wa-review

# Well-Architected Review ## Step 1: Define the workload scope Ask the user to describe the workload: > What workload would you like me to review? Please share: > - **Workload name** and brief description > - **Architecture diagram or description** (services, data flows, integrations) > - **Business criticality** (revenue-generating, internal tool, compliance-sensitive, etc.) > - **Current pain points** (optional — anything you already know is problematic) If the user has already provided architecture details, skip the prompt and proceed. ## Step 2: Identify applicable lens Determine if a specialized WA Lens applies: - SaaS, Serverless, Data Analytics, Machine Learning, IoT, SAP, Games, Financial Services, Healthcare, etc. If a lens applies, note it and incorporate lens-specific questions in the review. ## Step 3: Evaluate each pillar For each of the six pillars, assess the workload against key best practices: ### Operational Excellence - How are changes deployed? (CI/CD, IaC, rollback strategy) - How is the workload monitored? (metrics, alarms, dashboards) - How are operational events handled? (runbooks, on-call, post-incident reviews) - Is there a continuous improvement process? ### Security - How are identities and permissions managed? (IAM, least privilege, federation) - How is data protected? (encryption at rest/transit, key management) - How are security events detected and responded to? (GuardDuty, Security Hub, incident response) - Is network segmentation i...