AWSSAA-C03

Domain 3: Design High-Performing Architectures

Topic 3 of 4 · Study notes

AWS Certified Solutions Architect – Associate (SAA-C03) — Domain 3: Design High-Performing Architectures

Exam Code: SAA-C03 | Level: Associate
Domain Weight: 24% | Total Domains: 4 | Passing Score: 720/1000

High-Performing Storage Solutions
High-Performing Compute Solutions
High-Performing Database Solutions
High-Performing Network Architectures
Data Ingestion and Analytics Pipelines
Exam Tips & Quick Reference

1. High-Performing Storage Solutions

1.1 Storage Selection Framework

Every performance question starts with choosing the right storage type for the access pattern. Use this decision tree before choosing a service.

What is the data access pattern?
│
├── Object data (images, videos, backups, static website, logs)
│   └── Amazon S3
│
├── Block data (OS, databases, applications requiring raw disk)
│   ├── Single instance attachment   → Amazon EBS
│   └── Multi-instance (rare)        → EBS io1/io2 with Multi-Attach
│
├── File data (shared hierarchical, NFS/SMB)
│   ├── Linux, NFS                   → Amazon EFS
│   ├── Windows, SMB, AD             → FSx for Windows
│   ├── HPC or ML training           → FSx for Lustre
│   └── Multi-protocol (NFS + SMB)   → FSx for NetApp ONTAP
│
└── Archive (infrequent, long-term retention)
    ├── Need instant retrieval        → S3 Glacier Instant Retrieval
    ├── Minutes–hours OK              → S3 Glacier Flexible Retrieval
    └── 12+ hours OK                  → S3 Glacier Deep Archive

1.2 EBS Volume Types Deep Dive

Full EBS Volume Comparison

Type	IOPS	Throughput	Latency	Use Case
gp3 (SSD)	Up to 16,000	Up to 1,000 MB/s	Single-digit ms	Default; general purpose; boot volumes
gp2 (SSD)	3 IOPS/GB; up to 16,000	Up to 250 MB/s	Single-digit ms	Legacy; prefer gp3 for all new volumes
io2 Block Express	Up to 256,000	Up to 4,000 MB/s	Sub-millisecond	Mission-critical databases (SAP HANA, Oracle)
io1	Up to 64,000	Up to 1,000 MB/s	Single-digit ms	High-IOPS databases; older generation
st1 (HDD)	500	Up to 500 MB/s	ms-range	Sequential throughput (Kafka, ETL, log processing)
sc1 (HDD)	250	Up to 250 MB/s	ms-range	Cold data; lowest EBS cost

Key Concept: gp3 decouples IOPS from volume size — you can configure up to 16,000 IOPS on any size volume. gp2 forces you to provision a large volume to get high IOPS (3 IOPS/GB). For the same IOPS, gp3 is always cheaper. Migrate from gp2 to gp3 for an instant ~20% cost reduction.

Instance Store (Ephemeral)

Instance store is NVMe SSD directly attached to the host hardware — no network overhead. It provides the highest possible IOPS and throughput available in AWS. The critical constraint: data is permanently lost when the instance stops, terminates, or the host fails. It survives reboot only.

Use instance store for: buffer, scratch space, temporary processing, or as a caching layer where data can be recreated from a durable source.

EBS Multi-Attach

Attach a single io1 or io2 volume to up to 16 EC2 instances simultaneously within the same AZ. The application must manage concurrent write access using a cluster-aware file system. Use for Oracle RAC or high-availability shared storage clusters.

1.3 S3 Performance Optimization

S3 Throughput Limits and Scaling

S3 automatically partitions based on key prefixes. Each prefix supports 3,500 PUT/COPY/POST/DELETE and 5,500 GET/HEAD requests per second. Using multiple key prefixes creates multiple partitions and linearly scales throughput. S3 scales automatically — no manual sharding required.

