Introducing the Container Build Lens for the AWS Well-Architected Framework

Today we are delighted to introduce the Container Build Lens, an Amazon Web Services (AWS) Well-Architected whitepaper. Using the AWS Well-Architected Framework—which provides architectural best practices for designing and operating workloads on AWS—the Container Build Lens outlines the steps for performing an AWS Well-Architected review that empowers customers to assess and identify technical risks of their container build process. AWS Well-Architected Framework provides a consistent approach for customers to evaluate architectures and implement scalable designs, and this whitepaper covers common containerized build scenarios and identifies key workload elements to allow you to architect your workloads according to best practices gathered from thousands of customer interactions.

Further, the Container Build Lens provides specific best practices and implementation guidance that customers can employ to deliver high-performance and reliable workloads, all with an eye toward maintaining a cost-effective and sustainable approach.

The AWS Well-Architected Framework is based on six pillars—operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability. Using the Framework, cloud architects, system architects, engineers, and developers can build secure, high-performance, resilient, and efficient infrastructure for their applications and workloads.

The Container Build Lens joins a collection of lenses that focus on specialized workloads such as the Internet of Things (IoT), games, artificial intelligence (AI) and machine learning (ML), SAP, and serverless technology. You can find more information on AWS Well-Architected Lenses in the AWS Well-Architected User Guide.

What is the Container Build Lens?

The Container Build Lens is a collection of customer-proven design principles and best practices to help you adopt a cloud-native approach to building containers on AWS. These recommendations are based on insights that AWS has gathered from customers, AWS Partners, the community, and our own container technical specialist communities.

The lens highlights some of the most common areas for assessment and improvement. It is designed to align with and provide insights across the six pillars of the AWS Well-Architected Framework:

  • Operational excellence focuses on running and monitoring systems to deliver business value and continually improve processes and procedures. Container build topics include lifecycle management for container images and implementing observability into your container images.
  • Security focuses on protecting information and systems. Container build topics include ensuring least privilege permissions for your containerized applications, access control to your build infrastructure, vulnerability detection and mitigation, minimizing attack surface for container images, and handling sensitive data.
  • Reliability focuses on ensuring a workload performs its intended function correctly and consistently when it’s expected to. Container build topics include monitoring and tracking container resource consumption, implementing automation for building and testing container images, rolling out updates to parent container images throughout the organization, and monitoring the health of your containerized application.
  • Performance efficiency focuses on using IT and computing resources efficiently. Container build topics include reducing container image sizes, improving container image pull time, and updating container images across the organization.
  • Cost optimization focuses on avoiding unnecessary costs. Container build topics include designing container images for efficient use, designing container images to support automatic scaling, using different compute type instances, and reducing container overhead launch time.
  • Sustainability focuses on minimizing the environmental impacts of running cloud workloads. Container build topics include designing container images to be able to run on energy-efficient hardware and using energy-efficient services to be built on energy-efficient hardware.

The Container Build Lens provides guidance that can help you make appropriate design decisions in line with your business requirements. These are based on lessons AWS has learned from customers who have built their streaming solutions on AWS. By applying the techniques in this lens to your architecture, you can validate the resilience and efficiency of your design. This lens also provides recommendations to address any gaps you might identify. We expect customers to use this lens as a supplement to the AWS Well-Architected Framework.

Who should use the Container Build Lens?

The Container Build Lens is intended for all AWS customers who use containers to run their workloads and are searching for guidance on how to build secure, efficient, and reliable container images. These might include startups, digital native businesses, software vendors, enterprises, consulting companies, or public sector companies.

We believe that the lens will be valuable regardless of your cloud adoption stage: whether you are launching your first container on AWS, migrating existing services to the cloud, or working to improve existing AWS container workloads.

The material is intended to support customers in roles such as architect, developer, and operations team members.

What are the next steps?

The Container Build Lens is available now in the AWS Documentation to use in a self-service fashion. If you require additional expert guidance, contact your AWS account team to engage a Containers specialist solution architect.

AWS is committed to the Container Build Lens as a living tool. As the container ecosystems evolve and new AWS services become available, we will update the Container Build Lens accordingly. Our mission will always be to help you design and deploy well-architected applications so that you can focus on delivering on your business objectives.

Learn more about supported container solutions, customer case studies, and additional resources at Containers at AWS.


The authors would like to thank the following people for their invaluable help in developing this new Container Build Lens for the AWS Well-Architected Framework

  • Erin McGill — Senior Software Development Engineer
  • Sascha Möllering — Principal Specialist SA Containers
  • Thomas Liddle — Solutions Architect
  • Tsahi Duek — Senior Specialist SA Containers
  • Joe Mann — Partner SA – Redhat
  • Re Alvarez Parmar – Principal Specialist SA Containers
  • Roland Barcia – Director, Worldwide Solutions Architects, Serverless
  • Aaron Miller– Principal Specialist SA Containers
  • Viji Sarathy – Principal Specialist SA Containers
  • Theo Salvo – Senior Specialist SA Containers
  • Nirmal Mehta – Principal Specialist SA Containers
  • Andreas Lindh – Senior Specialist SA Containers
  • David Surey – Senior Solutions Architect
  • Liz Duke – Senior Specialist SA Containers
  • Praveen Nerellapalli – Senior Containers and Serverless DLA
  • Satveer Khurpa – Senior Containers and Serverless DLA
  • Bruce Ross – Well-Architected Lens Leader
Sascha Moellering

Sascha Moellering

Sascha Möllering has been working for more than six years as a Solutions Architect and Solutions Architect Manager at Amazon Web Services EMEA in the German branch. He shares his expertise with a focus on Automation, Infrastructure as Code, Distributed Computing, Containers, and JVM in regular contributions to various IT magazines and blogs. He can be reached at

Tsahi Duek

Tsahi Duek

Tsahi Duek is a Principal Container Specialist Solutions Architect at Amazon Web Services. He has over 20 years of experience building systems, applications, and production environments, with a focus on reliability, scalability, and operational aspects. He is a system architect with a software engineering mindset.

Erin McGill

Erin McGill

Erin McGill is a Software Development Engineer on the AWS Solutions team. She has contributed to the updates to Machine to Cloud Connectivity Framework. She is based in New York.

Thomas Liddle

Thomas Liddle

Thomas Liddle is a Solutions Architect at AWS. He provides technical guidance, technical designs, and leads implementation projects to customers ensuring their success on AWS. In addition, he focuses on helping customers build and develop highly scalable and resilient architectures in AWS environments.