I would be interested in knowing the riskRules (not rating) for all 6 Well-Architected Framework Pillars



I would like to know the riskRules for each question of the 6 Well-Architected Framework Pillars. When executing a WAFR, you have to answer multiple multiple questions. For example:

  • SEC 1. How do you securely operate your workload?
  • REL 1. How do you manage service quotas and constraints?
  • and many more

Each of these questions contain tickboxes which are called "best practices". These best practices are categorised in 3 categories:

  • Low
  • Medium (MRI)
  • High (HRI)

When answering the questions, something called "riskRules" will decide whether your question will be a HRI or MRI. When solving issues and hence checking more best practices boxes in your question, your HRI could become a MRI. This will be shown in the Well-Architected dashboard and you can use this to keep track of your progress.

I would like to build some automation around the Well-Architected tool and when I did my research I found that you can define your own riskRules if you are creating a Custom Lens. You can see how that works over here: https://docs.aws.amazon.com/wellarchitected/latest/userguide/lenses-format-specification.html#lenses-format-risk-rules.

This made me think that I would like to know what the riskRules are on the questions that are part of the 6 pillars. I can use this information in deciding which best practices need to be solved in order to go from a HRI to a MRI.

Is there anyone out there who can provide me with this information? Thank you in advance!

Kind regards, Enri Peters

1 Answer


You can find risk ratings in AWS Well-Architected Framework document next to the best practices. Unfortunately, not the easiest to use programmatically, but at least you can get started.

Best regards, Timo Tapanainen

Enter image description here

answered 2 years ago
  • Thank you for your answer, it's much appreciated. I actually was already aware of this, but this is not what I am looking for. Allow me to explain why not.

    Whenever a best practice is categorised as HRI it does not mean the Well-Architected tool will also see it as an individual HRI.

    For example, it could be that you have to fix 2 or maybe 3 HRI for a best practice to be overall not longer marked as a HRI by the dashboard / tool.

    See https://docs.aws.amazon.com/wellarchitected/latest/userguide/lenses-format-specification.html#lenses-format-risk-rules.

    So it comes down to that the HRI's the dashboard is showing are based on some risk rules that are applied on the questions that you answer.

    What I am looking for are those riskRules for all questions of the 6 existing pillars.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions