Configure workload updates

Updating workloads

The AWS WA Tool should be the source of truth for information related to workload risks. After new best practices are implemented for a workload, it is important to reflect this by updating the workload on the AWS WA Tool. In this section, you will expand the solution to include automated updates to the workload when best practices are implemented.

2.1 Create and configure Lambda function

You will create a Lambda function that will be invoked using SNS whenever a Well-Architected OpsItem is resolved. The function will update the workload on the AWS WA Tool to reflect the implementation of the best practice and also update the workload state in the DynamoDB table. Click here to view the Lambda function code for automating workload updates.

  1. Download the Lambda function package
  2. Navigate to the AWS Lambda console and select Create function.
  3. Choose the option to Author from scratch and enter wa-update-workload for the function name. Select Python 3.9 as the runtime.
  4. Under Permissions, expand Change default execution role. Choose Use an existing role and select wa-risk-tracking-lambda-role from the dropdown. This is the IAM role that was created as part of the CloudFormation stack in the previous section. CreateFunction
  5. Click Create function. Lambda provisions a new function which uses the IAM role that was specified.
  6. After the function has been created, scroll down to the Code source section and select Upload from and then .zip file. Upload the function package that you selected at the beginning of this section: UploadPackage
  7. Scroll down to Runtime settings, click Edit and replace the value for Handler with update_workload.lambda_handler. Click Save. UpdateHandler
  8. On the function overview page, click Add Trigger to configure a trigger for the Lambda function. AddTrigger
  • Select SNS under Trigger configuration SelectSNS
  • Select wa-risk-tracking under SNS Topic and click Add. SelectTopic

2.2 Test workload updates

To test workload updates, navigate to the Systems Manager console and click on OpsCenter under Operations Management. Select an OpsItems with Well-Architected as the Source.


Scroll down to the Operational data section and expand it. Note down values for the WorkloadName, Pillar, Question, and Best practice missing.


Open a new tab on your browser and navigate to the AWS WA Tool console. Click on the workload listed in the OpsItem in the previous step to view its details. Scroll down to the Lenses section and click on AWS Well-Architected Framework to see pillar level risk data for the workload.


Scroll down to the Pillars section, click on the pillar listed in the OpsItem from the previous step.


Scroll down to Questions and expand the Answer details for the question that is listed in the OpsItem from the previous step. Note that the best practice listed in the OpsItem does not appear under Selected choice(s) for this question.


Switch back to the browser tab that has the OpsItem open. Assume that you have used the Improvement Plan and implemented the best practice listed in the OpsItem for your workload. After this implementation is complete, you can set the status of the OpsItem to Resolved to reflect completion.


Switch back to the browser tab with the AWS WA Tool console. Refresh the page and then scroll down to Questions and expland Answer details for the question that was listed in the OpsItem you resolved. You should see that the best practice listed in the OpsItem now appears under Selected choice(s).


When the OpsItem was resolved, a notification was sent to the wa-risk-tracking SNS topic which then invoked the wa-update-workload Lambda function. The function updated the workload on the AWS WA Tool to reflect the best practice specified in the OpsItem as being implemented. With this approach, workloads on the AWS WA Tool will always be a single source of truth for you to be aware of workload risks.