90%-95% SLA is useless, it is better to don't say it (even old shared hosting guarantee better SLA for your webapp), you need at least 99.5% for serious business. If you need better SLA (and your customers will!) you need to have mirrored resources (2 app servers, 2 database servers etc.), setup loadbalancing and failover (like keepalived, haproxy, squid etc.), setup good internal and external monitoring and alerting solution (something like Zabbix or Nagios, newrelic and Logstash/Kibana for logs management) and you will need system administrators, who will manage it, monitor it and react to problems.
You should look over table of SLA on wikipedia and there you can find how long can your app be offline for your SLA level. Don't forget that outage can and will occurs when you cannot react instantly (ie. 3am), so you need to have big enough admin team to provide 24/7 support. You have to find and identify all of SPOFs and eliminate it. Don't forget that not only your developers are source of potential problems, but your servers will be under various types of automated attacks from first minute (ssh bots, DDoS etc.)
To have good and stable environment is really, really hard to achieve, very, very expensive, and it is even more expensive when you are in cloud (because of impact of another users of cloud).
You can find examples how your environment should looks for simple webpage to ensure high availability on aws, provided by amazon itself here (pdf) or more in aws architecture center.
Last but not least, you should never forget about doubling of resources! If you have only one VM of single type, you cannot guarantee anything. And second part - you (resp. your admins) need to prepare disaster recovery plans and should do regular "fire drill" to ensure plans are up to date and working well.