The six pillars
What each pillar means — and how to apply it.
Each pillar comes with design principles and best practices. Here is the essence of all six, with the AWS services that bring them to life.
Run and monitor systems to deliver business value, and continually improve processes and procedures. It is about automating changes, responding to events and defining standards to manage daily operations.
Standard proceduresDocument operations as code so teams handle routine and unexpected events the same way every time.
Automate everythingReduce manual effort and human error so engineers focus on high-value work.
Learn & iterateReview failures without blame and feed lessons back into the system.
CloudWatchSystems ManagerAWS ConfigCloudFormation
Protect information, systems and assets while delivering business value through risk assessments and mitigation. It covers data protection, identity and access management, and incident response.
Least-privilege accessGrant only the permissions each identity truly needs with IAM and SCPs.
Protect dataEncrypt data at rest and in transit, and classify it by sensitivity.
Detect & respondMonitor continuously and rehearse incident response before you need it.
IAMKMSGuardDutyCloudTrailSecurity Hub
The ability of a workload to perform its intended function correctly and consistently when expected. It means operating and testing the workload, automating failure recovery and adapting to changing demand.
Design for failureUse distributed, multi-AZ architectures with no single point of failure.
Automate recoverySelf-heal with health checks, Auto Scaling and automated failover.
Test resilienceRun disaster-recovery drills and chaos experiments regularly.
Route 53Elastic Load BalancingAuto ScalingMulti-AZ RDS
Use computing resources efficiently to meet requirements and keep that efficiency as demand changes and technologies evolve. It is about selecting the right resource types, monitoring and making informed trade-offs.
Right resourcesMatch instance types, storage and databases to the workload shape.
Monitor & tuneFind bottlenecks with X-Ray and CloudWatch, then optimise.
Scale elasticallyAdopt serverless and managed services so capacity tracks demand.
LambdaECS / EKSCloudFrontX-Ray
Avoid unnecessary costs. Understand and control where money is spent, select the right number and type of resources, analyse spend over time and scale to meet business needs without overspending.
Visibility & controlTrack and forecast spend with Budgets and Cost Explorer.
Right-sizeMatch capacity to need and shut down idle resources automatically.
Buy smartUse Savings Plans, Reserved and Spot Instances for the right workloads.
Cost ExplorerAWS BudgetsSavings PlansSpot Instances
Reduce the environmental impact of running cloud workloads. Understand your impact, set KPIs to improve efficiency across every layer of the architecture, and reduce the resources and downstream impact required.
Efficient designPick low-carbon regions and energy-efficient Graviton processors.
Optimise dataMinimise storage and data transfer to cut energy use.
DecommissionAudit workloads and remove anything no longer needed.
GravitonCustomer Carbon Footprint ToolS3 LifecycleCompute Optimizer