Architecture Patterns

Scenario: A group of users only should be allowed to change passwords.

Solution: Create a group policy that grants access to the 'change password' permission, ensuring that only the specified group of users can modify their passwords.

Scenario: An EC2 (Elastic Compute Cloud) instance must be delegated permissions to a DynamoDB (Amazon's NoSQL database) table.

Solution: Create a role and assign a permission policy to the role that grants access to the DynamoDB table, enabling the EC2 instance to interact with it.

Scenario: The company has its first AWS (Amazon Web Services) account and needs to assign permissions to users based on job function.

Solution: Use AWS managed policies that are aligned with common job functions to effectively manage permissions.

Scenario: There is a need to restrict access to an AWS service based on the IP address of the source.

Solution: Create an IAM (Identity and Access Management) permission policy that utilizes the condition element with source IP address to control access.

Scenario: A developer needs to make programmatic API (Application Programming Interface) calls.

Solution: The developer should create access keys and use these keys for programmatic access to AWS services.

Scenario: A group of users requires full access to all Amazon EC2 API actions.

Solution: Create a permissions policy that employs a wildcard for the action element, allowing comprehensive access to all actions.

Scenario: The company needs to run a short batch script to configure EC2 instances after launch.

Solution: Utilize user data to provide the script that will execute upon instance initialization.

Scenario: A tightly coupled HPC (High-Performance Computing) workload requires low latency between nodes and optimum network performance.

Solution: Launch EC2 instances in a single Availability Zone (AZ) within a cluster and utilize Elastic Fabric Adapter (EFA) for enhanced performance.

Scenario: A Line of Business (LoB) application receives weekly bursts of traffic and must scale for short periods in a cost-effective manner.

Solution: Use reserved instances and spot instances for bursts, and on-demand instances if the workload requires continuous availability.

Scenario: A single instance application uses a static public IP address. In the event of failure, the address must be remapped to a failover instance.

Solution: Attach an Elastic IP (EIP) to the instance and be prepared to remap the EIP in case of a failure.

Scenario: A fleet of EC2 instances is running in private subnets across multiple Availability Zones (AZs). The company needs a redundant path to the Internet.

Solution: Deploy NAT (Network Address Translation) gateways into multiple Availability Zones and update the route tables accordingly.

Scenario: A team of engineers must administer EC2 instances in private subnets from remote locations using SSH (Secure Shell).

Solution: Deploy a bastion host in a public subnet and instruct the engineers to use the bastion host to access the instances in private subnets.

Scenario: An application uses several EC2 instances. The architect must eliminate the risk of correlated hardware failures.

Solution: Launch the EC2 instances in a spread formation across distinct underlying hardware to reduce the risk of simultaneous failures.

Scenario: An application requires enhanced networking capabilities.

Solution: Choose an instance type that supports Elastic Network Adapter (ENA), ensure ENA is installed, and enable ENA support.

Scenario: An EC2 instance needs close to bare metal performance, Elastic File System (EFS), and high-performance networking.

Solution: Use an AWS Nitro instance type to achieve optimal performance.

Scenario: High Availability (HA) and elastic scalability are required for web servers.

Solution: Utilize EC2 Auto Scaling and an Application Load Balancer (ALB) across multiple Availability Zones for scalability.

Scenario: Low-latency connections over UDP (User Datagram Protocol) to a pool of instances running a gaming application.

Solution: Use a Network Load Balancer (NLB) with a UDP listener. If the application is multi-region, include CloudFront for better performance.

Scenario: Clients need to whitelist a static IP address for a High Availability (HA) load balanced application in an AWS region.

Solution: Use an NLB and create a static IP address in each Availability Zone.

Scenario: An application on EC2 in an Auto Scaling group requires disaster recovery (DR) across regions.

Solution: Create an Auto Scaling group (ASG) in a second region with capacity set to zero. Take snapshots and copy them across regions.

