Automating AWS Well-Architected Tool Using Scan Findings

[honneyk]

Hi everyone,

I’m currently working on a project to automate the creation and management of AWS Well-Architected Tool workloads. I’ve automated answering the Security pillar questions in the AWS Well-Architected Tool by mapping findings from Prowler security scans. Currently, my automation covers only this pillar.
I want to extend this to cover the other pillars — namely Reliability, Performance Efficiency, Cost Optimization, and Operational Excellence .

I’m looking for advice or best practices on:
Efficient ways to map scan findings to AWS Well-Architected questions across different pillars
Tools or APIs that can help integrate these findings seamlessly
How can these findings be effectively mapped to the corresponding Well-Architected Tool questions?

Any pointers, example code, or references would be highly appreciated!

Thanks in advance!!.

[HugoPBrito]

Hi @honneyk,

We only support compliance for the Security and Reliability pillars, as that’s what our security platform is designed for. Nevertheless, you can use these as references to understand the mapping and creating new ones, as to automate what you’re asking, the simplest approach is to create new compliances for the other pillars following a similar method.

The process is mostly manual and based on studying the required specifications and what the checks verify to identify relation patterns. You can use AI tools to help map existing checks to those pillars. You can also develop specific checks if they don’t exist for the requirements you need. For that, you can follow the developer guide, that includes guides on how to create a compliance and how to create new checks, and a lot more.

I hope this answers your questions. Feel free to reach out again if you need anything else.