AWS WAFR Automation: An Open-Source Solution for Efficient Well-Architected Framework Reviews

by | Mar 3, 2025 | Blogs

Featured Image for Article on AWS WAFR - Well Architected Framework Review

What is a WAFR?

A Well-Architected Framework Review (WAFR) is a process defined by AWS to evaluate and improve cloud workloads based on five key pillars: Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization. This review helps organizations ensure their cloud infrastructure adheres to AWS best practices.

About the WAFR Automation Tool

The AWS Well-Architected Framework Review (WAFR) Automation Tool simplifies the review process by automating tasks such as checklist creation, documentation, and progress tracking. It reduces manual effort, allowing teams to focus on actionable improvements while ensuring compliance with AWS standards.

Background – Why We Built This Tool

TrackIt developed the AWS Well-Architected Framework Review (WAFR) Automation Tool to address challenges organizations face during reviews, which are essential for maintaining efficient cloud environments but often time-consuming and repetitive.

Key challenges include:

  • Time-Consuming Preparation: Gathering data and conducting analyses takes hours.
  • Complex Documentation: Documenting findings and recommendations can be inconsistent.
  • Repetitive Tasks: Manual steps divert focus from higher-priority activities.

The WAFR Automation Tool streamlines the review process by automating checklist creation, progress tracking, and documentation, ensuring comprehensive and efficient reviews while reducing manual effort.

Existing Solutions

There are several tools available for conducting AWS Well-Architected Framework Reviews (WAFRs), but often have limited functionality or are cost prohibitive for some organizations. Below is an assessment of some common solutions and their limitations.

AD 4nXfvLwhQZ k3jEkpz NY1yrInGHRwCowqBDJTJabPqMs dAjvmb379qGrLNZ2Cqr77wKlxBDFlW5k8iQeuvLpghkri6wJ zPG73Y3s4sQTG1igwBse6yfFfeG0u WARWhdVE00j0

Features and Capabilities

The AWS WAFR Automation Tool by TrackIt automates key processes to simplify AWS Well-Architected Framework Reviews (WAFRs). It uses modern cloud services and third-party tools to provide a secure, efficient, and streamlined approach to conducting reviews.

Key Features

  • Review Setup: Users input their AWS credentials and specify the review scope through a dashboard. This automates data gathering and review preparation.
  • Checklist Management: Automated checklists are created based on AWS best practices across the five framework pillars—Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization—ensuring consistency and thoroughness.
  • Documentation and Reporting: The tool automatically generates organized reports with findings, recommendations, and insights, reducing manual effort.

Technical Details

  • Data is securely transferred via an Amazon API Gateway, which triggers AWS Lambda functions to manage EC2 instances. These instances run tests to identify gaps or inefficiencies, storing results in a secure S3 database.
  • Open-source tools such as Prowler and Cloud Custodian scan AWS environments for security gaps, misconfigurations, and inefficiencies. Amazon Bedrock’s AI maps the results to relevant framework questions, offering actionable insights aligned with AWS best practices.
  • Results are sent back to the dashboard, where users can easily review and interact with them.

Security

All user credentials are encrypted during transfer and used only for the duration of the review, minimizing exposure and ensuring privacy. The tool reduces the complexity and time required for WAFRs while maintaining high security and compliance standards.

Solution Architecture

The AWS WAFR Automation Tool is built with a scalable cloud-native architecture hosted on AWS, providing seamless access and interaction through a web-based dashboard. Below is a detailed breakdown of the system’s workflow:

  1. Dashboard: Users access the tool through a web dashboard. After logging in with their AWS account, they select the scope of their review and start a scan.
  2. API Gateway: When users initiate the scan, the dashboard sends a request to Amazon API Gateway, which securely manages communication between the dashboard and backend services.
  3. Step Function: API Gateway triggers an AWS Lambda function that starts an AWS Step Function, organizing and managing the scanning process step by step.
  4. EC2 Instances: Lambda launches Amazon EC2 instances. These instances run tools such as Prowler and Cloud Custodian to scan different parts of the AWS environment based on the Well-Architected Framework.
  5. Mapping Findings with Amazon Bedrock: After the scans, the results are sent to Amazon Bedrock, where AI processes the findings and maps them to relevant questions in the AWS Well-Architected Framework. This makes the results more understandable and relevant.
  6. Storing Results: The processed data is stored securely in Amazon DynamoDB, ensuring fast and efficient access for later review.
  7. Viewing Results: Users can view the results through the web dashboard. The dashboard sends a request to API Gateway, which retrieves the data from DynamoDB and presents it in an easy-to-read format.

