How to Perform a Well-Architected Framework Review with nOps

This article contains the following information:

Getting Started

Creating Your First Workload

Defining the Workload Query

Workload Summary View

Running the Well-Architected Framework Review (WAFR)

AWS Well-Architected Tool Integration

IAM Role Updates

Getting Started

AWS Well-Architected helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads. Based on five pillars — operational excellence, security, reliability, performance efficiency, and cost optimization — AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures and implement designs that can scale over time.

Creating Your First Workload

If this is the first time you have created a workload, you will click “Create new Workload” in the middle of the screen. After that, the Create new Workload button will move to the top right of the window.

When you click “Create new Workload” the workload creation pane will appear. Remember that a workload name cannot be changed once it's created.

  • Select Client - Choose the client for which you want to create the workload.

  • Workload Name - This is the unique identifier for your workload. A Workload name cannot be changed once it's created.

  • Well-Architected Tool Integration - Clicking this toggle allows you to sync your workload to the AWS Well-Architected Tool.

  • AWS account to save WAR Progress - If you selected the toggle switch, this determines which AWS account the workload is written to.

  • AWS Account(s) - The AWS Account(s) where the resources for your workload live.

  • Workload Type - Defines the overall workload type. Please select “Well-Architected.”

  • Lens - nOps supports the AWS lens concept. Please select Well-Architected for the lens type.

  • Environment - This defaults to production and defines the environment from an AWS perspective. Note: Sanctioned Well-Architected Framework Reviews should always be performed on a production workload.

  • Jira project - If you are using the built-in Jira integration, you can select a Jira project to integrate with.

  • Description - A text description of your workload.

Defining the Workload Query

After you have entered the metadata for the workload, click the gray bar that says, “**Specify Workload Resource”**. This allows the query builder to slide into view. nOps allows you to specify rules that define which resources will be added to the workload. You can change the default settings and specify the filters using the drop-downs.

  • Regions - The regions that nOps will pull resources from. This setting defaults to All.

  • AWS Managed Services - The AWS services that nOps will include in your workload. This setting defaults to All.

  • VPC - The VPCs that contain the resources that nOps will include in your workload. This setting defaults to All.

  • Tags - Select tags to be assigned to the resources you want to include, e.g. “ApplicationA.”

Click “Save” to create your workload.

Workload Summary View

After you have created your workload, you will see the Workloads view. Here you view a list of all workloads you’ve created, edit the query that builds your workload, or delete your workload.

Assessment Status:

• Pending - Waiting to Start Assessment

• In Progress - Started the Assessment, partially completed or waiting to review

• Submitted - Submitted the Workload to AWS, or marked as complete

Click on the workload to be taken to the Workload Summary view. In the Workload Summary view, you will see two sections.

  • Assessment Summary - An overview of how far into the assessment you are.

  • Workload Attachments - Any files and/or links attached to the workload are added to the report generated by nOps when the assessment is completed.

  • Well-Architected Summary - A summary of violations across the five pillars of the Framework.

  • Budgets - A view of the budget you have set for this particular workload.

Running the Well-Architected Framework Review (WAFR)

You may notice that the assessment is at a completion percentage greater than 0%. This is because that nOps uses its rules engine to automatically discover information about the workload. Click “Start Assessment” to begin the WAFR.
Note: Each question specifies whether this is considered a High, Medium or Low risk question.

For each question in the WAFR, nOps will either automatically detect the answer to the question or allow you to answer it manually. Clicking on the box(es) in each section will designate that your workload meets or exceeds the particular requirements. You can add notes to a particular question by clicking “Add Note.” Hover the mouse over a question to view a context menu that gives you several options.

  • Autodiscovery Details - Information about what nOps was able to detect in your account.

  • Attach Resources - Allows you to attach specific resources to a question. These resources will be included in the report generated by nOps.

  • Create Jira Ticket - If you have integrated an instance of Jira Cloud, you can open Jira issues from nOps. Use this option to assign tasks while completing your WAFR.

  • Show Description - Shows a description of the question.

After you have answered each question, you can click “Submit Report” enabling you to export the report to AWS as part of the WAFR. Clicking “Exit Assessment” will return you to the summary screen where you can upload any additional documentation, see the assessment completion percentage, and export the report of the assessment.

AWS Well-Architected Tool Integration

When you synchronize a workload to the AWS Well-Architected Tool, each workload will be listed as if you had created it from the tool itself.

Changes made from nOps can be synchronized to the AWS Well-Architected Tool by clicking Update Report.

IAM Role Updates

If you are using an existing nOps account, you will receive notifications that nOps has added new AWS IAM policies to enable AWS Well-Architected Tool integration. Please update your IAM policies to allow nOps to access the AWS Well-Architected Tool in your account. For more information, you can watch this short video.

Get notified about new AWS IAM policies on nOps - YouTube

Did this answer your question?