josephphyo/Cost Optimization Pillar

## Cost Optimization Pillar
1. Cost Effective Resource selection
2. Match Supply and demand
3. Awareness of spend
4. Optimize

<< Cost Effective Resource Selection >>
Provision to current needs with an eye to future.
Right Sizing.
Use data to choose purchase option. (on-demand or spot)
Optimize by Regions, AZ and Edge (global infrastructure)
Default to managed service.
Optimize data transfer.

<< Matching Supply and Demand >>
Pay only what you need
Demand based (ec2)
Buffer based (SQS ,SNS )
Time Based (Kinesis Stream)

<< Awareness of spend >>
Understand your stakeholders.
Implement the governance model (Cloudwatch metrics)
Attribute cost to team/project.
Tagging Strategy AWS Resources.
Track the lifecycle of resources.

<< Optimize >>
Align utilization with requirements.
Report and validate finding.
Evaluate the new services for value.
Continue push to new services.

## Operational Excellence Pillar
1. Prepare (Forecast)
2. Operate (Automate)
3. Evolve  (Learn)

<< Prepare >>
1. Prioritize
prioritize to align with business priorities.
What is the business goal.
What are the critical pieces need to meet that goal?
Any compliance restrictions and requirements.
Dependencies between services.
2. Design
Design your architecture to support business priorities.
Is the design observable?
Is the entire design code (IAC)?
Are you logs and actionable ?
3. Readiness
Workloads ready to go live ?
Processes consistent?
Operational code properly managed.
Test in place?
Anticipate failure

<< Operate >>
1. Operational Health
Ensure your workloads is actually working
Metrics indicate health of all services.
Metrics show overall health.
Are you monitoring business metrics too?
2. Responding to events
Be Ready!
Anticipate planned and unplanned events.
Respond in code.
Automate everything.

<< Evolve >>
Learn from success and failure.
Post event, have runbooks changed ?
Team evaluating their processes?
Test assumptions.
Experiment early.

## Performance Efficiency Pillar
Selection - Choice Services
Review - Make Sure your choice up and running
Monitoring -  Make Sure continue running
Trade-off  - Adjust for Performance

<< Selection >>
What type of compute is best suite?
Which Data Store is best suite?
Does your network design is complement compute and data store choices?

<< Review >>
Is Infrastructure is stored as code?
Are deployments is simple and automated?
Can benchmarks be taken automatically?

<< Monitoring >>
Use active and passive monitoring where appropriate.
Understand five phase of monitoring
Generation, Aggregation, Real-time processing, Storage, Analytics)
Create actionable metrics.

<< Trade-off >>
Will caching help?
Should you partition or shard your workloads ?
Can compression improve performance?
Buffer is option?

## References
https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/
https://wellarchitectedlabs.com/
https://wa.aws.amazon.com/index.en.html
https://wa.aws.amazon.com/wat.pillars.wa-pillars.en.html

## Reliability Pillar
Limits (default & requested limits)
Networking (topology, bandwidth and latency)
Availability (Ensure your application is ready)

<< Limits >>
Are you planning beyond limits for a resource?
Will you scale past specific resource limits?
Can those limit be lifted?
Can you plan around those limits ?

<< Networking >>
IP Addressing.
Subnet Structure.
Resilient Topology.
Ability to handle sudden increased in traffic.
Provide consistent performance.

<< Availability >>
Can user access your application?
Deploy without issues?
Can you push issue to planned downtime?

## Security Pillar
Identity and Access
Detective Controls
Infrastructure Protection
Data Protection
Incident Response

<< Identity and Access >>
Who is allowed to do?
Are you applying "Least privileges" ?
Deny Root Access and full access.
Regularly review access and privileges

<< Detective Controls >>
capture and analyze logs
regularly audit control and configuration.
look for unauthorized and unexpected changes.
monitor workloads behaviour for abnormalities.

<< Infrastructure Protection >>
Establish trust boundaries.
Protect Network in/out
Protect all hosts
Configure service to meet security posture need
Enforce service level protection.

<< Data Protection >>
How sensitive is the data?
Who should be access, When ?
Encrypt in transit and at rest.
Backup

<< Incident Response ( While under attack ) >>
Do you have to plan to tag affected resources?
Adjust permission
redeploy to recover quickly?
Did you learn form incident and adjust?

## The 5 Pillars
<< Operational Excellence >>
- Does your architecture work?
    All operation are code.
    Documents is updated automatically because of code.
    Make small changes you can rollback easily.
    Iterate ... a lot.
    Learn from failures and success.

<< Cost Optimization >>
- Spend only what you have to ...
    Consumption Base Pricing (Pay what you actually use).
    Measure efficiency (With Cloud Watch).
    Let AWS do the work (mean Use RDS instead of creating own db instance).

<< Reliability Pillar >>
- Will this system is work consistently and recover quickly
    Recover from issues automatically.
    Scale Horizontally first for resiliency.
    Reduce Idle Resources.
      Increase Attack Surface (Extra Vulnerability).
      Extra Cost.
    Manage Change through automation.

<< Performance Efficiency >>
- Remove bottlenecks, reduce waste
    Let AWS do the work (mean Use RDS instead of creating own db instance).
    Reduce Latency through Region and Edge.
    Serverless.
    Experiment as new services are released.
    Think users first not tech stacks.