Transfer Performance Methods

Method	Use When	Key Detail
Multipart Upload	Files > 100 MB (recommended); > 5 GB (required)	Parallel upload parts; resume on failure
S3 Transfer Acceleration	Uploading from geographically distant locations	Routes through nearest CloudFront edge to AWS backbone
S3 Byte-Range Fetches	Large object downloads; partial object reads	Parallel downloads; improves throughput
AWS DataSync	Large-scale migration from on-premises or other clouds	10× faster than open-source tools; handles scheduling

S3 Storage Class Selection

Access Pattern	Recommended Class	Minimum Duration
Accessed multiple times per day	S3 Standard	None
Accessed once per month; millisecond retrieval	S3 Standard-IA	30 days
Infrequent; acceptable single-AZ risk	S3 One Zone-IA	30 days
Unknown or changing access patterns	S3 Intelligent-Tiering	None
Archive; need instant retrieval	S3 Glacier Instant Retrieval	90 days
Archive; 1–5 minute retrieval acceptable	S3 Glacier Flexible Retrieval	90 days
Archive; 12+ hours acceptable; lowest cost	S3 Glacier Deep Archive	180 days

S3 Lifecycle Transitions — Minimum Age Rules

S3 Standard → Standard-IA:          minimum 30 days in Standard
Standard-IA → Glacier Instant:       minimum 90 days from object creation
Standard-IA → Glacier Flexible:      minimum 90 days from object creation
Any class   → Glacier Deep Archive:  minimum 180 days from object creation
Expiration:                          delete objects or incomplete multipart uploads after N days

1.4 Hybrid Storage Solutions

AWS Storage Gateway — Gateway Type Selection

Gateway Type	Protocol	Data Location	Use When
S3 File Gateway	NFS / SMB	S3 buckets	Replace on-premises file servers; cloud backup
FSx File Gateway	SMB	FSx for Windows	Windows clients with AD; replace on-prem Windows shares
Volume Gateway — Stored	iSCSI	Local disk (async backup to S3)	All primary data must be local; disaster recovery via S3
Volume Gateway — Cached	iSCSI	S3 (frequently accessed data cached locally)	Large dataset lives in cloud; low-latency access for hot data
Tape Gateway	iSCSI VTL	S3 / Glacier	Replace physical tape backup infrastructure

Exam Tip: "All data must remain on-premises, with cloud backup" → Volume Gateway Stored mode. "Large dataset in cloud, local cache for frequently accessed data" → Volume Gateway Cached mode. Confusing these two is one of the most common Domain 3 mistakes.

AWS DataSync vs. Storage Gateway

Feature	AWS DataSync	Storage Gateway
Primary Use	One-time migration or periodic batch transfer	Ongoing hybrid access to cloud storage
Access Pattern	Schedule-based; not real-time	Continuous; low-latency hybrid access
On-Premises Agent	Required	Required
Acceleration	10× faster than open-source tools	N/A

Key Concept: Use DataSync for migration — moving large data sets to AWS once (or periodically). Use Storage Gateway for ongoing hybrid access — on-premises applications that continuously read and write to cloud storage.

AWS Transfer Family

Provides managed SFTP, FTPS, FTP, and AS2 endpoints that front Amazon S3 or EFS. Migrate existing FTP-based workflows to S3 without changing client software. Supports custom authentication via Lambda, Secrets Manager, or Active Directory.

2. High-Performing Compute Solutions

2.1 EC2 Instance Family Selection

Match the instance family to the workload bottleneck — CPU, memory, network, or storage.

Family (Prefix)	Optimized For	Common Use Cases
General Purpose (M, T)	Balanced CPU / memory	Web servers, small databases, dev/test
Compute Optimized (C)	High CPU:memory ratio	HPC, video encoding, ML inference, gaming servers
Memory Optimized (R, X, z)	High memory:CPU ratio	In-memory databases, SAP HANA, large Redis caches
Storage Optimized (I, D, H)	High local NVMe I/O	NoSQL (Cassandra), data warehousing, Hadoop
Accelerated Computing (P, G, F, Inf, Trn)	GPU / FPGA / custom chips	ML training, video transcoding, genomics
HPC Optimized (Hpc)	Ultra-high network bandwidth	Tightly coupled HPC; MPI workloads

Matching Symptoms to Instance Family

Application uses > 80% RAM, CPU normal → Memory Optimized (R-series)
Application uses > 80% CPU, RAM normal → Compute Optimized (C-series)
ML training workload → GPU (P-series or G-series)
General web application → M-series (steady) or T-series (variable/bursty)

Burstable Performance (T-Series)

T3, T3a, and T4g instances earn CPU credits when running below baseline and spend them when bursting. In Standard mode, the instance is throttled when credits are exhausted. In Unlimited mode, it bursts beyond credits and accrues additional charges. Unlimited mode prevents throttling for production workloads with occasional spikes.

2.2 EC2 Purchasing Options for Performance

Savings Plans vs. Reserved Instances

Option	Discount vs On-Demand	Flexibility	Best For
Standard RI	Up to 72%	Specific family/Region/OS/tenancy	Exact same instance for 1–3 years
Convertible RI	Up to 54%	Can exchange for different type mid-term	Known workload but may need type change
EC2 Instance Savings Plan	Up to 72%	Any size in specific family + Region	Flexible sizing within one family
Compute Savings Plan	Up to 66%	Any EC2 (any Region/family/OS) + Lambda + Fargate	Maximum flexibility; cross-region migrations

Key Concept: Choose Compute Savings Plans when you have mixed workloads (EC2 + Lambda + Fargate), plan to migrate regions, or need the flexibility to change instance families. The slight discount reduction is worth the flexibility for most organizations.

Spot Instances for Performance at Low Cost

Spot Instances offer up to 90% discount but can be interrupted with a 2-minute warning. Key strategies:

Capacity-optimized allocation — AWS selects the Spot pool with the most available capacity; minimizes interruptions.
Spot Fleet with multiple instance types — diversify across pools; if one type is unavailable, another is used.
Interruption handling — subscribe to EC2 Spot Instance Interruption Notice via EventBridge → Lambda to gracefully drain connections and checkpoint work.

2.3 Scaling for Performance

Auto Scaling Custom Metrics for SQS Workloads

Custom CloudWatch Metric:
  ApproximateNumberOfMessagesVisible / NumberOfRunningInstances

Target Tracking Target Value = desired backlog per instance (e.g., 100 messages)

Effect: ASG scales workers proportionally to queue depth

EC2 Fleet and Spot Fleet

EC2 Fleet launches a mix of instance types and purchase options (On-Demand + Spot + Reserved) with a single API request, simplifying capacity provisioning for heterogeneous workloads.

2.4 Serverless Performance Optimization

Lambda Memory and CPU Relationship

Lambda CPU power scales proportionally with memory allocation. Doubling memory effectively doubles CPU. Sometimes allocating more memory makes a function faster and cheaper because it reduces duration enough to offset the higher per-millisecond rate. Use the AWS Lambda Power Tuning open-source tool to find the optimal memory/cost balance.

Lambda Performance Tools

Tool / Feature	Purpose
Provisioned Concurrency	Pre-initialize N function environments; zero cold-start latency; pay per hour provisioned
Lambda SnapStart (Java)	Snapshot initialized function state; restore from snapshot instead of re-initializing; faster than cold start
Lambda Layers	Share common dependencies across functions; reduce deployment package size
Reserved Concurrency	Cap max concurrency for a function; prevent noisy-neighbor throttling of other functions

Exam Tip: Provisioned Concurrency is the answer for eliminating cold starts. SnapStart is specifically for Java runtimes and is cheaper than Provisioned Concurrency for some use cases. Both reduce latency; the exam differentiates by runtime and cost sensitivity.

3. High-Performing Database Solutions

3.1 Relational Database Performance

RDS Read Replicas for Read Scaling

Route read queries to the reader endpoint to offload the primary instance. Up to 5 read replicas per RDS instance (up to 15 for Aurora). Read replicas use asynchronous replication — there may be a small lag. Replicas can be in different Regions (Cross-Region Read Replicas).

RDS Proxy

RDS Proxy sits between your application and RDS, managing a persistent connection pool. Critical for Lambda functions (which open many short-lived connections) and applications with bursty connection patterns. Also improves failover time by maintaining connections during Multi-AZ failover.

Performance Insights vs. Enhanced Monitoring

Tool	What It Measures	Resolution
Performance Insights	Database-level metrics: wait events, SQL statement performance, active sessions	1 second
Enhanced Monitoring	OS-level metrics: CPU steal, memory, disk I/O, process list	1–60 seconds

Key Concept: Performance Insights reveals why a database is slow (which queries, which wait events). Enhanced Monitoring shows the OS resource consumption. Use Performance Insights first for query-level bottlenecks.

