HCLTech WAFER: Well-Architected Framework for Enterprise Remediation

Traditional Well-Architected Framework Reviews (WAFRs) are often slow, subjective, and limited in scope. They rely on human memory and interview-based discovery, typically covering only a fraction of critical workloads. This manual approach creates high operational overhead, takes weeks to deliver, and results in static PDF reports that leave the heavy lifting of remediation to your engineering teams.

The HCLTech Automated WAFR Engine transforms this process by leveraging a Multi-Agent GenAI architecture powered by AWS Bedrock. By scanning live state, logs, and Infrastructure-as-Code (Terraform, CloudFormation, CDK), the tool provides an absolute factual view of your environment. Unlike static scanners, our Agentic Workflow engages in reasoning and negotiates trade-offs between cost and security, validating corporate compliance (SOPs), and generating battle-tested remediation code.

Key Benefits and Features:

Unmatched Accuracy and Scope

o Configuration-Based Discovery: Moves beyond subjective interviews to automated scanning of live state and IaC artifacts for absolute factual accuracy.

o Comprehensive Audit: Analyzes 100% of resources and dependencies simultaneously, eliminating the "blind spots" common in manual sampling.

Agentic AI-Powered Remediation & Negotiation

o Interactive Architectural Negotiation: The Negotiation Agent helps to reason through issues by analyzing high-risk findings and presents side-by-side trade-offs (e.g., "Best Practice" vs. "Operational Efficiency"), allowing architects to make informed decisions before code is generated.

o Context-Aware Compliance: The SOP Agent validates selected remediation paths against any specific corporate policies (Standard Operating Procedures), ensuring that "technically correct" fixes are also "organizationally compliant."

o Prescriptive Remediation: The Remediation Agent generates precise, context-aware Infrastructure-as-Code patches (Terraform/CFN) tailored to the specific codebase, ready for a Pull Request.

Speed to Insight & Reduced TCO

o Near Real-Time Results: Discovery and Gap Analysis are completed in minutes rather than weeks.

o Low Touch Engagement: Automated data gathering frees core engineering teams and SMEs from lengthy discovery workshops.

Secure & Observable Architecture

o Auditability: Every decision is tracked. The tool provides a version-controlled history of your IaC scripts, ensuring full traceability and a "Zero-Risk" validation loop before you ever hit deploy.

o Continuous Tracking: Integrated Amazon QuickSight dashboards visualize results across multiple scans, tracking improvements over time and supporting iterative rescans.

Our Proven Methodology

Our workflow is designed for minimal friction and maximum impact:

1. Ingest: Users upload IaC artifacts (Terraform, CloudFormation, CDK) via the secure UI. The Discovery Module parses templates to build a comprehensive graph of the workload.

2. Analyze: Automatically identify and categorize risks across all Six Pillars of the Well-Architected Framework.

3. Negotiate: A Negotiation Agent engages the user to review high-severity findings, offering comparative analysis of potential fixes (balancing Cost, Security, and Effort) to align with business context.

4. Validate: An SOP Agent checks the chosen remediation path against corporate guardrails to ensure compliance.

5. Remediate: A Remediation Agent generates the actual code patches for the approved solution.

6. Visualize: Track ROI, risk reduction deltas, and multi-scan trends via Amazon QuickSight dashboards.

Solution Scope, Prerequisites, and Responsibilities

• Scope of Offering: This offering includes the deployment of the WAFR Automation platform into the customer environment, configuration of the GenAI context parameters, and an initial automated review.

• Prerequisites: Customer must have an active AWS account. Access to Infrastructure-as-Code repositories (Terraform, CloudFormation, or CDK) or architecture diagrams. Enabled model access for AWS Bedrock in the target region.

• Shared Responsibility Model:

•HCLTech: Deploys the automation platform, maintains the analyzer logic, and fine-tunes the GenAI prompts for remediation accuracy.

•Customer: Provides read-access to IaC repositories/artifacts and authorizes the execution of the analyzer.

•AWS: Provides the underlying compute (Fargate/Lambda) and AI services (Bedrock) ensuring infrastructure security and availability.