The AWS Well-Architected Review: A Plain-English Checklist

The AWS Well-Architected Framework is AWS's own set of best practices for building reliable, secure, efficient cloud systems. A "Well-Architected Review" sounds formal, but at its core it's a structured set of questions across six pillars. Here's a plain-English checklist you can self-assess against today.

The six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability. A good review finds the handful of high-risk gaps that matter — not a 200-item audit no one acts on.

1. Operational Excellence

Can you run, monitor, and improve the system with confidence?

Is infrastructure defined as code (CloudFormation/Terraform/CDK), not clicked together by hand?
Are deployments automated and repeatable, with a safe rollback?
Do you have centralized logs, metrics, and dashboards for the things that matter?
Are runbooks written for common failures — and has anyone tested them?

2. Security

This is the pillar where gaps hurt most.

Least-privilege IAM — no long-lived root keys, MFA on root, roles over users.
Encryption at rest and in transit by default.
Secrets in Secrets Manager/Parameter Store — never in code or env files in the repo.
Network segmentation: private subnets for workloads, tight security groups.
Logging and detection on (CloudTrail, GuardDuty) with someone watching.

3. Reliability

Will it stay up, and recover when something breaks?

No single points of failure — multi-AZ for anything that matters.
Automated backups with a tested restore (an untested backup is a hope, not a plan).
Health checks and auto-recovery / auto-scaling.
Defined RTO/RPO — do you know how much downtime and data loss you can tolerate?

4. Performance Efficiency

Right instance types for the workload (and Graviton where it fits).
Caching where it helps (CloudFront, ElastiCache).
The right tool for the job — managed services over self-managed when they fit.
Performance monitored against real user experience, not just CPU graphs.

5. Cost Optimization

Commitments (Savings Plans/RIs) covering steady-state usage — see our guide.
Idle and orphaned resources cleaned up regularly.
Storage tiered (S3 lifecycle, gp3 over gp2).
Cost visibility: tagging, budgets, and anomaly alerts in place.

6. Sustainability

The newest pillar: minimize the environmental impact of your workloads. In practice it overlaps heavily with cost — right-sizing, Graviton, efficient storage, and shutting down idle resources all reduce both your bill and your footprint.

How to actually run a review

Pick one workload — don't try to review everything at once.
Walk the six pillars with the questions above, honestly. Write down gaps.
Triage by risk — flag each gap high/medium/low. Most reviews surface a few high-risk items that deserve immediate attention.
Build a short remediation roadmap — the 5–10 changes with the best risk-reduction per unit of effort.
Re-review periodically — architecture drifts as the system grows.

A focused Well-Architected Review usually pays for itself twice over: once in avoided incidents, and once in cost savings the Cost pillar surfaces along the way.

Want a second set of eyes?

A structured review is most valuable when someone independent runs it. Book a free consultation to talk through your highest-risk pillars, or start with the free AWS Cost Checkup to knock out the Cost pillar first.

This checklist summarizes the AWS Well-Architected Framework in plain terms; consult the official AWS documentation for the full set of practices.