AWS Well-Architected Framework Review: Pillars & Case Study Results
Achievements:
Contents
- Introduction
- About the Client
- Background
- The Challenge
- Our Approach
- Results
- Client Feedback
- Conclusion
- FAQ
Introduction
Cloud infrastructure is the backbone of modern financial services. But without careful governance, costs can rise unpredictably, vulnerabilities can go unnoticed, and compliance can be put at risk.
This was the situation faced by a London-based financial services provider relying on AWS for mission-critical operations. With legacy systems, aged credentials, and limited visibility into workloads, the company needed clarity and a path to optimization.
Through an AWS Well-Architected Framework Review (WAFR), grounded in the five AWS Well-Architected Framework pillars** — security, reliability, cost optimization, operational excellence, and performance efficiency — Perfsys identified hidden risks, unlocked cost savings, and helped the client strengthen both security and operational efficiency.
About the Client
- Company Name: Financial Services Company (Confidential)
- Founded: 2010
- Headquarters: London, United Kingdom
- Industry: Financial Services / Fintech (Foreign Exchange, International Payments, Treasury Risk Management)
- Company Size: 11–50 employees
- Locations: London (HQ), with presence in Dublin, Ireland
Background
A London-based financial services company provides foreign exchange services to corporates and private clients. Operating in a sector where trust, compliance, and efficiency are non-negotiable, the company depends heavily on AWS infrastructure to run its core services.
But due to staff changes and accumulated legacy systems, the client found themselves in a challenging situation:
- Nobody had a complete picture of how the AWS environment was structured.
- AWS bills were growing unpredictably, without clear explanations.
- Concerns were raised about whether the setup was secure and aligned with best practices.
With compliance, costs, and security at stake, the company turned to Perfsys for help.
The Challenge
The client’s leadership team needed confidence that their AWS environment was well-managed, cost-effective, and secure. Key challenges included:
- Visibility Gap
- Multiple workloads were running, but with little documentation or centralized understanding.
- Legacy maintenance from former staff created “black box” systems.
- Cost Concerns
- AWS bills were rising, but stakeholders lacked a clear understanding of which resources or services were responsible.
- Security & Compliance Risks
- Aged IAM credentials (one access key active for 1198 days).
- Deprecated Lambda runtimes (Node.js 14/16, Python 3.8).
- Lack of automated credential audits or vulnerability management.
- Reliability Gaps
- RDS backups not encrypted.
- Service quotas not actively monitored, risking sudden outages.
- Some Lambda functions with timeouts set to 900 seconds, leading to potential inefficiencies and risks.
Our Approach
To give the client clarity and confidence, Perfsys recommended an AWS Well-Architected Framework Review (WAFR) — a structured audit across the AWS Well-Architected Framework pillars, focusing on security, reliability, and cost optimization.
Step 1: Structured Review
- Evaluated 24 of 57 Well-Architected questions, focusing on security, reliability, and cost optimization.
- Collected data from AWS Well-Architected Tool, Inspector, and Trusted Advisor.
Step 2: Vulnerability Scanning
- Performed a deep-dive with Amazon Inspector, uncovering 20+ critical vulnerabilities, including remote code execution flaws in Windows and Chromium.
- Created a risk map to prioritize fixes based on exploitability and business impact.
Amazon Inspector – Critical Findings by Workload
The scan identified 64 critical vulnerabilities across EC2 instances, several outdated AMIs, and multiple Lambda functions running deprecated runtimes.
Amazon Inspector – Findings Overview and Remediation Paths
Inspector provided full visibility with 3,865 findings, including 207 with public exploits available, and recommended risk-based remediations for critical packages.
Step 3: Immediate Remediation
- Security: Rotated long-lived IAM credentials, enabled IAM Access Analyzer, and implemented vulnerability management workflows.
- Compute & Costs: Enabled AWS Compute Optimizer to identify under- and over-provisioned resources. The analysis revealed rightsizing opportunities in ECS services on Fargate, with an estimated 41% monthly savings ($16.99 USD) if optimized. Compute Optimizer also flagged under-provisioned Lambda func tions, balancing savings with performance improvements.
AWS Compute Optimizer report showing rightsizing opportunities and estimated monthly savings. - Reliability: Recommended encryption for RDS backups, activated Trusted Advisor quota alerts, and identified reliability risks in Lambda configurations.
