Well-Architected Workloads

💡

Note: Currently only the AWS Well-Architected Framework is supported.

Plerion allows the user to create a Well-Architected Workload from within the Platform. Once created the user can manage their Well-Architected Workload from within the platform, as well as allow Plerion to automatic fill the workload answers with findings from an associated Asset Group.

AutoFill

💡

Note: Currently Plerion limits the number of Workloads that can be created with AutoFill enabled to 20. Please contact support for more information.

Plerion will automatically fill the answers for the Well-Architected Workload if the Workload has 'AutoFill' enabled. Disabling this will mean that Plerion will not automatically fill your Workload with answers for you.

Once a Workload is created in order for the answers to be automatically filled the Plerion Engine must be run for the associated Asset Group. If for instance your Asset Group is isolated to one Plerion AWS Integration then the Plerion Engine must be run for that integration, or if the Asset Group is associated to many integrations then each of those integrations must be run. This is because the Plerion Well-Architected system relies on your latest findings to fill the answers. As an integration run occurs daily by default the Workload's answers will be updated daily.

To disable 'AutoFill' for a Workload, navigate to the Workload and click on the 'Edit' button. From the 'Edit Workload' page, you can disable 'AutoFill' by toggling it off. By default, 'AutoFill' is enabled for a Workload.

Disabling AutoFill

How does Plerion decide what answers to fill?

On Plerion, each Well-Architected question is linked to several answers (or 'choices'). These choices are listed in the Lens Table on your Well-Architected workload page.

Each choice matches an answer of the same name under the same question and pillar in the AWS Well-Architected Framework. When the Plerion Engine runs for your Asset Group, it evaluates the answer based on the following criteria:

  1. If all findings for a choice are passed/exempted: Check answer
  2. If at least one finding is passed/exempted and the rest are undefined: Check answer
  3. If all findings are failed: Uncheck answer
  4. If at least one finding is failed and the rest are undefined: Uncheck answer
  5. If there are mixed results (some failed, and some passed/exempted, and some undefined): Uncheck answer

Lens Table

In the above example you can see that SEC 3. How do you manage permissions for people and machines? will have its answer 'Grant least privilege access' checked because its 2 associated detections have no failed findings, thus the answer is checked.

FiltersCreating A Well-Architected Workload