AWS Cloud Operations & Migrations Blog

Scaling Well-Architected reviews with the AWS Well-Architected Tool

The AWS Well-Architected Framework describes key concepts and architectural best practices that help cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads in the cloud. An AWS Well-Architected Review includes questions around the AWS Well-Architected Framework that can help application owners ensure that their workloads are following best practices. The AWS Well-Architected Tool, provided at no additional cost, can be used by customers to ask these questions and prepare a plan for deploying in the cloud that uses best practices. A workload is a set of questions and answers around a specific application or piece of architectural design detailed in the AWS Well-Architected Tool.

In enterprises with a centralized Technical Design Authority (TDA) or Cloud Center of Excellence (CCoE), application owners are often required to report architectural design choices to these teams for auditing or approval.

In this blog post, I’ll describe how application teams can use the AWS Well-Architected Tool to autonomously review their architecture while offering governance teams visibility into these reports.

Train application teams

To enable application teams to perform their own Well-Architected reviews, ensure that they have the appropriate training. AWS recommends training courses, an AWS Professional Services engagement, or support from AWS Partners.

Get started

To create and share workloads through the AWS Well-Architected Tool:

  1. Create a workload in a central AWS account.
  2. Share the workload with the application owner’s AWS account or IAM user.
  3. After the application owner accepts the shared workload, the owner can now run their own Well-Architected review using this workload in the AWS Well-Architected Tool.
  4. The central architectural authority can then review the results of this workload and make recommendations.

Create a workload and a milestone

Follow the steps in Define a Workload in the AWS Well-Architected Tool User Guide. The application teams might not be able to answer some review questions due to centralized compliance or because specific technologies are prescriptively delivered as part of a default Landing Zone. In these cases, the workload creator can add details to these questions or mark them as not applicable to the workload before sharing. These responses will then be visible to the application owners when they use the tool to perform their review.

A milestone records the current state of a workload. It will help to identify at what stage the review was performed. Remember that Well-Architected reviews are part of a continuous process of refinement. It’s helpful to have a trail of these architectural decisions throughout an application’s lifecycle. Follow the steps in Save a milestone in the AWS Well-Architected Tool User Guide.

Share a workload

Now that you have defined your workload, follow the steps in Sharing a workload to share it with another AWS account or IAM user. Because there might be security-related or sensitive data in the answers, AWS recommends that you share these workloads with individual IAM users. Grant the IAM user read-only access to the workload and permissions that allow them to update answers and notes.

After the application owner accepts the workload invitation, this new workload will be displayed in the list of available AWS Well-Architected Tool workloads in the application owner’s AWS account. The application owner can now run a Well-Architected review using this workload.

Run a Well-Architected review and document a workload

It’s now time for the application owner to review their architecture. The Well-Architected review measures a workload against best practices across five pillars:

  • Operational excellence
  • Security
  • Reliability
  • Performance efficiency
  • Cost optimization

The AWS Well-Architected Tool uses questions to discover how a workload aligns to cloud best practices. Application owners provide answers to these questions during the review and they are recorded in the tool.

After the workload has been reviewed, create a new milestone to reflect the application owner’s inputs. This milestone serves as a historical snapshot. AWS recommends that you create milestones after any action is taken on a workload, especially when questions are answered or updated.

Offer recommendations based on the Well-Architected review

This shared model allows application owners to run their own Well-Architected review, while providing full visibility into results to the TDA team without having to wait for the TDA team to run it on their own. This, in turn, allows the application owner to gain a deeper understanding of the best practices for their application while the TDA concentrates on offering application or enterprise-specific design recommendations.


In this blog, we provide guidance on how you can enable application teams to run their own Well-Architected Reviews, while still providing visibility of results to central teams.

For better, more secure, and more cloud-native application designs, enterprises should offer training, tooling, and architectural support. The AWS Well-Architected Tool allows enterprises to review the state of their workloads and compare them to the latest AWS architectural best practices. They can use this information to create training plans or centralized governance solutions. An AWS Well-Architected review facilitates the creation of historical snapshots of application designs that are not always fully captured in typical architectural documentation.

About the author

Richard Rustean Profile

Richard Rustean

Richard is a Cloud Infrastructure Architect in the Professional Services team at AWS. He helps Customers achieve their business outcomes and deliver production-ready solutions at global scale using AWS Services.