In early 2016, we started moving our new glomex infrastructure to the Amazon Web Services (AWS) cloud and created an amazing product within only six months. To become an AWS SaaS partner, we had to pass an AWS Well Architected review in October 2016. In this review, an AWS solution architect will evaluate if you have chosen a cloud architecture in alignment with the best practices for the use of AWS. In this blog post, we describe how we prepared and passed the review and would like to guide you to becoming AWS Well Architected, too.
Our AWS Journey
We started building a completely new product on AWS in early 2016. From day one, we implemented AWS best practices when it comes to automation with AWS CloudFormation, scaling with Amazon AutoScaling, security with VPC and security groups and using as many managed services as possible. At the same time, we extended our existing engineering team by hiring some experienced AWS architects and some external AWS consultants. Working with more than 30 engineers and self-responsible teams on many different micro services, we created a huge amount of infrastructure on AWS in a very short time.
In mid 2016, we decided to become an AWS SaaS partner in order to improve our build, launch and grow relationship with AWS. One part of the partner approval program is a so-called AWS Well Architected review. In this review, an AWS solution architect will evaluate if you have chosen a cloud architecture that is in alignment with the best practices for the use of AWS. The review is based on four pillars of the AWS Well Architected Framework:
- Security – The ability to protect information systems and assets while delivering business value through risk assessments and mitigation strategies.
- Reliability – The ability to recover from infrastructure or service failures, dynamically acquire computing resources to meet demand and mitigate disruptions such as misconfigurations or transient network issues.
- Performance Efficiency – The efficient use of computing resources to meet system requirements and maintaining that efficiency as demand changes and technologies evolve.
- Cost Optimization – The ability to avoid or eliminate unneeded cost or suboptimal resources. AWS provides a well-written whitepaper called “AWS Well Architected Framework”. It describes the review process and all four pillars in great detail and holds several example questions.
Our Review Process
Three people drove the preparation for the review: Michael, our Vice President of Engineering, Johannes, our Head of Operations and myself as Head of Data Service. In preparation for the review, we mainly used the whitepaper “AWS Well Architected Framework” as a guideline. We defined a simple preparation process with four meetings:
In our first preparation meeting, we scanned all questions from the whitepaper and discussed our status on them. It became clear that we needed more input on architecture from our other engineering teams but that it wasn’t necessary for architects from other teams to participate in the actual review. The questions are designed to check AWS infrastructure best practices but they do not ask too many details about our application. An experienced AWS engineer with a good overview of the architecture should be able to answer all of them.
We also agreed to create AWS architectures for all our key components, to list all AWS services used in combination with our applications and to create an overview of all our CloudFormation stacks. However, we decided not to present too many details as we were sure it would be enough to provide an overview in order to answer the questions.
For example, the architecture for glomex Data Service looked like this – this architecture also includes the AWS services used:
When we first scanned the questions, it became clear that there were several points we hadn’t taken care of so far. We agreed to be transparent on them during the review:
- no disaster recovery in place – requirements under discussion
- small parts not yet in Amazon CloudFormation – some parts are in TerraForm
- encryption and archiving for application logs – work in progress
- no cost optimization so far (no reserved instances) – planned for Q1 2017
- no analyses of VPC logs – ToDo
- no analyses of CloudTrail logs – ToDo
- backups missing for DynamoDB – work in progress
Finally, we created a short agenda for the meeting: Welcome, intro to glomex and vision, intro to our different services, answers to AWS Well Architected questions.
Our final meeting was very short. We checked if all architectures from other teams were available and if we were aware of all components shown. We briefly discussed that it might make sense for one of us to be the main speaker during the review. At the end of the meeting, we sent an email to AWS including a short description of glomex and all architectures that the AWS solution architect could prepare for the review.
The review was planned to take four hours; our AWS account manager and an AWS solution architect from the UK came over to glomex to work on-site. The account manager did a short welcome round and described the idea of the review. Then, the solution architect opened up the AWS Well Architected web portal and started adding basic information about glomex GmbH. We used this opportunity to give him an overview of glomex and our different services. Together, we started answering all questions. In most cases, we simply read the question and explained how we handled the different tasks and he marked all the answers multiple-choice style. In some cases, he added some free-text messages to clarify why we were not using the proposed solutions by AWS.
The review took us about three hours overall and we were able to answer all the questions. In the end, the web portal showed a big, green “passed” image and we were happy to be AWS Well Architected.
We skipped this step due to the very good result in the review – we hadn’t found any new areas for improvement.
Summary & Outcome:
Due to the short development time of our application and infrastructure, we did have serious concerns about passing the AWS Well Architected review. Preparing for the review, though, turned out to be extremely useful for our case. We got a clear picture on what we were using and running on AWS and found several areas of improvement around security and cost optimization by ourselves.
Finally, we passed the review with a very good score and are now looking forward to scaling even more on AWS.
Find out how glomex can help you monetize video content at email@example.com or join our creative and agile development team to focus on glomex business value running on AWS.
by Markus Schmidberger, Architect Data Service Johannes Brandstetter, Head of Operations