Scenario: An application EC2 instance must scale in larger increments if a significant increase in traffic occurs, compared to small increases in traffic.

Solution: Implement Auto Scaling with a step scaling policy and configure a larger capacity increase.

Scenario: There is a need to scale EC2 instances behind an ALB based on the number of requests completed by each instance.

Solution: Configure a target tracking policy using the ALBRequestCountPerTarget metric for scaling decisions.

Scenario: An application runs on EC2 behind an ALB. Once authenticated, users should not need to re-authenticate if an instance fails.

Solution: Use a session state store such as DynamoDB or ElastiCache to maintain user session information.

Scenario: The company is deploying an IDS (Intrusion Detection System)/IPS (Intrusion Prevention System) solution using virtual appliances and needs to scale horizontally.

Solution: Deploy a gateway load balancer in front of the virtual appliances to manage and distribute traffic.

Scenario: A company needs a method to create AWS accounts programmatically.

Solution: Use the AWS Organizations API to create accounts programmatically.

Scenario: Users in a member account in AWS Organizations should be restricted from making changes in IAM.

Solution: Use a Service Control Policy (SCP) to deny access to IAM actions for specified users.

Scenario: An AWS account must be moved between Organizations.

Solution: Migrate the account using the AWS Organizations console.

Scenario: A solutions architect created a new account through the Organizations console and needs to log in to launch resources.

Solution: The architect should switch roles to access the newly created account.

Scenario: Multiple member accounts in AWS Organizations require the same permissions to be restricted using SCPs.

Solution: Create an Organizational Unit (OU) and add the member accounts, then attach the SCP to that OU.

Scenario: S3 (Simple Storage Service) must only allow access from EC2 instances in a private subnet using private IPs.

Solution: Create a VPC (Virtual Private Cloud) endpoint and configure a bucket policy that restricts access to the VPC endpoint ID using a condition element.

Scenario: Malicious traffic is reaching some EC2 instances in a public subnet from a few identified public IP addresses.

Solution: Use a Network Access Control List (ACL) to deny access based on the source IP addresses. This is the most cost-effective option; AWS WAF (Web Application Firewall) could also be used but generally at a higher cost.

Scenario: A company wishes to connect their on-premises data center to AWS and requires consistent performance and encryption.

Solution: Create an AWS Direct Connect connection and run an AWS Site-to-Site VPN (S2S VPN) over the Direct Connect connection for encryption.

Scenario: The company requires private connectivity between the VPCs in different regions with full redundancy.

Solution: Create VPC peering connections between the respective VPCs to enable private communication.

Scenario: Several remote office locations should be connected to an Amazon VPC and to each other over the internet with full encryption.

Solution: Create a virtual private gateway and attach multiple remote locations in a hub-and-spoke topology using AWS CloudHub.

Scenario: A microservices application requires an instance-level firewall with different rules per application component.

Solution: Create separate security groups for each application component and configure individual rules as needed.

Scenario: A company is using IPv6 addresses with Amazon EC2 and requires enabling outbound internet connectivity.

Solution: Configure an egress-only internet gateway to allow outbound traffic for IPv6 addresses.

Scenario: A subnet must be configured to allow internet connectivity using IPv4 with auto-address assignment.

Solution: Attach an Internet Gateway to the VPC and update the route table for the new subnet. Enable auto-assign public IPv4 settings for that subnet.

Scenario: An on-premises data center needs to establish site-to-site VPN connections to several VPCs in a full mesh architecture.

Solution: Deploy an AWS Transit Gateway and attach the VPN connection from the on-premises data center and each of the involved VPCs.

Scenario: A company is concerned about accidental deletion of S3 objects.

Solution: Enable versioning in the S3 bucket to keep multiple versions of objects, allowing recovery from accidental deletions.

Scenario: Data stored in S3 is frequently accessed for 30 days, then is rarely accessed but must be immediately retrievable.

