AWS Cloud Operations Blog
Assess, Audit, and Evaluate AWS Resources Against AWS Sustainability Best Practices
At AWS, we are committed to running our business in the most environmentally friendly way possible. We also work to enable our customers to use the benefits of the cloud to better monitor and optimize their IT infrastructure. As reported in The Carbon Reduction Opportunity of Moving to Amazon Web Services, our infrastructure is 3.6 times more energy efficient than the median US enterprise data center, and moving to AWS can lower your workload’s carbon footprint by 88% for the same task.
Sustainability is a shared responsibility between AWS and our customers. AWS is responsible for optimizing the sustainability of the cloud – delivering efficient, shared infrastructure, water stewardship, and sourcing renewable power. While customers are responsible for sustainability in the cloud – optimizing workloads and resource utilization, and minimizing the total resources required to be deployed for your workloads.
To help customers achieve their sustainability goals, AWS offers a variety of tools including the AWS Customer Carbon Footprint Tool to track and measure the carbon emissions generated from your AWS usage. AWS created the Well-Architected Framework Sustainability Pillar, which provides design principles, operational guidance, and best-practices that can be used to achieve sustainability targets for your workloads. AWS also continues to launch services that enable sustainability improvements in architectures, such as AWS Graviton Instances, which are designed to deliver the best performance per watt of energy use in Amazon EC2. Amazon EC2 Spot Instances allow you to benefit from significant cost savings while helping AWS improve data center utilization.
In this blog, we will discuss how customers can use AWS Config to assess, audit, and evaluate AWS resources at scale against the Sustainability Pillar best practices from the AWS Well-Architected Framework.
AWS Config
AWS Config provides managed rules and the ability to create custom rules, both allowing customers to evaluate the configurations of cloud resources, before and after provisioning. Further, Config conformance packs allow customers to package a collection of Config rules along with their remediation actions into a single unit. Conformance packs are also integrated with AWS Organizations. This allows customers to deploy conformance packs across an entire organization, providing a scalable and efficient way to ensure resource compliance across AWS accounts and workloads.
Assessing Sustainability Best Practices
The Sustainability Pillar of the AWS Well-Architected Framework provides guidance on best practices for sustainability in the cloud. These best practices help customers optimize their workloads, both by increasing utilization of resources and reducing the total number resources required. By utilizing the Sustainability Pillar customers can identify targets for improvement and then implement recommended best practices to achieve their sustainability goals.
For this example, we selected a few of the Sustainability Pillar best practices and will demonstrate how AWS Config rules allow customers to ensure these best practices are implemented across the organization. We intentionally chose best practices that are common to many architectures; data lifecycle management, code optimization, and network performance. The approaches can help both reduce your resource consumption and provide opportunities for savings benefits. Example best practices include:
- SUS04-BP03: Use policies to manage the lifecycle of your datasets
- SUS03-BP03: Optimize areas of code that consume the most time or resources
- SUS04-BP07: Minimize data movement across networks
AWS Config Rules for Sustainability
SUS04-BP03: Use policies to manage the lifecycle of your datasets
This best practice recommends automatic deletion of unused data to minimize overall storage usage. Across organizations, data retention needs may vary to meet business requirements, and taking a manual approach to removing data can quickly become impractical. AWS services, such as Amazon S3, allow for Lifecycle configurations to automate the transition of S3 objects to lower-cost storage and ultimately object deletion.
Within AWS Config, a rule can be used to ensure lifecycle configurations are applied across Amazon S3 buckets.
SUS03-BP03: Optimize areas of code that consume the most time or resources
Use of efficient code minimizes resource usage and improves performance. Environments should be monitored to identify opportunities for improvement and to remove bugs and anti-patterns. For Amazon RDS, Performance Insights can be used to identify what is causing load on a database, so you can determine the impact of SQL queries and tune them for better performance. Performance Insights is offered with both free and paid tier options.
The AWS Config rule below checks that Performance Insights is enabled for RDS databases, so you can monitor your databases for continuous improvement.
SUS04-BP07: Minimize data movement across networks
By optimizing data movement across your network, you can reduce the total networking resources required for your workloads and lower their environmental impact. One consideration for implementing this best practice is to enable compression for APIs. This reduces the data sent with each request and therefore data movement across your network. (Note that while data compression minimizes data movement, as a trade-off, more computing power may be required to decompress the data. It is advised that your company tests the best practice recommendations to determine the level of network usage compared to compute trade-offs and identify which approach is most sustainably beneficial.)
This example rule checks that compression is enabled for Amazon API Gateway Rest APIs.
Implementing Sustainability Rules at Scale
Customers can use conformance packs to deploy AWS Config rules, such as the examples above, across their organization to work towards sustainability goals. To help accelerate using Config rules, we have created an example conformance pack. This pack includes the following nine Config rules which support a number of Sustainability Pillar best practices and can be deployed through the AWS Config Console or AWS Command Line Interface.
Service | Description of Config Rule | Sustainability Pillar Best Practice |
---|---|---|
API Gateway | Rule checks compression is enabled for a Rest API | SUS04-BP07 |
CloudFront | Rule checks that compression is enabled (Note this rule must be deployed in us-east-1) | SUS04-BP07 |
EBS | Rule checks that EBS delete on instance termination is enabled | SUS02-BP03 |
EC2 | Rule checks that EC2 security groups do not have port 22 open for ssh, so Session Manager is used instead | SUS05-BP03 |
EFS | Rule checks that EFS Lifecycle Management is enabled | SUS04-BP03 |
Lambda | Rule checks that Lambda functions are using AWS Graviton based processors | SUS05-BP01 |
RDS | Rule checks that RDS instances are using AWS Graviton based processors | SUS05-BP02 |
RDS | Rule check that performance insight is enabled | SUS03-BP03 |
S3 | Rule checks that lifecycle configuration exists for Amazon S3 buckets | SUS04-BP03 |
* The Config rules above are included in a conformance pack that can be found here along with instructions to implement.
Customers can expand on this set of example rules to the evaluate their workloads against the additional sustainability best practices aligned with their improvement goals. Customers have the ability to adapt these rules and create custom Config rules for the resources within their environment. The conformance pack can then be use to apply the new rules across the organization.
Conclusion
This blog demonstrates how to implement AWS Config rules aligned with the AWS Well-Architected Pillar for Sustainability and includes a sample conformance pack to get you started. You can extend or adapt these rules in accordance with your company-specific sustainability policies and add more rules to help you achieve your sustainability goals. By implementing these rules via conformance pack, you can evaluate resources efficiently and at scale.