The Well-Architected Tool is a new AWS service that compares the state of your workloads with AWS architectural best practices. Splunking your workload state and improvement recommendations will give you better insights into your applications as well as best practices to follow along your cloud journey.
The Well-Architected integration in Grand Central will give you workload insights broken down by the following 5 pillars:
- Operational Excellence
- Performance Efficiency
- Cost Optimization
Let's get started by setting up an account in AWS with the following IAM Policy:
Next ensure that you have at least one workload and associated milestone created in the AWS-Well Architected Console.
Splunk Setup Overview
- Download the Grand Central App for Splunk from Splunkbase.
- Add your AWS Organizations Master Account to Grand Central.
- List Workloads.
- List Lens Review Improvements.
- Send to Splunk.
- Well Architected Reports Dashboard.
Downloading from Splunkbase
Grand Central can be found here.
Adding a Master Account
Let’s start by adding your master account that you just created. Navigate to Amazon Web Services > Grand Central Accounts, under the "Configure Data Sources" tab.
Make sure to put your AWS Account ID (Numbers only) in the first field. The second field can be a string that you will use to identify the account. Finally, select your Cloud Account Type, the Access and Secret Key.
With your Master listing account added, your console should look something like this:
Now that our AWS account is setup, we can move to Workloads under the "Well Architected Tool" tab:
Click on the "Update Workloads from AWS" button. This will display your workloads in the table:
List Lens Review Improvements
Click the "List Lens Review Improvements" button in the actions dropdown for your desired workload:
Select your desired lens and click submit. You will now be redirected to the Improvement Summaries Analyzer page where you can view your improvement summaries and risk level by pillar:
Send to Splunk
We can now view our improvement summaries in Splunk. One of the last steps is to send our improvements data to a Splunk index. On the top right of the page click Ingest into Splunk. Select your desired Index and click Ingest into Splunk. If you got a success notification, you can now view your data in search.
After moving to the Search tab, you can validate your data made it to the desired index by filtering by index and sourcetype:
Grand Central comes with a Well Architected Reports Dashboard (found under the Well Architected Tool tab) as a way to better understand your data. It consists of visualizations breaking down the risk levels by pillar, risk trends over time, and links to improvement plans. Now that your improvement summary data is in Splunk, we encourage you to make your own dashboards tailored to your needs.