Operational excellence Security Reliability Performance efficiency Cost optimization Sustainability

AWS Well-Architected design considerations

This solution follows best practices from the AWS Well-Architected Framework, which helps customers design and operate reliable, secure, efficient, and cost-effective workloads in the cloud.

This section describes how the design principles and best practices of the Well-Architected Framework benefit this solution.

Topics

Operational excellence
Security
Reliability
Performance efficiency
Cost optimization
Sustainability

Operational excellence

This section describes how we architected this solution using the principles and best practices of the operational excellence pillar.

All resources are defined as infrastructure as code using AWS CloudFormation templates generated from AWS CDK constructs.
The solution pushes metrics to Amazon CloudWatch at various stages to provide observability into AWS Lambda functions, Amazon SageMaker, AWS Step Functions, Amazon S3 buckets, and other solution components.

Security

This section describes how we architected this solution using the principles and best practices of the security pillar.

Amazon Cognito authenticates and authorizes web console users and API requests.
All interservice communications use AWS Identity and Access Management (IAM) roles with least privilege access, containing only the minimum permissions required.
All data storage, including S3 buckets and DynamoDB tables, encrypts data at rest using AWS managed keys.
Logging, tracing, and versioning are enabled where applicable for audit and compliance purposes.

Reliability

This section describes how we architected this solution using the principles and best practices of the reliability pillar.

The solution uses AWS serverless services wherever possible (examples: Lambda, API Gateway, Amazon S3, AWS Step Functions and Amazon DynamoDB) to ensure high availability and recovery from service failure.
Data is stored in DynamoDB and Amazon S3, so it persists in multiple Availability Zones by default.

Performance efficiency

This section describes how we architected this solution using the principles and best practices of the performance efficiency pillar.

The solution uses a serverless architecture with the ability to scale horizontally as needed.
The solution can be launched in any region that supports the AWS services in this solution, which include: AWS Lambda, Amazon API Gateway, Amazon S3, AWS Step Functions, Amazon DynamoDB, and Amazon Cognito.
The solution uses managed services throughout to reduce the operational burden of resource provisioning and management.
The solution is automatically tested and deployed daily to achieve consistency as AWS services change, as well as reviewed by solution architects and subject matter experts for areas to experiment and improve.

Cost optimization

This section describes how we architected this solution using the principles and best practices of the cost optimization pillar.

The solution uses a serverless architecture; therefore, you are only charged for what you use.
Amazon DynamoDB scales capacity on demand, so you only pay for the capacity you use.
Amazon SageMaker allows you to pay only for the compute resources you use, with no upfront expenses.

Sustainability

This section describes how we architected this solution using the principles and best practices of the sustainability pillar.

The solution uses managed, serverless services to minimize the environmental impact of the backend services compared to continually operating on-premises services.
Serverless services allow you to scale up or down as needed.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Architecture overview

Plan your deployment