🏗️ Real-World Scenarios#

This chapter contains real-world architecture scenarios that you’ll encounter as an AWS Solutions Architect. Each scenario includes the problem, solution, and key takeaways.

Scenario 1: E-Commerce Platform Migration#

Problem: A retail company runs their e-commerce platform on-premises. During Black Friday, traffic spikes cause outages. They want to migrate to AWS with high availability and auto-scaling.

Architecture:

CloudFront → WAF → ALB → Auto Scaling EC2 → ElastiCache → RDS Multi-AZ
                          ↓
                    SQS → Lambda (order processing) → DynamoDB
                          ↓
                    SNS → Email/SMS notifications

Solution:

1. Route53 with latency-based routing to ALB
2. CloudFront + WAF for DDoS protection
3. ALB with cross-zone LB across 3 AZs
4. Auto Scaling with target tracking (CPU at 60%)
5. ElastiCache for session state (stateless app)
6. RDS Multi-AZ for database HA
7. SQS to decouple order processing
8. SNS for order notifications

Takeaways: Decouple with SQS → handle traffic spikes. Stateless app → scales horizontally. Multi-AZ → survives AZ failure.

Scenario 2: Data Lake for Analytics#

Problem: A media company generates 5 TB of logs daily. They need to analyze this data for trends and store it cost-effectively.

Architecture:

On-prem logs → Kinesis Data Firehose → S3 (raw) → Glue ETL → S3 (curated)
                                                               ↓
                                                    Athena / Redshift Spectrum

Solution:

1. Kinesis Data Firehose for streaming ingestion
2. S3 as the data lake (raw → cleaned → curated zones)
3. AWS Glue for ETL and catalog
4. Athena for serverless SQL queries
5. Lifecycle policies: Standard → IA → Glacier → Deep Archive

Takeaways: S3 is the most cost-effective data lake. Lifecycle policies reduce storage costs by 80%. Athena is serverless — no clusters to manage.

Scenario 3: Hybrid Cloud Backup#

Problem: A healthcare company needs to backup 50 TB of on-premises data to AWS for disaster recovery. They need low latency access to recent backups and long-term archival for compliance.

Solution:

On-prem servers → Storage Gateway (File) → S3 (active)
                                             ↓
                                       Lifecycle → Glacier (compliance, 7yr)

1. Storage Gateway — File Gateway for cached access to S3
2. S3 for primary backup storage
3. Lifecycle policy → Glacier after 90 days, Deep Archive after 1 year
4. S3 Object Lock for WORM compliance
5. Cross-region replication for DR

Takeaways: File Gateway gives on-prem low-latency access to cloud storage. Object Lock satisfies compliance requirements.

Scenario 4: Serverless Microservices#

Problem: A startup wants to build a REST API for their mobile app with minimal operational overhead. Traffic is unpredictable.

Architecture:

Mobile App → API Gateway → Lambda → DynamoDB
                   ↓
             Cognito (Auth)

1. API Gateway (HTTP API) for REST endpoints
2. Lambda for business logic (auto-scales)
3. DynamoDB (On-Demand) for NoSQL storage
4. Cognito for user authentication

Takeaways: Fully serverless. Zero servers to manage. Pay per request. Scales from 0 to millions automatically.

Scenario 5: Global Content Delivery#

Problem: A SaaS company serves customers worldwide. Their US-based origin server causes high latency for European and Asian users.

Solution:

User → Route53 (Latency) → CloudFront → ALB (us-east-1)
                              ↓ (cache hit)
                         Edge Location

1. CloudFront with Edge Locations globally
2. Route53 latency-based routing to closest region
3. Origin Shield to reduce origin load
4. Lambda@Edge for URL rewrites and A/B testing

Takeaways: CloudFront reduces latency dramatically (Edge > 400 locations). Lambda@Edge runs code at Edge with sub-ms startup.

Scenario 6: Database Migration with Zero Downtime#

Problem: A financial services company needs to migrate from Oracle to Aurora PostgreSQL with minimal downtime (< 5 minutes).

Solution:

Oracle (On-prem) → DMS (CDC) → Aurora PostgreSQL
                       ↓
                 SCT (Schema Conversion)

1. AWS SCT to convert Oracle schema to PostgreSQL
2. AWS DMS with full load + CDC replication
3. Aurora PostgreSQL (Multi-AZ) as target
4. Cutover: Stop app → apply final CDC → switch DNS

Takeaways: DMS supports ongoing replication so cutover is minutes. SCT automates schema conversion but may need manual review.

