AWS Well-Architected - AWS Audit Manager

AWS Well-Architected

AWS Audit Manager provides a prebuilt framework that structures and automates assessments for the AWS Well-Architected Framework, based on AWS best practices.

What is AWS Well-Architected?

AWS Well-Architected is a framework that can help you to build secure, high-performing, resilient, and efficient infrastructure for your applications and workloads. Based on six pillars—operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability—AWS Well-Architected provides a consistent approach for you and your partners to evaluate architectures and implement designs that can scale over time.

Using this framework to support your audit preparation

You can use the AWS Well-Architected Framework to help you prepare for audits. This framework describes the key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. Out of the six pillars that AWS Well-Architected is based on, the security and reliability pillars are the pillars that AWS Audit Manager offers a prebuilt framework and controls for. You can also customize this framework and its controls to support internal audits with specific requirements.

Using the framework as a starting point, you can create an Audit Manager assessment and start collecting evidence that’s relevant for your audit. After you create an assessment, Audit Manager starts to assess your AWS resources. It does this based on the controls that are defined in the AWS Well-Architected Framework. When it's time for an audit, you—or a delegate of your choice—can review the collected evidence and then add it to an assessment report. You can use this assessment report to show that your controls are working as intended.

The AWS Well-Architected Framework details are as follows:

Framework name in AWS Audit Manager Number of automated controls Number of manual controls Number of control sets AWS services in scope
AWS Well-Architected Framework




AWS Config

The controls in this framework aren't intended to verify if your systems are compliant. Moreover, they can't guarantee that you'll pass an audit that's associated with the AWS Well-Architected Framework.

You can find this framework under the Standard frameworks tab of the Framework library in Audit Manager.

For instructions on how to create an assessment using this framework, see Creating an assessment.

When you use the Audit Manager console to create an assessment from this standard framework, the list of AWS services in scope is selected by default and can’t be edited. This is because Audit Manager automatically maps and selects the data sources and services for you. This selection is made according to the requirements of the AWS Well-Architected Framework. If you need to edit the list of services in scope for this framework, you can do so by using the CreateAssessment or UpdateAssessment API operations. Alternatively, you can customize the standard framework and then create an assessment from the custom framework.

For instructions on how to customize this framework to support your specific requirements, see Customizing an existing framework and Customizing an existing control.

More AWS Well-Architected resources