Establishing Enterprise Architecture on AWS
AWS Whitepaper

Enterprise Architecture Tenets

Enterprise architecture tenets are general rules and guidelines that inform and support the way in which an organization sets about fulfilling its mission. They are intended to be enduring and seldom amended.

You should use tenets to guide your architecture design and cloud adoption. Tenets can be used through the entire lifecycle of an application in your IT landscape—from conception to delivery—and to support ongoing maintenance and continuous releases. Tenets are used in application design and should guide application governance and architectural reviews.

We highly recommend creating cloud-based tenets to guide you in creating applications and workloads that will help you realize and govern your enterprise’s target landscape and business vision.

Examples of tenets might be:

Maximize Cost Benefit for the Enterprise

A cost-centric tenet encourages architects, application teams, IT stakeholders, and business owners to always consider the cost effectiveness of their workloads. It encourages your enterprise to focus on projects that differentiate the business (value), not the infrastructure. Your enterprise should examine capital expenditure and operational expenditure for each workload. It will result in customer-centric solutions that are most cost effective. These savings benefit both your organization and your customers.

Business Continuity

A business continuity tenet informs and drives the non-functional requirements for all current and future workloads in your enterprise. The geographic footprint and wide range of AWS services supports the realization of this tenet. The AWS Cloud infrastructure is built around AWS Regions and Availability Zones. Each AWS Region is a separate geographic area. Each Region has multiple, physically separated, and isolated locations know as Availability Zones. Availability Zones are connected with low latency, high throughput, and highly redundant networking.

This tenet guides the architecture and application teams to leverage the reliability and availability of the AWS Cloud.

Agility and Flexibility

This tenet enforces the need for all applications to be future proof.

In a cloud computing environment, new IT resources are only ever a click away, which means you reduce the time it takes to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for your organization, since the cost and time it takes to experiment and develop is significantly lower.

Being flexible and agile also mean that your enterprise responds rapidly to business requirements as customer behaviors evolve. The AWS Cloud enables teams to implement continuous integration and delivery practices across all development stages. DevOps, DevSecOps, and methodologies such as Scrum become easier to set up. Teams can quickly compare and evaluate architectures and practices (e.g., microservices and serverless) to determine what solution best fits enterprise needs.

Cloud First Strategy

Such a tenet is key to an organization that wishes to migrate to the cloud. It prescribes that new applications should be in the cloud. This governance prohibits the deployment of new applications on non-approved infrastructure. Architectural and review boards can closely examine why a workload should be granted an exception and not deployed in the cloud.

All Users, Services, and Applications Belong in an Organizational Unit

An enterprise may use this tenet to ensure that its target landscape reflects the enterprise’s organizational structure. It mandates that all cloud activities belong in an AWS organizational unit, which lets your enterprise govern the business vision globally but gives autonomy when necessary to various local business units.

Security First

This tenet describes the security values of the organization. For example, Data is secured in transit and rest, or All infrastructure should be described as code, or All workloads are approved by the security organization, etc.

Using this tenet, your architecture team can determine what level of trust they have in the cloud. Enterprises vary from zero trust to total trust. In a zero trust scenario, the enterprise would control all encryption keys, for example. They would decide to use customer-managed keys with AWS Key Management Service. They would manage key rotation themselves and store the keys in their own hardware security module (HSM). In a total trust scenario, the enterprise would choose to allow AWS to manage the encryption keys and key rotation. They would also choose to use AWS CloudHSM. AWS can support your enterprise in both zero trust and total trust scenarios.

The security tenet guides you in deciding where your enterprise is at on that scale.

Tenets should be used to guide architectural design and decisions that drive the target landscape in the cloud. They provide a firm foundation for making architecture and planning decisions, for framing policies, procedures, and standards, and for supporting resolution of contradictory situations. Tenets should also be heavily leveraged during the architectural review phases of applications and workloads before they go live, to ensure the correct target landscape is being realized.