Step 4: Additional Recommendations
- Upgrade Lambda runtimes to supported versions.
- Require EC2 IMDSv2 for stronger instance metadata security.
- Fix FSx domain connectivity issues with Microsoft AD.
- Enable AMI deregistration protection to prevent accidental deletions.
Want to uncover hidden risks and save on AWS costs?
Our experts can guide you through an AWS Well-Architected Framework Review tailored to your workloads.
Results
By remediating the most urgent risks, Perfsys delivered both immediate benefits and long-term clarity:
- As a direct outcome of the AWS Well-Architected Framework Review, the client secured $5,000 in AWS credits, improved compliance, and gained clear visibility into future cost optimization opportunities.
- Improved cloud security posture, validated by vulnerability scanning and IAM hardening.
- Clear cost optimization path: Compute Optimizer surfaced 41% potential savings on ECS Fargate workloads, quantifying both immediate ($16.99/month) and longer-term savings opportunities.
- Compliance alignment: stronger credential management, encryption of backups, and proactive quota monitoring.
- Confidence restored: the client’s leadership gained full visibility into how their infrastructure worked and how to manage it going forward.
Client Feedback
The CTO shared their experience in a verified Clutch review:
“The team was very methodical and delivered within their set timelines. Thanks to Perfsys’ efforts, we were able to improve our cloud security posture and solve existing issues. The efficiency and expertise they demonstrated were impressive.”
— CTO, Financial Services Company, London (Clutch Review, Feb 2025)
The client awarded Perfsys 5.0 out of 5 across all categories: quality, schedule, cost, and willingness to refer.
Conclusion
This project illustrates how Perfsys helps organizations facing staff changes, legacy complexity, and rising AWS costs. By applying the AWS Well-Architected Framework Review, we:
- Exposed and remediated hidden risks.
- Brought clarity to cloud operations.
- Unlocked financial credits and cost optimization opportunities.
- Built a roadmap for secure, compliant, and resilient AWS operations.
This case study demonstrates how an AWS Well-Architected Framework Review helps financial services organizations transform uncertainty into confidence, while aligning with the AWS Well-Architected Framework pillars of cost optimization, security, and reliability.
FAQ
What is an AWS Well-Architected Framework Review?
An AWS Well-Architected Framework Review (WAFR) is a structured assessment of your cloud workloads against best practices defined by AWS. It helps organizations identify risks, optimize costs, and improve security and reliability. By completing a review, companies gain visibility into their infrastructure and receive actionable recommendations to align with AWS standards.
What are the AWS Well-Architected Framework pillars?
The AWS Well-Architected Framework pillars are the five foundational categories AWS defines for building secure, efficient, and resilient cloud systems:
- Security – protecting systems, data, and workloads.
- Reliability – ensuring workloads function correctly and consistently.
- Cost Optimization – avoiding unnecessary expenses and maximizing efficiency.
- Operational Excellence – running and monitoring systems effectively.
- Performance Efficiency – using IT and computing resources efficiently.
Every AWS Well-Architected Framework Review evaluates workloads against these pillars to uncover strengths, risks, and opportunities for improvement.
What benefits can a company expect from an AWS Well-Architected Framework Review?
Typical benefits include:
- Reduced cloud costs through workload rightsizing and better resource management.
- Strengthened security by eliminating vulnerabilities and improving access controls.
- Greater compliance readiness, particularly in regulated industries like finance and healthcare.
- Operational efficiency gains through automation and monitoring.
- Potential to earn AWS service credits when high-risk issues are remediated.
How can Perfsys help with AWS Well-Architected Framework Reviews?
Perfsys is an AWS Advanced Consulting Partner specializing in Well-Architected Framework Reviews. Our team can:
- Perform a structured review across all five AWS Well-Architected Framework pillars.
- Identify and remediate high-risk issues, helping you qualify for AWS service credits.
- Provide actionable recommendations for cost optimization, security improvements, and reliability enhancements.
- Implement automation and monitoring tools to save engineering time and reduce manual effort.
- Support compliance for regulated industries by aligning your infrastructure with AWS best practices.
AWS Experts, On-Demand
Need to move fast? Our cloud team is ready to scale, secure, and optimize your systems. Get serverless expertise, 24/7 support, and seamless CI/CD pipelines when you need it most.
Other case studies