Aurora Architecture for Performance

Cluster Endpoints:
├── Writer Endpoint    → always routes to current primary (handles failover automatically)
├── Reader Endpoint    → load-balances reads across all Aurora Replicas
└── Custom Endpoints   → point to a specific subset of instances (workload isolation)

Aurora Parallel Query pushes processing to storage-layer nodes, reducing data movement and accelerating analytics queries on transactional data without a separate data warehouse.

3.2 DynamoDB Performance Deep Dive

Capacity Modes

Mode	How Capacity Works	Cost Profile	Use When
Provisioned	Set RCU + WCU; DynamoDB Auto Scaling adjusts	Lower per-unit cost	Predictable, steady traffic
On-Demand	Auto-scales instantly; no planning	Higher per-request	Unpredictable spikes; new apps; dev/test

Capacity Unit Math

1 RCU = 1 strongly consistent read per second for items ≤ 4 KB (or 2 eventually consistent reads)
1 WCU = 1 write per second for items ≤ 1 KB
Items larger than the threshold consume proportionally more units

Read Consistency Models

Model	RCU Cost	Behavior
Eventually Consistent	0.5 RCU	Default; may return slightly stale data
Strongly Consistent	1 RCU	Always returns the latest committed data
Transactional	2 RCU	ACID; use for financial or inventory operations

Global Secondary Index vs. Local Secondary Index

Feature	LSI	GSI
Partition Key	Same as base table	Different from base table
Sort Key	Different from base table	Optional
Size Limit per Partition	10 GB	Unlimited
Consistency	Strongly consistent option available	Eventually consistent only
Creation Time	At table creation only	Any time
Capacity	Shares with base table	Own RCU/WCU settings

3.3 ElastiCache and MemoryDB

ElastiCache Redis Cluster Modes

Cluster Mode Disabled (Replication Group) — one shard, up to 5 read replicas, up to 500 GB dataset. Simplest configuration.
Cluster Mode Enabled — up to 500 nodes across multiple shards; supports up to 340 TB dataset; horizontal write scaling via sharding.

Production Redis Patterns

Session store — stateless app servers store user sessions in Redis; instances are interchangeable
Leaderboard — sorted sets for real-time ranking without complex queries
Rate limiting — INCR counter per user key with a TTL; atomic and fast
Query result caching — cache-aside pattern; reduces RDS load by 90%+ for read-heavy workloads
Pub/Sub — lightweight real-time messaging for chat or notifications

Amazon MemoryDB for Redis

MemoryDB is Redis-compatible but designed as a primary database, not just a cache. Data is persisted in a Multi-AZ transaction log, providing microsecond reads and single-digit millisecond writes with full durability. Use MemoryDB when Redis data is the source of truth (not a cache in front of another database).

3.4 Specialized Purpose-Built Databases

Choose the right database engine before optimizing — the wrong engine is never "performant enough."

Database	Engine Type	Use Case
Amazon Redshift	Column-oriented data warehouse	Business intelligence, OLAP, analytics
Amazon OpenSearch Service	Search and analytics (Elasticsearch-compatible)	Full-text search, log analytics, real-time dashboards
Amazon Neptune	Graph database (Gremlin, SPARQL, openCypher)	Social networks, fraud detection, recommendation engines
Amazon DocumentDB	Document (MongoDB-compatible)	Migrating MongoDB workloads to a managed service
Amazon Keyspaces	Wide-column (Cassandra-compatible)	Migrating Cassandra workloads
Amazon Timestream	Time-series (serverless)	IoT telemetry, DevOps metrics, financial tick data

Amazon Redshift Performance Features

Feature	What It Does
MPP (Massively Parallel Processing)	Query runs in parallel across all compute nodes
Columnar Storage + Compression	Reads only relevant columns; reduces I/O dramatically
Result Caching	Identical queries return cached result instantly at no cost
Concurrency Scaling	Adds burst capacity clusters automatically for concurrent query spikes
Redshift Spectrum	Query S3 data directly without loading into Redshift cluster
RA3 Nodes	Managed storage; compute and storage scaled independently

Key Concept: Redshift is for OLAP (analytics, aggregations, historical reports). Do not use Redshift for OLTP (transactional, row-level operations). For mixed workloads, use RDS/Aurora for OLTP and Redshift + Spectrum for analytics on historical data.

4. High-Performing Network Architectures

4.1 CloudFront for Performance

CloudFront caches content at 400+ edge locations globally, dramatically reducing origin load and user latency.

