AWS Well-Architected Framework: The 6 Pillars Explained

The AWS Well-Architected Framework is AWS’s official set of best practices for designing and operating workloads in the cloud. It provides a consistent approach for evaluating architectures against proven standards, identifying areas of risk, and making informed decisions about your cloud environment.

Whether you are building a new application or reviewing an existing one, understanding these six pillars gives you a structured way to assess how well your architecture serves your business goals.

What Is an AWS Well-Architected Review?

A Well-Architected Review is a structured assessment of your cloud workloads against the framework’s six pillars. It identifies high-risk areas (HRIs) in your architecture and provides actionable recommendations for improvement. AWS partners like FactualMinds conduct these reviews using the AWS Well-Architected Tool, which generates a report that can be shared with your team and with AWS.

Organizations that complete Well-Architected Reviews often qualify for AWS credits to fund remediation of identified issues — making the review both technically valuable and financially beneficial.

Pillar 1: Operational Excellence

Operational excellence focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.

Key Principles

• Perform operations as code — Define your infrastructure and operational procedures as code using CloudFormation, CDK, or Terraform. This eliminates manual processes, ensures consistency, and enables version control.
• Make frequent, small, reversible changes — Smaller changes are easier to test, deploy, and roll back. This is the foundation of CI/CD practices and DevOps pipeline automation.
• Refine operations procedures frequently — Review and update runbooks and playbooks based on operational events and lessons learned.
• Anticipate failure — Design systems assuming components will fail. Run game days and chaos engineering experiments to validate your response procedures.
• Learn from operational failures — Conduct post-incident reviews and share findings across teams to prevent recurrence.

What to Assess

• Are deployments automated with CI/CD pipelines?
• Do you have runbooks for common operational tasks?
• Are operational metrics and logs centralized and monitored?
• How quickly can you detect and respond to incidents?
• Do you conduct post-incident reviews?

Pillar 2: Security

The security pillar covers protecting information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Key Principles

• Implement a strong identity foundation — Use the principle of least privilege for all IAM policies. Centralize identity management and eliminate long-term static credentials.
• Enable traceability — Log and monitor all actions and changes to your environment using CloudTrail, Config, and VPC Flow Logs.
• Apply security at all layers — Defense in depth: VPC security, subnet isolation, Security Groups, WAF, and application-level controls.
• Automate security best practices — Use automated scanning, compliance checks, and remediation through AWS security services.
• Protect data in transit and at rest — Enforce encryption using KMS, ACM, and TLS policies.
• Keep people away from data — Reduce direct access to data and processing systems. Use automated tools and controlled access patterns.

What to Assess

• Are IAM policies following least-privilege principles?
• Is MFA enforced for all human users?
• Is data encrypted at rest and in transit?
• Are GuardDuty, Security Hub, and Config deployed?
• Do you have an incident response plan?

For a deeper dive, read our guide on Securing AWS Workloads: Beyond the Basics.

Pillar 3: Reliability

Reliability ensures a workload performs its intended function correctly and consistently when expected. This includes the ability to operate and test the workload through its total lifecycle.

Key Principles

• Automatically recover from failure — Monitor key performance indicators and trigger automated recovery when thresholds are breached.
• Test recovery procedures — Validate your recovery strategies through regular testing, including failover drills and backup restoration.
• Scale horizontally — Distribute load across multiple smaller resources rather than scaling up a single large resource to reduce the impact of a single failure.
• Stop guessing capacity — Use autoscaling to match supply to demand automatically rather than provisioning for peak load at all times.
• Manage change in automation — Use infrastructure as code to make infrastructure changes predictable and auditable.

What to Assess

• Are workloads deployed across multiple Availability Zones?
• Is autoscaling configured for compute resources?
• Are backups automated and regularly tested for restoration?
• Do you have defined RPO (Recovery Point Objective) and RTO (Recovery Time Objective) targets?
• How does the system behave when a dependency fails?

Pillar 4: Performance Efficiency

Performance efficiency focuses on using compute resources efficiently to meet system requirements, and maintaining that efficiency as demand changes and technologies evolve.

Key Principles

• Democratize advanced technologies — Use managed services (RDS, ElastiCache, Bedrock) instead of building and managing complex technology stacks yourself.
• Go global in minutes — Deploy workloads to multiple AWS regions and use edge services like CloudFront to serve users with low latency worldwide.
• Use serverless architectures — Eliminate the need to manage servers for workloads where serverless is appropriate (Lambda, Fargate, API Gateway).
• Experiment more often — Use the cloud’s elasticity to test different instance types, storage configurations, and architectural patterns.
• Consider mechanical sympathy — Choose the technology approach that aligns best with your workload’s access patterns and requirements.