Scenario 7: Cost Optimization Audit#

Problem: A company’s AWS bill is $50K/month. The CFO wants to reduce it by 30% without affecting performance.

Solution:

1. Compute Optimizer → Right-size 40% over-provisioned EC2 instances
2. Reserved Instances / Compute SP → 30% savings on steady-state
3. Spot Instances → Replace 50% of non-prod with Spot
4. S3 Lifecycle → Move old data to Glacier (60% cheaper)
5. Delete stale resources → 15 unattached EBS volumes, 3 idle ALBs
6. NAT Gateway → VPC Endpoints → Save $200/month on S3 data transfer

Result: Monthly bill reduced from $50K to $33K (34% savings).

Scenario 8: High Availability Web App#

Problem: A travel booking site must maintain 99.99% availability. They currently run in a single AZ.

Architecture:

Route53 (Failover)
    ├── Primary: us-east-1 (Multi-AZ)
    │   ├── ALB → ASG (3 AZs) → RDS Multi-AZ
    │   └── ElastiCache Redis (Cluster mode)
    └── DR: us-west-2 (Warm Standby)
        └── RDS (cross-region replica)
            └── ASG (min 2 instances)

1. Multi-AZ for all services
2. RDS Multi-AZ with auto-failover
3. Cross-region read replica for DR
4. Route53 failover routing with health checks
5. Warm standby in us-west-2 (scaled-down)

Takeaways: Multi-AZ handles AZ failure. Cross-region replica handles region failure. Route53 health checks automate DNS failover.

Scenario 9: Secure Cross-Account Access#

Problem: A central security team needs read-only access to S3 buckets across 5 AWS accounts.

Solution:

Management Account
    └── IAM User (security-auditor)
        └── Assume Role → Account A: S3-ReadOnly-Role
                        → Account B: S3-ReadOnly-Role
                        → Account C: S3-ReadOnly-Role

1. Create IAM role in each account with AmazonS3ReadOnlyAccess
2. Set trust policy allowing management account to assume role
3. Use aws sts assume-role to switch accounts

Takeaways: Cross-account roles are the secure way to grant access. No IAM users needed in each account.

Scenario 10: Event-Driven Image Processing#

Problem: A social media app needs to process user-uploaded images (create thumbnails, detect objects, moderate content).

Architecture:

User → API Gateway → Lambda (upload URL) → S3 (raw)
                                              ↓
                              S3 Event → Lambda (thumbnail)
                                       → Lambda (Rekognition)
                                       → Lambda (moderation)
                                              ↓
                                        S3 (processed)

1. S3 triggers Lambda on object creation
2. Lambda generates thumbnails using Sharp/Pillow
3. Rekognition for object detection
4. Lambda for content moderation
5. SNS to notify user when processing is complete

Takeaways: Event-driven architecture is decoupled and scalable. S3 events + Lambda = powerful serverless processing pipeline.

✅ Chapter Quiz#

1. An e-commerce platform experiences traffic spikes during Black Friday. Which architecture decouples order processing from the web tier?

   • A) Direct database writes from the web tier
   • B) SQS queue between web tier and order processing
   • C) Same EC2 instance for web and processing
   • D) Synchronous API calls

2. A media company ingests 5 TB of daily logs. Which service is best for streaming data ingestion?

   • A) S3
   • B) Kinesis Data Firehose
   • C) SQS
   • D) DynamoDB

3. A healthcare company needs low-latency access to recent backups stored in S3. Which hybrid storage solution should they use?

   • A) Direct Connect
   • B) Storage Gateway File Gateway
   • C) Snowball
   • D) DataSync

4. A startup wants to build a REST API with zero server management. Which services form a fully serverless architecture?

   • A) EC2, ALB, RDS
   • B) API Gateway, Lambda, DynamoDB
   • C) ECS, ALB, RDS
   • D) Elastic Beanstalk, RDS

5. A SaaS company serves global users. Which service reduces latency by caching content at edge locations?

   • A) Route53
   • B) CloudFront
   • C) Global Accelerator
   • D) Direct Connect

6. A financial company needs to migrate from Oracle to Aurora PostgreSQL with minimal downtime. Which services are required?

