What is a Well-Architected Framework?

The AWS Well-Architected Framework describes key concepts, design principles, and architectural best practices for designing and running workloads in the cloud. By answering a few foundational questions, learn how well your architecture aligns with cloud best practices and gain guidance for making improvements.

The AWS Well-Architected Framework is a tool designed to help you consistently build a secure, high-performance, reliable, and efficient cloud infrastructure.

Why use WAF+ from Infraguard?

The Infraguard WAF+ Feature allows you to conduct Well-Architected Reviews at scale along with the following improvements

  • All new-UI that syncs directly with your existing AWS Workloads with more filters

  • Segregation of multiple accounts from a common dashboard

  • A custom mapping with AWS Config & Trusted Advisor that reduces Time taken per review

  • Scheduled reports to send to various stakeholders 


  • Enable Trusted Advisor (Mandatory).

  • Enable AWS Config for selected regions (Recommended)

  • Go to Aws Config and click on Create. After that select these options (S3 bucket as per requirement)

  • In rules -> select all rules.

  • Click on the next then click review and create it.

Import and Sync AWS account with InfraGuard

  • Login into your InfraGuard account and visit "SECURITY" from the left menu

  • Link for SECURITY: https://app.infraguard.io/securitydashboard

  • Click on Manage accounts

  • Now get CFT to create your role by clicking on "Generate Permissions CFT".

  • You can now go to your AWS account 

  • Search for “Cloud Formation” create a stack and attach this CFT to the CloudFormation service.

  • The stack will generate an IAM role required to grant permissions for InfraGuard to talk to your AWS account

  • Now, head back to InfraGuard and click on "Add account" from the account page

  • Enter the IAM role detail which was created by CFT on AWS and submit 

  • You can select "Set Default" for an account to make it appear by default when you log in to WA from IG. IG will keep the default account synced

  • Now, click on the back button and select "AWS Well-Architected"

Adding Workload

  • Once you are on the Well-Architected page select "Add Workloads"

  • Add Information

  • Can select all regions or select individual regions

  • Give other information and click on next.

  • Select Workload properties among the four lenses presented to you (well architected is selected by default)

  • Now, click on submit

Perform Well-Architected review

  • Select any workload from the list of workloads available

  • Select overview or milestone depending on where you want to start WA from

  • Click Continue 

  • Visit each lens that are selected while creating the workload to get the list of questions related to that lens.

  • These questions can be filtered based on improvement plans

  • Select questions to get the list of options to choose from

  • Click on "i" button next to options to get more details about that question 

  • Click on the Autofill button to get relevant information from the AWS account if available 

  • And click on Suggestions to view the information.

  • Finally, after answering the question click on the save button to sync your changes to AWS WA