Cache Behavior Configuration

Setting	Purpose
Cache Policy	Defines what goes into the cache key (headers, cookies, query strings)
Origin Request Policy	Controls what is forwarded to the origin (may not be in cache key)
Response Headers Policy	Adds or removes headers in the response
TTL	Controlled via `Cache-Control` and `Expires` headers from the origin
Automatic Compression	Compresses responses at the edge; reduces transfer size

CloudFront Functions vs. Lambda@Edge

Feature	CloudFront Functions	Lambda@Edge
Execution Locations	400+ edge PoPs	~13 regional edge caches
Triggers	Viewer request and viewer response only	Viewer + origin request and response (all 4)
Runtime	JavaScript	Node.js, Python
Max Duration	1 millisecond	5–30 seconds
Max Memory	2 MB	128 MB – 10 GB
Cost	Lower	Higher
Best For	URL rewrites, header normalization, A/B routing	Auth validation, complex transformation, personalization

Exam Tip: Use CloudFront Functions for simple, high-volume operations that run at every edge location (URL redirects, header manipulation). Use Lambda@Edge when you need more compute power, longer duration, or need to make calls to origin/external services.

Origin Groups for Failover

Configure an Origin Group with a primary origin and a failover origin. If the primary returns 5xx errors or is unavailable, CloudFront automatically retries the request against the failover origin — providing automatic CDN-level failover.

4.2 AWS Global Accelerator

Global Accelerator uses two static anycast IP addresses to route traffic through the AWS global network backbone rather than the public internet. This reduces latency by entering the AWS backbone at the nearest edge location.

CloudFront vs. Global Accelerator

Feature	CloudFront	Global Accelerator
Caches Content	Yes — for static and dynamic	No — always proxies to origin
Static IPs	No — uses DNS	Yes — 2 static anycast IPs
Protocols	HTTP/HTTPS	TCP, UDP, HTTP, gRPC
Health Checks	Yes	Yes — failover < 30 seconds
Use Case	Web content, APIs, caching	Non-HTTP apps, gaming, VoIP, IP allow-listing

Exam Tip: If the question mentions static IPs or IP allow-listing, the answer is Global Accelerator. If it mentions caching or CDN, the answer is CloudFront. Both improve global performance; they solve different problems.

4.3 VPC Design for Performance

Placement Groups

Type	Topology	Max Instances	Use For
Cluster	Same rack in one AZ; 10+ Gbps network	No hard limit	HPC, tightly coupled parallel compute
Spread	Different racks and AZs	7 per AZ	Critical instances needing maximum hardware HA
Partition	Groups on separate hardware partitions	7 partitions per AZ	Large distributed systems (Kafka, HDFS, Cassandra)

Enhanced Networking Options

ENA (Elastic Network Adapter) — standard on current-gen instances; up to 100 Gbps network throughput
EFA (Elastic Fabric Adapter) — adds OS-bypass networking (RDMA) for HPC; enables MPI communication at near-hardware latency; use for ML training clusters and CFD/weather simulation

5. Data Ingestion and Analytics Pipelines

5.1 Streaming Data Services

Kinesis Data Streams (KDS)

KDS enables real-time streaming with custom consumers and configurable retention (up to 365 days for replay).

Concept	Value
Ingestion per Shard	1 MB/s or 1,000 records/s
Read per Shard	2 MB/s (Standard) or 2 MB/s per consumer (Enhanced Fan-Out)
Standard Consumer	2 MB/s shared across all consumers for that shard; polling
Enhanced Fan-Out	2 MB/s per consumer per shard via HTTP/2 push; independent throughput
Retention	24 hours default; up to 365 days

Amazon Data Firehose (formerly Kinesis Data Firehose)

Fully managed delivery stream to S3, Redshift, OpenSearch, Splunk, and HTTP endpoints. No consumers to manage — Firehose handles buffering, transformation (optional via Lambda), and delivery automatically.

Kinesis vs. SQS

Feature	Kinesis Data Streams	SQS
Multiple Consumers	Yes — all consumers receive the same records	No — each message consumed once
Message Replay	Yes — re-read data within retention window	No — deleted after successful consumption
Real-Time Streaming	Yes — sub-second	Near real-time (seconds)
Ordering	Per shard	FIFO queues only
Use For	Analytics, streaming ETL, multiple consumers, replay	Task queue, workload decoupling

Amazon MSK (Managed Streaming for Apache Kafka)

Fully managed Kafka cluster. Use when the team already has Kafka expertise, when Kafka Connect or Kafka Streams is needed, or when migrating existing Kafka workloads to AWS. More operationally complex than Kinesis but fully API-compatible with Apache Kafka.

