The AWS Foundational Technical Review (FTR) enables AWS ISV to qualify their software solutions that run on or integrate with AWS. It defines a set of required best practices based on the AWS Well-Architected Framework to ensure solutions are resilient, secure, compliant and reflect operational excellence.
The process to complete an AWS FTR consists of three main steps:
1. Review your architecture and operational practices;
2. Prepare the required documentation and assets;
3. Submit your request through AWS Partner Central.
Three steps sounds easy enough, but look closer and you might find yourself doing more than you first anticipated, especially when AWS recommends that an FTR is completed for each relevant software product that runs on or integrates with AWS.
While it’s important to acknowledge that AWS has revised its FTR process so that you can satisfy AWS Well-Architected best practices more quickly, it can still be an arduous and lengthy process that can take up to three months to complete. Just imagine the time and money that would need to be invested, and could be better spent on innovating new solutions.
AWS outlines that to complete an FTR for a software product that includes a partner-hosted component running on AWS, it is necessary to run through the FTR Partner Hosted Validation checklist, followed by providing two pieces of documentation: a security report from an automated tool and a completed self-assessment. Both the report and self-assessment should be scoped to all AWS accounts that you use to process customer data. In addition, you will need a Well-Architected Report and a Foundational Technical Review Report generated by the AWS Well-Architected Tool plus an application diagram.
One of the most important aspects of the above is that, while all assets are important, the most important asset is the Self-Assessment Questionnaire. Compliance with best-practice is important for the other reports but compliance is mandatory for the Self-Assessment Questionnaire.
A separate step-by-step process is necessary when reviewing a partner-hosted component that runs outside AWS, as it requires a live review with an AWS Partner Solutions Architect. During the review the architect will discuss each of the items on the validation checklist and provide feedback on any identified issues. If there are any issues, they will give you guidance on how to remediate those problems, but it’s not until once you’ve implemented all remediations and provided confirmation to the PSA then will your FTR be approved.
Meanwhile, when it comes to the FTR for customer deployed components, which evaluates how your software product supports being deployed within a customer’s environment, much of the review is based on the product documentation you provide to customers. This will then explain how to deploy and manage your software on AWS or in another environment.
While completing an AWS Well-Architected Framework Review or any other technical validation led by AWS does not guarantee your FTR will be approved, leveraging automation and machine checks to prove compliance can materially accelerate AWS PSA’s approval process.
Complete an FTR with 6pillars.io today
The 6pillars.io platform has been developed so you sail through your FTR with ease, and benefit within 30 minutes of deployment and best-practice configuration. 6pillars.io is built on best-practice automation to detect, protect and remediate AWS misconfigurations that previously left your company exposed to cybersecurity risks or even ransomware attacks.
Take advantage of our 6-month, non-commercial Proof of Concept (PoC) designed to get you on the tools and enjoying automated best-practise compliance and security of your AWS infrastructure. Book your POC here today.
Reference: AWS Well-Architected.