardware and software, use managed services, reduce downstream impact.

Key practices: right-sizing, Graviton-based instances (more energy-efficient than equivalent x86), auto scaling, selecting Regions with lower carbon intensity, archiving data to cold storage, reducing data transfer.

The Well-Architected Tool

The AWS Well-Architected Tool in the AWS Console guides you through a structured review of a specific workload:

  1. Define the workload (Regions, account, industry).
  2. Answer a series of questions for each pillar.
  3. The tool generates a high-risk issues (HRIs) and medium-risk issues (MRIs) report.
  4. You create an improvement plan and track progress.

For free guidance: AWS Partners can run a Well-Architected review on your behalf, and AWS publishes lenses (e.g., Serverless Lens, SaaS Lens, Machine Learning Lens, Financial Services Lens) that specialize the core framework for specific domains.

Common Use Cases

  1. Pre-production readiness reviews — run a Well-Architected review before go-live.
  2. Quarterly architecture health checks — track HRIs over time.
  3. Migration planning — use the framework to design the target architecture, not just lift-and-shift.
  4. Vendor / audit engagements — provide a Well-Architected report to satisfy customer or regulator questions about your architecture.
  5. Internal onboarding — new engineers learn the AWS way of thinking via the framework.
  6. Specialized workloads — use the appropriate Lens (ML, SaaS, Serverless, Games, IoT, Hybrid).

Pros and Cons

Pros

  • Free, publicly available, and constantly updated.
  • Creates a shared vocabulary between engineering, security, and business stakeholders.
  • The Well-Architected Tool produces concrete HRI/MRI outputs — not vague advice.
  • Lenses adapt the core framework to specialized domains.
  • Passing a review is an AWS marketing and sales accelerant.

Cons

  • Running a thorough review takes time (half a day to a day per workload).
  • Scoring is self-reported; teams sometimes under- or over-rate themselves.
  • AWS-specific — the framework assumes AWS services; multi-cloud shops need supplementary thinking.
  • Easy to become a paper exercise if follow-through is weak.

Comparison with Alternatives

  • Google Cloud's Architecture Framework and Azure's Well-Architected Framework are the analogous documents on those clouds. All three cover similar ground.
  • Industry standards: NIST CSF, ISO 27001, SOC 2, CIS Benchmarks — these are compliance frameworks rather than design frameworks. They pair well with AWS Well-Architected (security pillar maps naturally to CIS and NIST).
  • Twelve-Factor App: focuses narrowly on application design for the cloud; complements the AWS framework.

Exam Relevance

  • Cloud Practitioner (CLF-C02) — recite the six pillars and know their goals.
  • Solutions Architect Associate (SAA-C03) — heavy coverage: map design decisions (Multi-AZ, Auto Scaling, Savings Plans, encryption) back to specific pillars, recognize which pillar a scenario emphasizes.
  • Solutions Architect Professional (SAP-C02) — deep integration of Well-Architected thinking into every architectural recommendation.
  • DevOps Professional (DOP-C02) — Operational Excellence pillar in depth: operations as code, game days, incident response.

Almost every scenario question tests you on balancing pillars — for example, resilience (Reliability) vs cost (Cost Optimization).

Frequently Asked Questions

Q: What are the six pillars of the AWS Well-Architected Framework?

A: Operational Excellence (run and improve systems), Security (protect data and assets), Reliability (recover from failure), Performance Efficiency (use resources well), Cost Optimization (deliver value at lowest price), and Sustainability (minimize environmental impact). Sustainability was added in 2021.

Q: What is the AWS Well-Architected Tool?

A: A free service in the AWS Console that walks you through a structured review of a specific workload against the six pillars. You answer ~50 questions, the tool identifies High-Risk Issues (HRIs) and Medium-Risk Issues (MRIs), and you track an improvement plan. Many AWS Partners are Well-Architected Partners and can run reviews on your behalf, sometimes with AWS funding.

Q: What is a Well-Architected Lens?

A: A specialization of the core framework for a specific domain or architectural style. AWS publishes official lenses for Serverless, SaaS, Machine Learning, Analytics, IoT, Financial Services, Games, Hybrid Networking, Healthcare, and more. You select one or more lenses when starting a review in the Well-Architected Tool, and you get additional pillar-specific questions relevant to that workload type.

This article reflects AWS features and pricing as of 2026. AWS services evolve rapidly — always verify against the official AWS Well-Architected Framework before making production decisions.

Published: 4/16/2026

This article is for informational purposes only. AWS services, pricing, and features change frequently — always verify details against the official AWS documentation before making production decisions.

More in Concepts

AWS Step Functions: Serverless Workflow Orchestration

AWS Step Functions orchestrates Lambda, ECS, and other AWS services into durable state machines. Learn Standard vs Express workflows, ASL, error handling, and pricing.

Amazon SQS: Message Queue Service on AWS Explained

Amazon SQS is AWS's managed message queue service. Learn Standard vs FIFO queues, visibility timeout, dead-letter queues, polling, pricing, and when to use SQS vs SNS or Kinesis.

SQS vs SNS: When to Use Each (and the Fan-Out Pattern)

Compare Amazon SQS (pull-based queue) vs Amazon SNS (push-based pub/sub). Learn the SNS→SQS fan-out pattern, when to pick each, and how EventBridge fits in.

Amazon SNS: Pub/Sub Messaging for AWS Explained

Amazon SNS is AWS's managed pub/sub service. Learn topics, subscriptions, fan-out to SQS/Lambda/email/SMS, FIFO topics, message filtering, and when to use SNS vs EventBridge.

Availability Zone (AZ): What It Is and Why It Matters

An AWS Availability Zone is one or more discrete data centers inside a Region with redundant power, networking, and cooling. Learn how AZs enable high availability and how to design for multi-AZ.

View all Conceptsterms →