5.2 Batch Data Processing

AWS Batch

Managed batch computing on EC2 or Fargate for large-scale parallel jobs. Three key components:

Job Definition — Docker image, resource requirements (vCPU, memory), command, retry strategy
Job Queue — holds submitted jobs; assigned a priority; linked to a compute environment
Compute Environment — EC2 or Fargate; managed (AWS handles scaling/provisioning) or unmanaged

Amazon EMR

Managed cluster for big data frameworks: Hadoop, Spark, HBase, Flink, and Presto. Deployment options:

EMR on EC2 — traditional cluster; cost-effective with Spot instances for transient workloads
EMR on EKS — run EMR jobs on an existing Kubernetes cluster
EMR Serverless — no cluster management; auto-scales; pay per job

AWS Glue

Serverless ETL service and central data catalog.

Component	Function
Glue Data Catalog	Central metadata repository (databases, tables, schemas) for all data sources
Crawlers	Automatically discover and catalog data in S3, RDS, Redshift; infer schema
ETL Jobs	Spark or Python scripts; transform data between sources and formats
DataBrew	Visual, no-code data preparation for cleaning and normalization

5.3 Analytics and Visualization

Amazon Athena

Serverless, interactive SQL query engine for data in S3. Pay per query (per TB of data scanned). No infrastructure to provision.

Performance and cost optimization for Athena:

Partition data by date, region, or account → queries scan only relevant partitions
Use columnar formats (Parquet, ORC) → 30–90% less data scanned vs. CSV
Compress data → fewer bytes to scan = lower cost and faster queries
Federated query — query RDS, DynamoDB, and Redshift from Athena using Lambda data source connectors

AWS Lake Formation

Simplifies building, securing, and managing data lakes on S3.

Feature	Purpose
Row-level and column-level security	Fine-grained access control on Glue Catalog tables
Governed tables	ACID transactions on S3 data (insert, update, delete)
Tag-based access control (LF-TBAC)	Grant access based on metadata tags instead of table-by-table policies

Amazon QuickSight

Business intelligence and dashboarding. The SPICE (Super-fast Parallel In-memory Calculation Engine) in-memory analytics engine returns sub-second query results. Embedded analytics capability allows dashboards to be integrated into third-party applications. Pay-per-session pricing eliminates heavy BI licensing costs.

Exam Tips & Quick Reference

Scenario-to-Answer Mapping

Scenario Keyword / Requirement	Correct Answer
"High IOPS database; predictable workload"	EBS io2 or RDS Provisioned IOPS
"Temporary storage; maximum IOPS; not persistent"	EC2 Instance Store
"Share files across Linux EC2 instances in multiple AZs"	Amazon EFS
"Windows EC2 needs shared storage with AD integration"	FSx for Windows File Server
"HPC workload needs shared high-throughput storage"	FSx for Lustre
"On-premises NFS share backed by S3"	Storage Gateway S3 File Gateway
"Replace physical tape backups with cloud"	Storage Gateway Tape Gateway
"Migrate large dataset from on-premises to S3"	AWS DataSync (not Storage Gateway)
"DynamoDB hot items; repeated reads at microsecond latency"	DynamoDB DAX
"Cache RDS results; need persistence and HA"	ElastiCache for Redis
"Cache RDS results; simple, no persistence needed"	ElastiCache for Memcached
"Redis as primary database with full durability"	Amazon MemoryDB for Redis
"Real-time streaming; multiple consumers; replay needed"	Kinesis Data Streams
"Stream to S3/Redshift; no custom consumers"	Amazon Data Firehose
"Apache Kafka workload migration to AWS"	Amazon MSK
"Query S3 data with SQL; no infrastructure"	Amazon Athena
"Transform S3 CSV data to Parquet for analytics"	AWS Glue ETL job
"Central metadata catalog for data lake"	AWS Glue Data Catalog
"Row/column-level access control on S3 data"	AWS Lake Formation
"BI dashboards; sub-second in-memory analytics"	Amazon QuickSight with SPICE
"Large-scale parallel batch ML training jobs"	AWS Batch or Amazon EMR
"Query historical data in S3 from Redshift"	Amazon Redshift Spectrum
"Graph-based fraud detection or recommendations"	Amazon Neptune
"IoT telemetry time-series data; auto-tiering"	Amazon Timestream
"MongoDB application migration to managed AWS service"	Amazon DocumentDB
"Full-text search and log analytics (ELK stack)"	Amazon OpenSearch Service
"Eliminate Lambda cold starts"	Lambda Provisioned Concurrency
"Global users; low latency for all; HTTP content"	Amazon CloudFront
"Global routing; non-HTTP; static IPs for allow-listing"	AWS Global Accelerator
"Variable Aurora workload; auto-scale compute"	Aurora Serverless v2
"Tightly coupled HPC; low-latency node communication"	EC2 Cluster Placement Group + EFA