Solution: Use a lifecycle policy to transition objects from the S3 Standard storage class to S3 Standard-IA (Infrequent Access) after 30 days.

Scenario: A backup of S3 objects within a specific folder in a bucket must be replicated to another region.

Solution: Configure cross-region replication and specify the folder name as a prefix for the replication process.

Scenario: Previous versions of objects in a versioning-enabled S3 bucket must be stored long-term at the lowest cost.

Solution: Create a lifecycle rule that transitions previous versions to the S3 Glacier Deep Archive storage class.

Scenario: A company wishes to manage all encryption of S3 objects through their application with their own encryption keys.

Solution: Use client-side encryption with client-managed keys to control the encryption process.

Scenario: Unencrypted objects in an S3 bucket must be encrypted.

Solution: Re-upload the objects to the S3 bucket and specify the necessary encryption and encryption key settings.

Scenario: An administrator requires a notification whenever objects are deleted from an S3 bucket.

Solution: Configure an event notification that uses the SNS (Simple Notification Service) for alerts upon deletions.

Scenario: A group of customers without AWS credentials must be granted time-limited access to a software update stored in an S3 bucket.

Solution: Generate a presigned URL that allows temporary access to the specific S3 resource.

Scenario: Architects require both programmatic and console access across AWS accounts.

Solution: Configure cross-account access using IAM roles to facilitate this access.

Scenario: An Elastic Load Balancer (ELB) must be resolvable using the company's public domain name. A Route 53 hosted zone exists.

Solution: Create an alias record that maps the domain name to the DNS name of the ELB.

Scenario: A website runs across two AWS regions. All traffic is directed to one region and should be redirected only if the website is unavailable.

Solution: Create a failover routing policy in AWS Route 53 and configure health checks on the primary region.

Scenario: Websites run in several countries and distribution rights require restricting access to content based on the geographic source of the connection.

Solution: Use AWS Route 53 geolocation routing and configure restrictions based on geographic locations.

Scenario: A CloudFront (Amazon's content delivery network) distribution has multiple S3 origins. Requests should be served from different origins based on the type of file being requested.

Solution: Modify the CloudFront behavior settings and configure path patterns for different file types.

Scenario: Content is accessed using an application and CloudFront distribution. Need to control access to multiple files on the distribution.

Solution: Configure signed cookies and update the application to manage access control effectively.

Scenario: An application runs on an ALB in multiple regions. Need to intelligently route traffic based on latency and availability.

Solution: Create an AWS Global Accelerator and add the ALBs to optimize routing.

Scenario: A simple method of backing up Amazon EBS (Elastic Block Store) volumes is required that is fully automated.

Solution: Use AWS Data Lifecycle Manager to create a backup schedule for EBS volumes.

Scenario: A distributed application has many nodes, each holding a synchronized copy of data. Need the best performance.

Solution: Use instance stores for data storage to achieve optimal performance.

Scenario: An application must start up quickly when launched by an Auto Scaling group but requires application dependencies and code to be installed.

Solution: Create an Amazon Machine Image (AMI) that includes all the application dependencies and code for quick deployment.

Scenario: Many Linux instances must be attached to a shared file system that scales elastically.

Solution: Create an EFS (Elastic File System) file system and mount it from each instance for shared access.

Scenario: A company requires a managed file system that uses the NTFS (New Technology File System) file system.

Solution: Use Amazon FSx for Windows File Server, which is designed for Windows-based applications.

Scenario: On-premises servers must be able to attach a block storage system locally. Data should be backed up to S3 as snapshots.

Solution: Deploy an AWS Storage Gateway in volume gateway mode for efficient backup to S3.

Scenario: An EBS volume must be moved between regions.

Solution: Take a snapshot of the EBS volume and copy the snapshot between the regions to transfer the volume.

Scenario: Root EBS volumes for a critical application must not be deleted upon instance termination.

Solution: Modify the 'delete on termination' attribute when launching the EC2 instances to prevent accidental loss.

