How To

Accelerate your AWS Well-Architected assessments with Steampipe

Now consulting partners can more effectively run assessments, customize their results, and collaborate with clients.

Bob Tordella
6 min. read - Apr 25, 2023

The AWS Well-Architected Framework is a set of best practices and guidelines designed to help customers build and maintain secure, high-performing, resilient, and efficient infrastructure. The framework rests on six pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Sustainability, and Cost Optimization. Each pillar encompasses a set of design principles and best practices, empowering organizations to create a solid foundation for their cloud workloads.

Consulting partners play a vital role in the AWS Well-Architected Partner program by helping customers evaluate their architectures and identify areas for improvement. These partners are trained and certified to conduct assessments using the Well-Architected Framework. With their extensive knowledge of the Well-Architected Framework, they can:

  • Provide expert advice on best practices and improvements, ensuring that clients' workloads are optimized for performance, security, and cost.

  • Conduct thorough assessments of existing architectures, identify potential issues, and recommend solutions.

  • Help clients prioritize and implement changes that will have the most significant impact on their workloads, ensuring that workloads are optimized and future-proofed.

  • Offer ongoing support to ensure that clients' architectures remain aligned with the Well-Architected Framework as their workloads evolve.

There are tools available to help consulting partners assess client environments. For example, the AWS Well Architected Tool provides a questionnaire service to document answers to questions, then save and track results. But few such tools enable partners to run assessments and customize outputs to meet clients' needs for better visibility into cloud inventory, configurations, and compliance with best practices. And until now, none have been open-source tools that enable consultants to not only modify queries and reports, but also contribute enhancements that improve the tool for everyone.

Steampipe is a game-changer for AWS Well-Architected assessments

Steampipe is an open-source platform that enables you to query and report on cloud resources using SQL. The AWS Plugin enables you to use SQL to query your AWS infrastructure. AWS Insights provides 137 dashboards, driven by 1,400 pre-built queries, to visualize your infrastructure using tables, charts, and relationship graphs. AWS Compliance provides 23 benchmarks, driven by over 700 controls, to ensure that your AWS environments adhere to industry best practices and regulations. AWS Perimeter looks for publicly-accessible resources; AWS Tags evaluates tagging compliance; AWS Thrifty finds ways to cut costs.

Now the new Well-Architected mod expands coverage for consulting partners in the AWS Well-Architected Partner program. With initial focus on the security and reliability pillars, it streamlines the assessment process and provides targeted recommendations based on the AWS Well-Architected Framework.

Key highlights:

  • Quick, ready-to-use controls that accelerate the assessment.

  • Interactive and flexible dashboards for both terminal and browser-based analysis.

  • An extensible ecosystem of thousands of controls and hundreds of dashboards that can be customized to suit clients' needs.

  • The ability to edit queries, controls, and dashboards, to create a tailored assessment experience.

  • Seamless integration with Steampipe Cloud to centralize assessment and collaborate with clients.

Get started with Steampipe for AWS Well-Architected assessments

Here’s how to get started with the Steampipe AWS Well-Architected mod.

Install Steampipe

If you haven't already, install Steampipe by following the directions for macOS, Linux, or Windows.

For macOS, run:

brew install turbot/tap/steampipe

Install the AWS Plugin

Run the following command in your terminal to add the plugin:

steampipe plugin install aws

Configure the AWS plugin

Follow the configuration guide to set up your AWS connection. Note: By default, Steampipe will resolve your region and credentials using the same mechanism as the AWS CLI (AWS environment variables, default profile, etc). This provides a quick way to get started with Steampipe, but you will probably want to customize your experience using configuration options for querying multiple regions, configuring credentials from your AWS Profiles, SSO, or aws-vault.

Install the AWS Well-Architected mod

git clone https://github.com/turbot/steampipe-mod-aws-well-architected.git
cd steampipe-mod-aws-well-architected
steampipe mod install

Note: steampipe mod install will automatically install the AWS Compliance mod which shares common controls with this mod.

Before running any benchmarks, it's recommended to generate your AWS credential report:

aws iam generate-credential-report

Visualize your Well-Architected Assessments

For an interactive dashboard experience, start the Steampipe dashboard server:

steampipe dashboard

Then visit http://localhost:9194 to run benchmarks. Here's an example of the Security Pillar benchmark:

When viewing the benchmark, you can expand sections to drill into the results, or click the save icon to download the data to CSV. From there you can filter rows with status alarm, and group resources by section or accounts.

You can also use steampipe check to run benchmarks anywhere — in a container, a CI/CD pipeline, a cloud shell — and export the results to various output formats (CSV, JSON, ASFF, custom formats) for review.

Embrace the future of AWS Well-Architected assessments

Steampipe offers a powerful, flexible, and open-source solution for consulting partners in the AWS Well-Architected Partner program. Partners can accelerate their assessments, gain deeper insights into their clients' environments, and provide tailored recommendations based on the Well-Architected Framework.

Don't miss the opportunity to elevate your AWS Well-Architected assessments and streamline your consulting practice. Get started with Steampipe, and help your clients build and maintain secure, efficient, and reliable AWS environments. Then visit Steampipe Slack community and tell us how it goes.