What to Assess

• Are you using the right instance types for your workload profiles?
• Have you evaluated serverless options for appropriate workloads?
• Is caching implemented at the right layers (CloudFront, ElastiCache, DAX)?
• Are database queries optimized and using appropriate indexes?
• When was the last time you benchmarked your current architecture against newer AWS services?

Pillar 5: Cost Optimization

Cost optimization focuses on avoiding unnecessary costs and understanding where money is being spent. This is the pillar that directly impacts your bottom line.

Key Principles

• Implement cloud financial management — Assign cost ownership to teams, implement cost allocation tagging, and establish budgets with alerts.
• Adopt a consumption model — Pay only for what you consume. Shut down resources when not in use. Use autoscaling to match capacity to demand.
• Measure overall efficiency — Track cost per business outcome (cost per transaction, cost per user) rather than just total spend.
• Stop spending money on undifferentiated heavy lifting — Use managed services instead of self-managing infrastructure that does not differentiate your business.
• Analyze and attribute expenditure — Use Cost Explorer, Cost and Usage Reports, and tagging to understand exactly where your money goes.

What to Assess

• Do you have cost allocation tags on all resources?
• Are Reserved Instances or Savings Plans in place for steady-state workloads?
• Are non-production environments scheduled to shut down outside business hours?
• Do teams have visibility into the costs of the resources they own?
• When was your last right-sizing review?

For a comprehensive approach to AWS cost management, see our AWS Cloud Cost Optimization Services or read about 5 Cost Optimization Strategies Most Teams Overlook.

Pillar 6: Sustainability

Added in 2021, the sustainability pillar focuses on minimizing the environmental impact of running cloud workloads.

Key Principles

• Understand your impact — Measure and track the carbon footprint of your cloud workloads using AWS Customer Carbon Footprint Tool.
• Establish sustainability goals — Set targets for energy efficiency and carbon reduction as part of your cloud strategy.
• Maximize utilization — Right-size resources and use autoscaling to ensure compute resources are being fully utilized rather than sitting idle.
• Adopt more efficient technologies — Graviton (ARM-based) instances deliver better price-performance and lower energy consumption than comparable x86 instances.
• Use managed services — Shared managed services are more resource-efficient than dedicated infrastructure because AWS optimizes the underlying fleet.
• Reduce downstream impact — Minimize the amount of data transferred, optimize content delivery, and reduce the compute required per user request.

What to Assess

• Are you using Graviton instances where compatible?
• Are idle resources identified and terminated or scaled down?
• Have you evaluated the energy efficiency of your current instance families?
• Is data retention optimized to avoid storing unnecessary data?
• Are you using the most efficient storage tiers for your data access patterns?

How to Conduct a Well-Architected Review

Step 1: Define the Workload

A workload is a collection of resources and code that delivers business value — an application, a data pipeline, a microservices architecture. Start with your most critical or highest-spend workload.

Step 2: Answer the Framework Questions

The AWS Well-Architected Tool provides a structured questionnaire for each pillar. Answer honestly — the value is in identifying real risks, not in scoring perfectly.

Step 3: Identify High-Risk Issues

The review produces a list of High Risk Issues (HRIs) and Medium Risk Issues (MRIs). HRIs represent architectural decisions that could lead to outages, security breaches, or significant cost overruns.

Step 4: Prioritize and Remediate

Not every finding needs immediate action. Prioritize based on business impact, risk severity, and implementation effort. Many quick wins — like enabling encryption, adding backups, or right-sizing instances — can be addressed in days.

Step 5: Schedule Regular Reviews

Cloud architectures evolve. New services launch, workloads change, and teams make incremental modifications. Schedule quarterly or semi-annual reviews to keep your architecture aligned with best practices.

When Should You Do a Well-Architected Review?

• Before a major launch — Validate that your architecture is production-ready.
• After significant growth — Architectures that worked at 1x scale may not hold at 10x.
• Before compliance audits — Well-Architected Reviews provide documentation that supports SOC 2, HIPAA, and PCI assessments.
• When AWS costs are climbing — The cost optimization pillar often reveals significant savings opportunities.
• Periodically — At least annually, or when major architectural changes are made.

Get a Well-Architected Review

As an AWS Select Tier Consulting Partner, FactualMinds conducts Well-Architected Reviews that identify actionable improvements across all six pillars. Our reviews often qualify for AWS funding to offset remediation costs.

Contact us to schedule your Well-Architected Review →