AWS : Solutions Architect Associate Exam — Part 4

A Quick Review to Design Cost-Optimized Architectures

Part 4 : Design Cost-Optimized Architectures (18% of exam)

• Identify cost-optimized solutions for Compute, Storage, Database & Network.

1. A company is regularly processing steady workloads every night on their on-premises data center. The CTO has decided to move their IT infrastructure to AWS to save cost and to improve the scalability.

As the Solutions Architect, how can you implement a cost-effective architecture in AWS for their financial system?

Use Scheduled Reserved Instances, which provide compute capacity that is always available on the specified recurring schedule.

Scheduled Reserved Instances enable you to purchase capacity reservations that recur on a daily, weekly, or monthly basis, with a specified start time and duration, for a one-year term. You reserve the capacity in advance, so that you know it is available when you need it. You pay for the time that the instances are scheduled, even if you do not use them.

https://aws.amazon.com/blogs/aws/new-scheduled-reserved-instances/

2. A company has several Reserved EC2 instances hosting a web application that has been decommissioned last week. To save costs, you need to stop incurring charges for the Reserved instances as soon as possible.

What cost-effective steps will you take in this circumstance ?

Terminate the Reserved instances as soon as possible to avoid getting billed at the on-demand price when it expires.

Go to the AWS Reserved Instance Marketplace and sell the Reserved instances.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-market-general.html

3. The Solutions Architect needs real-time guidance for provisioning AWS resources according to AWS best practices.

What is the appropriate AWS service to use to satisfy this task ?

AWS Trusted Advisor.

A real-time guidance to help you provision your resources following AWS best practices. It inspects your AWS environment and makes recommendations for

• Cost Optimization —help you save cost by recommending you to delete unused or idle resources, or use reserved capacity.
• Performance — improve the performance of your services by ensuring that you are not under-utilize or over-utilize your provisioning AWS resources.
• Security — improve the security of your application by recommending you to enable AWS security features, and review your permissions.
• Fault Tolerance — increase the availability of your AWS application by recommending you to take advantage of auto scaling, health checks, multi-AZ Regions, and backup capabilities.
• Service Limits — notify you if you use more than 80% of a service quota. You can then follow recommendations to delete resources or request a quota increase.

https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

4. A Solutions Architect needs to create a publicly accessible EC2 instance by using an Elastic IP address.

What is correct regarding the pricing of Elastic IP ?

An Elastic IP address is free as long as the following conditions are true:

• The Elastic IP address is associated with an Amazon EC2 instance.
• The instance associated with the Elastic IP address is running.
• The instance has only 1 Elastic IP address attached to it.
• The Elastic IP address is associated with an attached network interface, such as a Network Load Balancer or NAT gateway.

You’re charged by the hour for each Elastic IP address that doesn’t meet these conditions.

If you don’t need Elastic IP address anymore, even you’ve stopped or terminated an EC2 instance, consider disassociating or releasing the Elastic IP address to stop incurring charge.

https://aws.amazon.com/premiumsupport/knowledge-center/elastic-ip-charges/

5. A company is planning to launch a High Performance Computing (HPC) cluster in AWS. The cluster is composed of Windows servers hosted on EC2 instances. As the Solutions Architect, you should ensure that the architecture provides higher bandwidth, higher packet per second (PPS) performance, and consistently lower inter-instance latencies.

What is the most suitable and cost-effective solution to achieve the above requirements ?

Enable Enhanced Networking with Elastic Network Adapter (ENA) on the Windows EC2 Instances.

Amazon EC2 provides enhanced networking capabilities through the Elastic Network Adapter (ENA). It supports network speeds of up to 100 Gbps for supported instance types. ENAs provide traditional IP networking features that are required to support VPC networking.

Note that An Elastic Fabric Adapter (EFA) is simply an Elastic Network Adapter (ENA) with with additional OS-bypass functionality. OS-bypass is an access model that allows HPC and machine learning applications to communicate directly with the network interface hardware to provide low-latency, reliable transport functionality.

Unfortunately, The OS-bypass capabilities of EFAs are not supported on Windows instances. If you attach an EFA to a Windows instance, the instance functions as an ENA, without the added EFA capabilities.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced-networking.html

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html

6. A company has an infrastructure that allows EC2 instances from a private subnet to fetch objects from Amazon S3 via a NAT Instance.

How should the Solutions Architect redesign the architecture to lower down the cost ?

Remove the NAT Instance and create an S3 Gateway Endpoint to access S3 objects.

A VPC endpoint enables you to privately connect your VPC to supported AWS services.

Without VPC endpoints, communications that originate from within a VPC destined for public AWS services must egress AWS to the public Internet in order to access AWS services. This network path incurs outbound data transfer charges.

With VPC endpoints, Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other services does not leave the Amazon network.

There are two types of VPC endpoints: Interface Endpoints and Gateway Endpoints. As a rule of thumb, most AWS services use VPC Interface Endpoint except for S3 and DynamoDB, which use VPC Gateway Endpoint.

https://aws.amazon.com/blogs/architecture/reduce-cost-and-increase-security-with-amazon-vpc-endpoints/

7. A company requires corporate IT governance and cost oversight of all of its AWS resources across its divisions. Their corporate divisions want to maintain administrative control of the discrete AWS resources they consume and ensure that those resources are separate from other divisions.

As the Solutions Architect, which combination of options should you implement in this scenario ?

Creating AWS Organizations — You can use the Consolidated Billing feature in AWS Organizations to consolidate payment for multiple AWS accounts. You can also get a cost report for each member account that is associated with your master account.

https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

Enabling IAM Cross-Account — You share resources in one account with users in a different account. By setting up cross-account access in this way, you don’t need to create individual IAM users in each account. In addition, users don’t have to sign out of one account and sign into another in order to access resources that are in different AWS accounts.

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

Using AWS Resource Access Manager (RAM) — you can securely share your resources across AWS accounts, within your organization or organizational units (OUs) in AWS Organizations, and with IAM roles and IAM users for supported resource types. You can use AWS RAM to share transit gateways, subnets, AWS License Manager license configurations, Amazon Route 53 Resolver rules, and more.

https://aws.amazon.com/ram/

8. A company has built data warehousing by using Amazon Redshift. As part of the cost optimizations, the company wants to move any historical data into S3. However the analysts want to retain the ability to cross-reference this historical data along with the daily reports.

As a solutions architect, what AWS services would you recommend to satisfy this requirement ?

Use Redshift Spectrum — create Redshift cluster tables pointing to the underlying historical data in S3. The analytics team can then query this historical data to cross-reference with the daily reports.

https://docs.aws.amazon.com/redshift/latest/dg/c-using-spectrum.html

Related Articles

• AWS Solutions Architect Associate Exam — Part 1
• AWS Solutions Architect Associate Exam — Part 2
• AWS Solutions Architect Associate Exam — Part 3
• AWS Solutions Architect Associate Exam — Part 4

Reference

• [Udemy] Ultimate AWS Certified Solutions Architect Associate 2021
• [Udemy] AWS Certified Solutions Architect Associate Practice Exams