AWS Well-Architected Operational Excellence pillar review for Terraform
Last reviewed: 2026-05-27
5+ years AWS engineering · Open-source contributor
Last reviewed: 2026-05-27
The AWS Well-Architected Operational Excellence pillar covers five design principles: performing operations as code, making frequent small reversible changes, refining operations procedures frequently, anticipating failure, and learning from all operational events and failures. This guide maps each principle to Terraform patterns and explains what ArchGuard evaluates in your workload.
The Operational Excellence pillar design principles, as Terraform-aware checks
Five things ArchGuard flags most often in the Operational Excellence pillar
- ·No CloudWatch alarms defined in Terraform — workload health is invisible
- ·AWS Config not enabled — no continuous compliance monitoring or drift detection
- ·SSM Parameter Store not used for configuration — secrets and config in environment variables
- ·No resource tagging strategy — operational ownership and environment labels absent
- ·No termination protection on production RDS and EC2 instances
Further reading
Get an Operational Excellence pillar review of your Terraform
ArchGuard reviews your Terraform against all four Well-Architected pillars and delivers a branded PDF in 24 hours.
See how it works