CBA is using a generative AI tool built by AWS to streamline and automate regular reviews of its cloud-based workloads that aid resiliency, security, efficiency and other architectural improvements.
CBA’s Yuri Belenky at AWS re:Invent 2024.
The tool was built specifically for the bank and is one of several tools or features that AWS has either built or tweaked in response to feedback from CBA on its experiences with the reviews.
The AWS Well-Architected Framework is a familiar tool for cloud architects working in the AWS ecosystem and is used to optimise applications and other workloads consuming AWS resources.
Its use is often associated with the design and build phases of an application or workload, ensuring that what gets built or deployed into the cloud aligns with current best practice.
But the point of the presentation at re:Invent – and CBA’s participation in it – was to highlight the benefit of conducting Well-Architected reviews at regular intervals and on an ongoing basis, to optimise and “evolve” applications and workloads by tweaking various architectural attributes.
These attributes cover security, reliability, cost optimisation, operational excellence, performance efficiency and sustainability attributes.
CBA’s general manager of cloud enablement Yuri Belenky told the conference that the Well-Architected Framework aided the bank in running a cloud migration at scale.
Group CTO Rodrigo Castillo said it also helped the bank meet regulated security, reliability and efficiency requirements for its operations.
Belenky described three now publicly accessible additions that AWS had made to its Well-Architected Tool based on feedback from the bank.
These included a consolidated reporting capability that – in CBA’s case – brings insights together from across different Well-Architected reviews performed throughout the bank; an ability to pre-fill a review template with standard answers where applicable; and an ability to tailor questions for a review depending on how an application or workload was made cloud-ready.
“When you’re doing cloud migration, not all applications are the same. Some of them need to undergo deep technical modernisation, [others] just light touch to make it run on cloud,” Belenky said.
“You want to ask a very specific subset of questions … in a Well-Architected review for a particular class of migration.”
The generative AI tool to streamline and automate Well-Architected reviews, on the other hand, appears to have been made specifically for CBA, although AWS appeared to indicate that other customers had much the same challenge.
Belenky highlighted the need to run Well-Architected reviews for workloads regularly, noting there are different aspects to optimise at different stages of cloud deployment, whether it’s at a design, build, operate or evolve phase.
“The focus of a Well-Architected Review is really dependent on the phase of the lifecycle of your application,” he said.
“If you have one takeaway from this session, then I would like this to be the takeaway: you need to do a Well-Architected [review] not once, you need to do it reasonably often to make sure you actually pick important information at the moment, at the certain phase of the lifecycle.”
The generative AI tool is designed to help CBA run the reviews in an automated fashion, with the express aim of being able to run reviews more often.
Belenky said one of the challenges of running reviews was aligning the diaries of all the different stakeholders that had some involvement.
He noted the administrative effort made it difficult to have a regular cadence of reviews in the way the bank wanted.
“We started to talk to AWS if there is any way we could use gen AI to help us to kind of remove, at least partially, [the] human factor from the Well-Architected review [process],” Belenky said.
The solution “takes a CloudFormation template, measures it against AWS Well-Architected best practices using [Amazon] Bedrock, comes back with an answer saying, ‘Here are the best practices that you follow, and here are the best practices that you do not follow’, and provides a recommendation on how to mitigate these risks,” AWS enterprise support principal technologist Rovan Omar said.
Omar added that the gen AI tool could perform a review in about “10 minutes, with limited human intervention”, compared to an average window of four hours needed to complete a review.
Examining resilience
Belenky cited the work CBA is undertaking on the resilience of business-critical workloads as an example of the ongoing need for optimisation.
He noted the bank is working through various architectural options to improve its resiliency should a major problem ever occur in the AWS Sydney region.
Its current setup has it running reserved “cold” instances in “another availability zone”, despite the “obvious cost implications” of doing so.
“When we analysed [resiliency options] together with AWS, the Sydney region is the main region for Australia, and it is a relatively small region, so our thinking was that if one availability zone goes down, then we need to be certain that we can always recover our operations in another availability zone,” said Belenky.
“But if everyone jumps [over] to the same other availability zone … then there is a good chance that we will not be able to get the compute we need [without having the reserved instances].”
“Now, Sydney is not the only region in Australia – there’s also Melbourne, and we are working together with the AWS team to find what’s the best outcome for us for the resilience question.”
Belenky added: “Why I want to highlight this item is because it is not a textbook answer, but the important thing is there are no right or wrong answers.
“There are right questions which Well-Architected is asking you, but answers are all dependent on your particular situation.”
Ry Crozier attended AWS re:Invent 2024 in Las Vegas as a guest of AWS.