Scenario: On-premises servers use NFS (Network File System) to attach a file system. The file system should be replaced with an AWS service that utilizes S3 with a local cache.

Solution: Deploy an AWS Storage Gateway in file gateway mode to achieve this functionality.

Scenario: An application will be deployed on Amazon ECS (Elastic Container Service) and must scale based on memory.

Solution: Implement service Auto Scaling and use memory utilization as the scaling metric.

Scenario: An application will run on Amazon ECS tasks across multiple hosts and needs access to an S3 bucket.

Solution: Use a task execution IAM role to provide the necessary permissions to the S3 bucket.

Scenario: A company requires a standard Docker container automation and management service to be used across multiple environments.

Solution: Deploy Amazon EKS (Elastic Kubernetes Service) for managing and orchestrating containers.

Scenario: A company plans to deploy Docker containers on AWS at the lowest cost.

Solution: Use Amazon ECS with a cluster of spot instances and enable spot instance draining to minimize costs.

Scenario: A company plans to migrate Docker containers to AWS and does not want to manage operating systems.

Solution: Migrate to Amazon ECS using Fargate to manage the container orchestration seamlessly.

Scenario: Multiple microservices applications running on ECS require routing based on information in the HTTP header.

Solution: Deploy an ALB in front of ECS and implement query string parameter-based routing for intelligent traffic management.

Scenario: A containerized application runs on EKS. Need to collect and centrally view metrics and logs, including EKS namespaces and services.

Solution: Configure CloudWatch Container Insights to gather and analyze metrics and logs in the CloudWatch console.

Scenario: An application includes EC2 and RDS (Relational Database Service). Spikes in traffic are causing write operations to be dropped by RDS.

Solution: Decouple the EC2 instance and RDS database using an SQS (Simple Queue Service) queue to handle traffic surges.

Scenario: A web application consists of a web tier and a processing tier. These must be decoupled, and the processing tier should dynamically scale based on the number of jobs.

Solution: Decouple the web tier and processing tier using SQS and implement Auto Scaling based on the queue length.

Scenario: Lambda function execution time has increased significantly as the payload size also increased.

Solution: Optimize execution time by increasing the allocated memory to the function, which will proportionally increase available CPU.

Scenario: Statistical data is stored in RDS and accessed using a REST (Representational State Transfer) API. Demand ranges from no traffic to sudden bursts and is unpredictable.

Solution: Create a REST API using Amazon API Gateway and integrate it with an AWS Lambda function for connecting to the RDS.

Scenario: A new application processes customer orders and consists of multiple decoupled tiers. Orders must be processed in the order they are received.

Solution: Implement an SQS FIFO (First-In-First-Out) queue to preserve the order of order processing.

Scenario: An app uses API Gateway and Lambda. During busy periods, many requests fail multiple times before succeeding, with no errors reported in Lambda.

Solution: The throttle limit may be configured too low; increase the throttle limit to accommodate traffic peaks.

Scenario: An EC2 instance processes images using JavaScript code and stores results in S3. The load is highly variable, and a more cost-effective solution is needed.

Solution: Replace the EC2 instance with AWS Lambda, enabling a serverless approach that scales automatically.

Scenario: An application uses an API Gateway regional REST API. It has just gone global, and performance has suffered since the transition.

Solution: Convert the API to an edge-optimized API to enhance performance and optimize for a global user base.

Scenario: A legacy application uses many batch scripts that process data and pass it on to the next script. This is complex and difficult to maintain.

Solution: Migrate the scripts to AWS Lambda functions and utilize AWS Step Functions to coordinate the execution of different components.

Scenario: Objects uploaded to S3 must be processed by a Lambda function.

Solution: Create an event source notification to trigger the Lambda function each time new objects are uploaded to S3.

Scenario: A relational database running on MySQL must be migrated to AWS and configured for High Availability (HA).

