AWS Well-Architected Framework v10¶
The AWS Well-Architected Framework helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for applications and workloads. It is based on six pillars: operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability. This framework is designed for all AWS users to evaluate and improve their cloud architectures.
Terraform Registry Subdomain: awswellarchitected¶
module "..." {
source = "awswellarchitected.compliance.tf/terraform-aws-modules/<module>/aws"
version = "<version>"
}
module "..." {
source = "https://awswellarchitected.compliance.tf/terraform-aws-modules/<module>/aws"
}
Refer to the Terraform Registry Endpoints section for more details.
Implemented Controls¶
The following controls are implemented as part of this framework.
- CloudFormation stacks should have notifications enabled
- CloudWatch alarm should have an action configured
- RDS DB clusters should have automatic minor version upgrade enabled
- S3 bucket default encryption should be enabled with KMS
- S3 buckets with versioning enabled should have lifecycle policies configured
- S3 bucket versioning should be enabled
- SNS topics should be encrypted at rest
Enable/Disable Controls¶
You can customize the Terraform module for the desired compliance requirements by enabling/disabling individual controls.
Examples¶
S3 bucket module with AWS Well-Architected Framework v10 compliance framework controls enabled, and a couple of controls disabled¶
module "..." {
source = "https://awswellarchitected.compliance.tf/terraform-aws-modules/s3-bucket/aws?disable=cloudformation_stack_notifications_enabled,cloudwatch_alarm_action_enabled"
}