First Impression: Amazon Well-Architected Tool Profiles

First Impression: Amazon Well-Architected Tool Profiles

Introduction

Support for workload "Profiles" in Amazon Well-Architected Framework Tool was first announced on June 13, 2023, with Amazon CLI support for this feature introduced in v.2.12.0 per CHANGELOG.

I have been a big fan of Well-Architected Framework and decided to take a closer look at what Profiles can or cannot do to improve the Well-Architected Review experience.

Amazon Web Management Console

The "Profiles" section appears as a new item on the left sidebar menu.

Let's make a few choices to observe the impact on the Review process. As you can see, there are currently four Profile questions with a total of 30 choices.

Adding a Profile for your Workload gives you the option to conduct a more focused Review while following a prioritized list of questions and ignoring some of them (I suspect that you will have to eventually enter "N/A" for de-prioritized questions). As you can see below, my test Profile choices resulted in having only 46 questions in the "Prioritized" question list, while the full Well-Architected Framework contains 60 questions.

As a side note, I did not observe a strong correlation between choices that were made during the test Profile creation and the prioritized order of questions that appeared in the Well-Architected Tool - your mileage may vary!

Before the introduction of Well-Architected Tool Profiles, the only prioritization option was to change the order in which the Pillars were reviewed.

Amazon CLI

Note: the Well-Architected Profile feature is so new that I had to manually upgrade Amazon CLI to v.2.12+ in my CloudShell environment to experiment with it.

Let's take a look at our sample Profile details by running CLI in Amazon CloudShell environment, then capturing and reviewing JSON outputs.

$ aws wellarchitected list-profiles
{
    "ProfileSummaries": [
        {
            "ProfileArn": "arn:aws:wellarchitected:us-east-1:1234567890:profile/035d049beb441cd46ee7f14990b6dea4",
            "ProfileVersion": "1.0.0",
            "ProfileName": "test",
            "ProfileDescription": "test",
            "Owner": "1234567890",
            "CreatedAt": "2023-06-20T23:10:46+00:00",
            "UpdatedAt": "2023-06-20T23:10:46+00:00"
        }
    ]
}

$ aws wellarchitected get-profile --profile-arn arn:aws:wellarchitected:us-east-1:1234567890:profile/035d049beb441cd46ee7f14990b6dea4
{
    "Profile": {
        "ProfileArn": "arn:aws:wellarchitected:us-east-1:1234567890:profile/035d049beb441cd46ee7f14990b6dea4",
        "ProfileVersion": "1.0.0",
        "ProfileName": "test",
        "ProfileDescription": "test",
        "ProfileQuestions": [
...
}

Full JSON of "get-profile" command out is posted as GitHub gist

Amazon CLI commands for Well-Architected can be used for the programmatic creation of profiles, but we need to know acceptable parameter values. Unfortunately, they are not well-documented at this time - let's find out what they actually are!

$ jq .Profile.ProfileQuestions[].QuestionId TestProfile.json 
"org-cloud-adoption-phase"
"workload-business-value"
"workload-lifecycle-phase"
"workload-improvement-priority"

Let's take a look at the Profile question JSON structure:

  • QuestionId: one of the four values above

  • QuestionTitle: Self-explanatory

  • QuestionDescription: Self-explanatory

  • QuestionChoices:

    • ChoiceId: Codified choice titles

    • ChoideTitle: Self-explanatory

    • ChoiceDescription: Self-explanatory

  • SelectedChoiceIds: At least one ChoiceId

  • MinSelectedChoices: Always one

  • MaxSelectedChoices:

    • You can select only one for "org-cloud-adoption-phase", "workload-business-value" and "workload-lifecycle-phase" questions

    • You can select up to three for "workload-improvement-priority"

Now, let's review JSON structure for Profile question choices

$ jq ".Profile.ProfileQuestions[1]" TestProfile.json 
{
  "QuestionId": "workload-business-value",
  "QuestionTitle": "What is the business value that workloads in this profile represent for your team, organization, or company?",
  "QuestionDescription": "The methodology for classifying workloads will vary by team, organization, and company, but the necessary considerations are similar. Evaluate the business outcomes these workloads support, and how critical they are to delivering that value. Consider the financial or reputational impact to your organization if issues arise in these workloads, such as security breaches, downtime, customer-impacting performance degradation, or budget overruns.",
  "QuestionChoices": [
    {
      "ChoiceId": "value-business-critical",
      "ChoiceTitle": "Business-Critical Workloads",
      "ChoiceDescription": "These are the highest priority workloads requiring the highest level of compliance stringency, security, and availability. Breaches or downtime could result in the halt of organization service, exposure of personally identifiable information (PII) or highly sensitive business data, severe legal or financial loss, loss of customer trust, reputational damage, and drastic loss in productivity. Some examples of business-critical workloads include enterprise applications, e-business applications, and client-specific lines of business applications."
    },
    { ... },
    { ... },
    { ... },
    { ... },
    { ... }
  ],
  "SelectedChoiceIds": [
    "value-business-critical"
  ],
  "MinSelectedChoices": 1,
  "MaxSelectedChoices": 1
}

I captured the following values to be used for the programmatic management of Well-Architected Tool Profiles. Unfortunately, the only way to access detailed descriptions of the choices is through "info" links in the Well-Architected Tool itself while creating or editing a Profile.

org-cloud-adoption-phase
    adoption-envision
    adoption-align
    adoption-launch
    adoption-scale
    adoption-optimize
workload-business-value    
    value-business-critical
    value-external-strategic
    value-internal-strategic
    value-internal-business
    value-general-use
    value-experiment-test
workload-lifecycle-phase    
    lifecycle-plan-design
    lifecycle-dev-build-implement
    lifecycle-test-preprod
    lifecycle-deploy-prod
    lifecycle-maintain-optimize
workload-improvement-priority    
    priority-org-strategy
    priority-ops-readiness
    priority-ops-efficiency
    priority-ops-incident-response
    priority-monitoring-observability
    priority-availability
    priority-security-posture
    priority-sec-incident-response
    priority-perf-efficiency
    priority-cost-optimization
    priority-org-cost-aware
    priority-sustainability
    priority-org-sus-aware
    priority-fundamental-bp

Now you have enough information to create new profiles with CLI.

Summary

The introduction of Well-Architected Tool Profiles is a nice feature that helps to prioritize discussion topics for Well-Architected Reviews, thus improving the efficiency and scalability of the process.

However, I would like to see a few improvements:

  1. Better documentation

  2. Ability to pre-populate some Framework answers and justifications with "N/A" for Enterprises, where Well-Architected reviews are conducted for workloads owned by Line Of Business, while Governance, Security and some Operations aspects are provided as centralized Enterprise-wide shared services.

Happy Cloud Sailing!