AWS Well-Architected Framework v10¶

The AWS Well-Architected Framework helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for applications and workloads. It is based on six pillars: operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability. This framework is designed for all AWS users to evaluate and improve their cloud architectures.

Terraform Registry Subdomain: awswellarchitected¶

module "..." {
  source  = "awswellarchitected.compliance.tf/terraform-aws-modules/<module>/aws"
  version = "<version>"
}

module "..." {
  source = "https://awswellarchitected.compliance.tf/terraform-aws-modules/<module>/aws"
}

Refer to the Terraform Registry Endpoints section for more details.

Implemented Controls¶

The following controls are implemented as part of this framework.

• CloudFormation stacks should have notifications enabled
• CloudWatch alarm should have an action configured
• RDS DB clusters should have automatic minor version upgrade enabled
• S3 bucket default encryption should be enabled with KMS
• S3 buckets with versioning enabled should have lifecycle policies configured
• S3 bucket versioning should be enabled
• SNS topics should be encrypted at rest

Enable/Disable Controls¶

You can customize the Terraform module for the desired compliance requirements by enabling/disabling individual controls.

Examples¶

S3 bucket module with AWS Well-Architected Framework v10 compliance framework controls enabled, and a couple of controls disabled¶

module "..." {
  source = "https://awswellarchitected.compliance.tf/terraform-aws-modules/s3-bucket/aws?disable=cloudformation_stack_notifications_enabled,cloudwatch_alarm_action_enabled"
}