AWS Architecture Center
AWS Well-Architected

Infrastructure Capabilities

The AWS Global Cloud Infrastructure is the most secure, extensive, and reliable cloud platform, offering over 200 fully featured services from data centers globally. Whether you need to deploy your application workloads across the globe in a single click, or you want to build and deploy specific applications closer to your end-users with single-digit millisecond latency, AWS provides you the cloud infrastructure where and when you need it. The capabilities within this area enable you to design, build, and manage a secure and highly available cloud infrastructure.

  • The Network Connectivity capability enables you to create, manage, and monitor secure, scalable, and highly available networks for your applications and workloads. This includes connectivity within the cloud, Hybrid connectivity, IP address management, network logging and monitoring, and DNS management.

    Scenarios

    • CF11 – S1: Connectivity within the cloud
    • CF11 – S2: IP address management
    • CF11 – S3: Hybrid connectivity
    • CF11 – S4: Network monitoring and logging
    • CF11 – S5: DNS management
    • CF11 – S6: Network orchestration
    Read the whitepaper
    Implement the capability

  • The Workload Isolation capability enables you to create and manage isolated environments for your workloads. This approach reduces the impact of vulnerabilities and threats, and eases the complexity of compliance by providing mechanisms to isolate access to resources.

    Scenarios

    • CF7 – S1: Design isolated resource environments
    • CF7 – S2: Isolated environment lifecycle management
    • CF7 – S3: Baselining isolated environments
    • CF7 – S4: Repeatable patterns for isolated environments
    Read the whitepaper
    Implement the capability

  • The Network Security capability enables you to design and implement security policies and controls across different levels of the networking stack to protect your resources from external or internal threats to ensure confidentiality, availability, integrity, and usability. This capability includes the prevention, detection, and blocking of anomalous network traffic based on monitoring of ingress/egress and lateral data movement.

    Scenarios

    • CF8 – S1: Network segmentation
    • CF8 – S2: Network encryption
    • CF8 – S3: Network intrusion detection
    • CF8 – S4: Traffic inspection
    • CF8 – S5: Network access controls
    Read the whitepaper
    Implement the capability

  • The Template Management capability enables you to create and group reusable templates in a central repository to quickly deploy, manage, and update infrastructure, schemas, and resources across the environment. This capability includes the necessary processes to create, test, update, and validate the templates when required. These templates are pre-approved implementation patterns using approved cloud services, and are ready to be used by different teams based on requirements.

    Scenarios

    • CF14 – S1: Template development
    • CF14 – S2: Template catalog and sharing
    • CF14 – S3: Template lifecycle management
    Read the whitepaper

Was this page helpful?

 Feedback