Common Traps

DataSync vs. Storage Gateway: DataSync is for migration and batch transfer. Storage Gateway is for ongoing hybrid access. The exam tests this distinction frequently.
CloudFront vs. Global Accelerator: CloudFront caches; Global Accelerator does not. Static IPs = Global Accelerator. Caching/CDN = CloudFront.
gp2 vs. gp3: Always prefer gp3 for new volumes. gp2 ties IOPS to volume size; gp3 lets you configure them independently at lower cost.
Kinesis vs. SQS: Kinesis allows multiple independent consumers to read the same stream; SQS delivers each message to one consumer. If multiple teams need the same events, use Kinesis (or SNS → multiple SQS queues).
DAX write limitation: DAX is a write-through cache — it speeds up reads but does not help write-heavy workloads. The exam sometimes presents a write-heavy scenario and DAX as a distractor.
Aurora Serverless v2 minimum: v2 scales down to 0.5 ACU minimum (not zero). v1 scales to zero but has a cold start. If the question requires true zero-cost-when-idle, v1 or regular serverless patterns (Lambda + DynamoDB) are needed.

Key Terms — Domain 3

Term	One-Line Definition
gp3	EBS general purpose SSD; IOPS configurable independently of size; baseline 3,000 IOPS
io2 Block Express	EBS highest-performance SSD; up to 256,000 IOPS; sub-millisecond latency
Instance Store	Ephemeral NVMe SSD on host hardware; fastest possible; lost on stop/terminate
EFS	Elastic File System; NFS-based; shared across AZs; auto-scales; Linux only
FSx for Lustre	High-performance parallel file system; HPC and ML training; S3 integration
DataSync	Accelerated, scheduled bulk data transfer between on-premises and AWS
Storage Gateway	Hybrid storage service providing on-premises applications access to cloud storage
DAX	DynamoDB Accelerator; in-memory write-through cache; microsecond reads; same API
RDS Proxy	Connection pooler between application and RDS; reduces connection overhead
Kinesis Data Streams	Real-time streaming; multiple consumers; configurable retention; replay capable
Data Firehose	Fully managed delivery stream to S3/Redshift/OpenSearch; no consumer code needed
MSK	Managed Streaming for Kafka; fully Kafka API-compatible; for Kafka migrations
Athena	Serverless SQL on S3; pay per TB scanned; use Parquet and partitioning to reduce cost
Glue	Serverless ETL; Data Catalog; Crawlers for schema discovery
Lake Formation	Data lake governance with row/column-level security on Glue Catalog tables
Redshift Spectrum	Query S3 data directly from Redshift without loading it first
CloudFront Functions	Lightweight JS at edge PoPs; 1ms limit; URL rewrites and header manipulation
Lambda@Edge	Full Lambda at regional edge; for auth, personalization, complex transformations
Global Accelerator	Static anycast IPs; routes via AWS backbone; TCP/UDP; no caching
EFA	Elastic Fabric Adapter; OS-bypass networking for HPC; MPI support
Placement Group (Cluster)	All instances on same rack; lowest latency; use for HPC/ML
MemoryDB	Redis-compatible primary database with multi-AZ durability (not just a cache)

End of Domain 3. Continue to Domain 4: Design Cost-Optimized Architectures →

Domain 2: Design Resilient Architectures

Domain 4: Design Cost-Optimized Architectures

Ready to test yourself?

Practice questions for this topic

Start Practicing →