What is the AWS Well-Architected Framework?Using this framework Next steps Additional resources

AWS Well Architected Framework WAF v10

AWS Audit Manager provides a prebuilt standard framework that supports the AWS Well-Architected Framework v10.

Topics

What is the AWS Well-Architected Framework?
Using this framework
Next steps
Additional resources

What is the AWS Well-Architected Framework?

AWS Well-Architected is a framework that can help you to build secure, high-performing, resilient, and efficient infrastructure for your applications and workloads. Based on six pillars—operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability—AWS Well-Architected provides a consistent approach for you and your partners to evaluate architectures and implement designs that can scale over time.

Using this framework

You can use the AWS Well-Architected Framework to help you prepare for audits. This framework describes the key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. Out of the six pillars that AWS Well-Architected is based on, the security and reliability pillars are the pillars that AWS Audit Manager offers a prebuilt framework and controls for. You can also customize this framework and its controls to support internal audits with specific requirements.

Using the framework as a starting point, you can create an Audit Manager assessment and start collecting evidence that’s relevant for your audit. After you create an assessment, Audit Manager starts to assess your AWS resources. It does this based on the controls that are defined in the AWS Well-Architected Framework. When it's time for an audit, you—or a delegate of your choice—can review the evidence that Audit Manager collected. Either, you can browse the evidence folders in your assessment and choose which evidence you want to include in your assessment report. Or, if you enabled evidence finder, you can search for specific evidence and export it in CSV format, or create an assessment report from your search results. Either way, you can use this assessment report to show that your controls are working as intended.

The framework details are as follows:

Framework name in AWS Audit Manager	Number of automated controls	Number of manual controls	Number of control sets
Amazon Web Services (AWS) Well Architected Framework (WAF) v10	41	293	6

Important

To ensure that this framework collects the intended evidence from AWS Security Hub, make sure that you enabled all standards in Security Hub.

To ensure that this framework collects the intended evidence from AWS Config, make sure that you enable the necessary AWS Config rules. To review the AWS Config rules that are used as data source mappings in this standard framework, download the AuditManager_ConfigDataSourceMappings_AWS-Well-Architected-Framework-WAF-v10.zip file.

The controls in this framework aren't intended to verify if your systems are compliant. Moreover, they can't guarantee that you'll pass an audit.

You can find this framework under the Standard frameworks tab of the framework library in Audit Manager.

Next steps

For instructions on how to create an assessment using this framework, see Creating an assessment in AWS Audit Manager.

For instructions on how to customize this framework to support your specific requirements, see Making an editable copy of an existing framework in AWS Audit Manager.

Additional resources

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS Operational Best Practices

CCCS Medium Cloud Control Profile