AD 4nXcqhnvi22lo8EiNWQhG5xig WEDoHxVLys0DKDwVIlF6DicZ8QHVz9LXpzWT7mGSr1H6jZeA4ZUbm3qGyI3qFmyEvy7iqvSc2vhCPRlFJrRPGokEFiFINLiqEmPfHeyutih Ptm9w

Solution Architecture

Dashboard

AD 4nXcu2oKzEnxtJx PHG Hgu1rwNc7HjzJYduMVLhnaFD FD9QZx zhxGxsazwjMTTJTpPoZWfUlePiHeDbuPDDwEW0ZKKWWADJWUK1YDeF GNP6fhngs0mQ5LWUbBRTqaBO

The dashboard presents the findings in a clear, structured way based on the AWS Well-Architected Framework. 

  • Questions and Findings: Each framework pillar is displayed on the dashboard with related questions. Alongside each question, users can see the best practices and the number of findings linked to each answer.
  • Interactive Findings: Users can click on the number of findings next to each answer to view more details. This includes a description of the issue and its severity level.

This interactive setup helps users quickly identify and focus on areas that need attention while understanding the impact of each issue.

Customization and Extensibility

The AWS WAFR Automation Tool is designed to be flexible and customizable to fit different needs:

  • Custom Parameters: Modify review scopes, select specific AWS accounts or regions, and tailor the review process to fit your architecture.
  • Third-Party Integration: Support for additional solutions, enabling integration with preferred security or compliance tools for more in-depth analysis.
  • Open-Source Code: As an open-source project, it allows developers to customize functionality, add features, or integrate with external systems like CI/CD pipelines, ticketing systems, or compliance platforms.

Benefits

The AWS WAFR Automation Tool offers a range of benefits that streamline the Well-Architected Framework Review process, making it an invaluable resource for organizations aiming to optimize their cloud environments.

  • Time Efficiency: Automating key review steps significantly reduces the time required to conduct and document WAFRs. Engineers can focus on addressing findings and implementing improvements instead of spending hours on repetitive tasks.
  • Consistency and Standardization: Reviews align with AWS Well-Architected Framework standards, eliminating variability from manual processes. It enforces a uniform review structure, improving the quality and reliability of every review.
  • Improved Reporting and Insights: Automated reporting generates clear, actionable insights for each AWS Well-Architected Framework pillar, providing stakeholders with comprehensive documentation and recommendations without manual compilation.
  • Cost Savings: Reducing manual effort lowers operational overhead and optimizes resource use, allowing engineering teams to focus on high-priority tasks, resulting in cost efficiency.
  • Easy Deployment: Deployment is straightforward with Terraform templates and AWS CloudFormation scripts, enabling quick setup with minimal downtime and smooth integration into cloud environments of any size.

Next Steps

To get started with automating your Well-Architected Framework Reviews, we recommend scheduling a meeting with TrackIt. Our team will guide you through the setup and help tailor the review process to fit your specific needs.

About TrackIt

TrackIt is an international AWS cloud consulting, systems integration, and software development firm headquartered in Marina del Rey, CA.

We have built our reputation on helping media companies architect and implement cost-effective, reliable, and scalable Media & Entertainment workflows in the cloud. These include streaming and on-demand video solutions, media asset management, and archiving, incorporating the latest AI technology to build bespoke media solutions tailored to customer requirements.

Cloud-native software development is at the foundation of what we do. We specialize in Application Modernization, Containerization, Infrastructure as Code and event-driven serverless architectures by leveraging the latest AWS services. Along with our Managed Services offerings which provide 24/7 cloud infrastructure maintenance and support, we are able to provide complete solutions for the media industry.

Schedule Your Meeting with TrackIt