<< Security >>
- Does system work only as intended ?
    Identities have the least privileges required.
    Know who did what when (CloudTrail).
    Automate security tasks.
    Encrypt data in transit and at rest.
    Prepare for the worst.
	1. Cost Effective Resource selection
	2. Match Supply and demand
	3. Awareness of spend
	4. Optimize

	<< Cost Effective Resource Selection >>
	Provision to current needs with an eye to future.
	Right Sizing.
	Use data to choose purchase option. (on-demand or spot)
	Optimize by Regions, AZ and Edge (global infrastructure)
	Default to managed service.
	Optimize data transfer.

	<< Matching Supply and Demand >>
	Pay only what you need
	Demand based (ec2)
	Buffer based (SQS ,SNS )
	Time Based (Kinesis Stream)

	<< Awareness of spend >>
	Understand your stakeholders.
	Implement the governance model (Cloudwatch metrics)
	Attribute cost to team/project.
	Tagging Strategy AWS Resources.
	Track the lifecycle of resources.

	<< Optimize >>
	Align utilization with requirements.
	Report and validate finding.
	Evaluate the new services for value.
	Continue push to new services.
	1. Prepare (Forecast)
	2. Operate (Automate)
	3. Evolve (Learn)

	<< Prepare >>
	1. Prioritize
	prioritize to align with business priorities.
	What is the business goal.
	What are the critical pieces need to meet that goal?
	Any compliance restrictions and requirements.
	Dependencies between services.
	2. Design
	Design your architecture to support business priorities.
	Is the design observable?
	Is the entire design code (IAC)?
	Are you logs and actionable ?
	3. Readiness
	Workloads ready to go live ?
	Processes consistent?
	Operational code properly managed.
	Test in place?
	Anticipate failure

	<< Operate >>
	1. Operational Health
	Ensure your workloads is actually working
	Metrics indicate health of all services.
	Metrics show overall health.
	Are you monitoring business metrics too?
	2. Responding to events
	Be Ready!
	Anticipate planned and unplanned events.
	Respond in code.
	Automate everything.

	<< Evolve >>
	Learn from success and failure.
	Post event, have runbooks changed ?
	Team evaluating their processes?
	Test assumptions.
	Experiment early.
	Selection - Choice Services
	Review - Make Sure your choice up and running
	Monitoring - Make Sure continue running
	Trade-off - Adjust for Performance

	<< Selection >>
	What type of compute is best suite?
	Which Data Store is best suite?
	Does your network design is complement compute and data store choices?

	<< Review >>
	Is Infrastructure is stored as code?
	Are deployments is simple and automated?
	Can benchmarks be taken automatically?

	<< Monitoring >>
	Use active and passive monitoring where appropriate.
	Understand five phase of monitoring
	Generation, Aggregation, Real-time processing, Storage, Analytics)
	Create actionable metrics.

	<< Trade-off >>
	Will caching help?
	Should you partition or shard your workloads ?
	Can compression improve performance?
	Buffer is option?
	https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/
	https://wellarchitectedlabs.com/
	https://wa.aws.amazon.com/index.en.html
	https://wa.aws.amazon.com/wat.pillars.wa-pillars.en.html
	Limits (default & requested limits)
	Networking (topology, bandwidth and latency)
	Availability (Ensure your application is ready)

	<< Limits >>
	Are you planning beyond limits for a resource?
	Will you scale past specific resource limits?
	Can those limit be lifted?
	Can you plan around those limits ?

	<< Networking >>
	IP Addressing.
	Subnet Structure.
	Resilient Topology.
	Ability to handle sudden increased in traffic.
	Provide consistent performance.

	<< Availability >>
	Can user access your application?
	Deploy without issues?
	Can you push issue to planned downtime?
	Identity and Access
	Detective Controls
	Infrastructure Protection
	Data Protection
	Incident Response

	<< Identity and Access >>
	Who is allowed to do?
	Are you applying "Least privileges" ?
	Deny Root Access and full access.
	Regularly review access and privileges

	<< Detective Controls >>
	capture and analyze logs
	regularly audit control and configuration.
	look for unauthorized and unexpected changes.
	monitor workloads behaviour for abnormalities.

	<< Infrastructure Protection >>
	Establish trust boundaries.
	Protect Network in/out
	Protect all hosts
	Configure service to meet security posture need
	Enforce service level protection.

	<< Data Protection >>
	How sensitive is the data?
	Who should be access, When ?
	Encrypt in transit and at rest.
	Backup

	<< Incident Response ( While under attack ) >>
	Do you have to plan to tag affected resources?
	Adjust permission
	redeploy to recover quickly?
	Did you learn form incident and adjust?
	<< Operational Excellence >>
	- Does your architecture work?
	All operation are code.
	Documents is updated automatically because of code.
	Make small changes you can rollback easily.
	Iterate ... a lot.
	Learn from failures and success.

	<< Cost Optimization >>
	- Spend only what you have to ...
	Consumption Base Pricing (Pay what you actually use).
	Measure efficiency (With Cloud Watch).
	Let AWS do the work (mean Use RDS instead of creating own db instance).

	<< Reliability Pillar >>
	- Will this system is work consistently and recover quickly
	Recover from issues automatically.
	Scale Horizontally first for resiliency.
	Reduce Idle Resources.
	Increase Attack Surface (Extra Vulnerability).
	Extra Cost.
	Manage Change through automation.

	<< Performance Efficiency >>
	- Remove bottlenecks, reduce waste
	Let AWS do the work (mean Use RDS instead of creating own db instance).
	Reduce Latency through Region and Edge.
	Serverless.
	Experiment as new services are released.
	Think users first not tech stacks.

	<< Security >>
	- Does system work only as intended ?
	Identities have the least privileges required.
	Know who did what when (CloudTrail).
	Automate security tasks.
	Encrypt data in transit and at rest.
	Prepare for the worst.