Solution: Use Amazon RDS for MySQL and configure a Multi-AZ standby node to ensure high availability.

Scenario: An RDS database experiences high query traffic, causing performance degradation.

Solution: Create a read replica of the RDS database and configure the application to use the reader endpoint for database queries.

Scenario: An RDS database is approaching its storage capacity limits and/or suffering from high write latency.

Solution: Scale up the database instance to a type that offers additional storage and CPU resources.

Scenario: An RDS database is unencrypted, and a cross-region read replica must be created with encryption.

Solution: Encrypt a snapshot of the primary database, then create a new encrypted instance from that snapshot to serve as the cross-region read replica.

Scenario: An Aurora database is deployed and requires cross-region replication.

Solution: Deploy an Aurora MySQL replica in a second region to facilitate cross-region access.

Scenario: An Aurora database is deployed and requires a read replica in the same region with minimal synchronization latency.

Solution: Deploy an Aurora read replica in a different Availability Zone within the same region to minimize latency.

Scenario: An Aurora database is deployed, and an application in another region requires read-only access with low latency. Synchronization latency must be minimized.

Solution: Use the Aurora global database feature and configure the application in the second region to use the reader endpoint.

Scenario: A database and application have been migrated to Aurora and require the ability to write to the database across multiple nodes.

Solution: Use Aurora Multi-Master configuration for an in-region multi-master database to allow writes across nodes.

Scenario: An application requires a session state datastore with low latency.

Solution: Use either ElastiCache or DynamoDB to store session states efficiently.

Scenario: A multithreaded in-memory datastore is required for unstructured data.

Solution: Use ElastiCache with the Memcached engine to achieve high throughput and low latency.

Scenario: An in-memory datastore is required that offers microsecond performance for unstructured data.

Solution: Use Amazon DAX (DynamoDB Accelerator) to achieve extremely low-latency access for DynamoDB data.

Scenario: An in-memory datastore that supports data persistence and high availability is needed.

Solution: Use ElastiCache for Redis, which provides both persistence options and high availability configurations.

Scenario: A serverless database is required that supports NoSQL key-value store workloads.

Solution: Use DynamoDB for its serverless, highly scalable key-value storage capabilities.

Scenario: A serverless database that supports MySQL or PostgreSQL is required.

Solution: Use Aurora Serverless, which dynamically adjusts capacity based on application demands.

Scenario: A relational database is required for a workload with an unknown usage pattern (expected to be low and variable).

Solution: Use Aurora Serverless, which automatically manages scaling based on the workload.

Scenario: An application requires a key-value database that can be written to from multiple AWS regions.

Solution: Use DynamoDB Global Tables to enable multi-region writes and seamless data replication.

Scenario: Athena is being used to analyze a large volume of data based on date ranges, and performance must be optimized.

Solution: Store data using Apache Hive partitioning based on date and utilize optimized storage formats like Apache Parquet or ORC (Optimized Row Columnar) for efficient querying.

Scenario: A Lambda function is processing streaming data from API Gateway and generating too many request exceptions.

Solution: Stream data into Kinesis Data Streams from API Gateway and process it in batches to avoid throttling issues.

Scenario: A Lambda function is processing streaming data that must be analyzed with SQL.

Solution: Load data into Kinesis Data Streams and analyze it using Kinesis Data Analytics to execute SQL queries on the stream.

Scenario: Security logs generated by AWS WAF must be sent to a third-party auditing application.

Solution: Send logs to Kinesis Data Firehose and configure the auditing application using an HTTP endpoint to receive the logs.

Scenario: Real-time streaming data must be stored for future analysis.

Solution: Ingest data into Kinesis Data Streams and use Firehose to load the data into a data store for later analysis.

Scenario: A company runs several production databases and must execute complex queries across a consolidated dataset for business forecasting.

Solution: Load data from online transaction processing (OLTP) databases into an Amazon Redshift data warehouse for online analytical processing (OLAP).