AWS Well-Architected design considerations

All resources are defined as infrastructure as code using AWS CloudFormation templates generated from AWS CDK constructs.

The solution pushes metrics to CloudWatch at various stages to provide observability into Lambda functions, ECS tasks, S3 buckets, and other solution components.

Cognito authenticates and authorizes web console users and API requests.

All interservice communications use AWS Identity and Access Management (IAM) roles with least privilege access, containing only the minimum permissions required.

All data storage, including S3 buckets and DynamoDB tables, encrypts data at rest using AWS managed keys.

Logging, tracing, and versioning are enabled where applicable for audit and compliance purposes.

Network access is private by default with VPC endpoints enabled where available to keep traffic within the AWS network.

The solution uses AWS serverless services wherever possible (examples: Lambda, API Gateway, Amazon S3, AWS Step Functions, Amazon DynamoDB, and AWS Fargate) to ensure high availability and recovery from service failure.

All compute processing uses Lambda functions or Amazon ECS on AWS Fargate.

Data is stored in DynamoDB and Amazon S3, so it persists in multiple Availability Zones by default.

The solution uses a serverless architecture with the ability to scale horizontally as needed.

The solution can be launched in any Region that supports the AWS services in this solution, such as: AWS Lambda, Amazon API Gateway, Amazon S3, AWS Step Functions, Amazon DynamoDB, Amazon ECS, AWS Fargate, and Amazon Cognito.

The solution uses managed services throughout to reduce the operational burden of resource provisioning and management.

The solution is automatically tested and deployed daily to achieve consistency as AWS services change, as well as reviewed by solution architects and subject matter experts for areas to experiment and improve.

The solution uses serverless architecture; therefore, customers only get charged for what they use.

Amazon DynamoDB scales capacity on demand, so you only pay for the capacity you use.

AWS ECS on AWS Fargate allows you to pay only for the compute resources you use, with no upfront expenses.

AWS AgentCore Gateway serves as a cost-effective Lambda-based proxy to the distributed load testing API, eliminating the need for dedicated infrastructure and reducing costs through serverless pay-per-request pricing.

The solution uses managed serverless services to minimize the environmental impact of the backend services compared to continually operating on-premises services.

Serverless services allow you to scale up or down as needed.