   • A) SCT and DMS with CDC
   • B) DataSync and Storage Gateway
   • C) Snowball and SCT
   • D) DMS and Snowball

7. A company wants to reduce a $50K/month AWS bill by 30% without affecting performance. Which tool identifies over-provisioned EC2 instances?

   • A) Cost Explorer
   • B) Compute Optimizer
   • C) Trusted Advisor
   • D) Budgets

8. A travel booking site needs 99.99% availability. In addition to Multi-AZ, what should they implement?

   • A) Single-region deployment
   • B) Multi-region warm standby with Route53 failover
   • C) Spot Instances
   • D) T2 burstable instances

9. A security team needs read-only access to S3 buckets across 5 AWS accounts. Which approach is most secure?

   • A) Create IAM users in each account
   • B) Use cross-account IAM roles with trust policies
   • C) Share root credentials
   • D) Use S3 bucket policies only

10. A social media app needs to process user uploaded images. Which service triggers the processing workflow?

    • A) API Gateway
    • B) S3 event notifications
    • C) CloudWatch alarm
    • D) SQS

11. A company needs to analyze data in S3 using SQL without provisioning a data warehouse. Which service should they use?

    • A) Redshift
    • B) Athena
    • C) EMR
    • D) OpenSearch

12. Which service should an IoT company use to collect and process millions of device events per second in real time?

    • A) Kinesis Data Streams
    • B) SQS
    • C) SNS
    • D) EventBridge

13. A company needs to share 10 GB files with external partners securely. Which solution provides time-limited access?

    • A) S3 pre-signed URLs
    • B) S3 public bucket
    • C) EFS with NFS export
    • D) FTP server on EC2

14. A company wants to decouple a monolithic application into microservices. Which service enables asynchronous communication between new microservices?

    • A) API Gateway
    • B) SQS
    • C) ELB
    • D) EC2

15. Which AWS service provides serverless GPU access for machine learning inference?

    • A) SageMaker
    • B) EC2 G5 instances
    • C) Lambda with GPU
    • D) EKS

16. A company runs a stateful web application on EC2. They need high availability but the app stores session data locally. What should they do?

    • A) Enable sticky sessions on the ALB
    • B) Move session data to ElastiCache for a stateless architecture
    • C) Increase instance size
    • D) Add more instances without changing the architecture

17. Which AWS service provides a fully managed CI/CD service for building, testing, and deploying code?

    • A) CodeBuild
    • B) CodePipeline
    • C) CodeDeploy
    • D) All of the above

18. A company needs to create a private network connection between two VPCs in different AWS regions. Which service should they use?

    • A) VPC Peering
    • B) Direct Connect
    • C) VPN
    • D) Transit Gateway

19. A company wants to automate the creation of a multi-account AWS environment with governance controls. Which service should they use?

    • A) AWS Organizations
    • B) AWS Control Tower
    • C) CloudFormation
    • D) Service Catalog

20. Which AWS service should be used to send push notifications to mobile devices at scale?

    • A) SNS
    • B) SQS
    • C) EventBridge
    • D) Pinpoint

21. A company needs to enforce that all resources in an AWS account are tagged with a CostCenter tag. Which service can enforce this?

    • A) AWS Config
    • B) CloudTrail
    • C) Trusted Advisor
    • D) Cost Explorer

22. A company is deploying a containerized application and needs a fully managed container registry. Which AWS service should they use?

    • A) Docker Hub
    • B) ECR (Elastic Container Registry)
    • C) S3
    • D) EFS

23. A company needs to run a SQL query across multiple S3 buckets containing CSV data. Which service is MOST cost-effective for this use case?

    • A) Redshift
    • B) Athena
    • C) RDS
    • D) EMR

24. Which AWS service provides a managed API for blockchain networks?

    • A) Managed Blockchain
    • B) Quantum Ledger Database (QLDB)
    • C) DynamoDB
    • D) RDS

25. A company needs to store audit logs for 7 years to meet regulatory compliance. Which S3 storage class is MOST cost-effective?

    • A) S3 Standard
    • B) S3 Standard-IA
    • C) S3 Glacier
    • D) S3 Deep Archive

📚 Additional Resources#

• AWS Architecture Center
• AWS Well-Architected Labs
• AWS Solutions Library
• Serverless Land Patterns

Next → Practice Test 1