Exam Guide: Solutions Architect - Associate
⚡ Domain 4: Design Cost-Optimized Architectures
📘 Task Statement 4.4
🎯 Designing Cost-Optimized Network Architectures is about selecting the cheapest networking design that still meets requirements for performance, availability, security, and scalability.
Start by understanding:
1. Traffic flow
2. Connectivity needs
3. Data transfer patterns
Then choose:
1. Networking services
2. Routing model
3. Edge strategy
Finally optimise using:
- Caching
- CDN
- NAT strategy
- Traffic reduction techniques
You are often deciding between:
1 Internet Gateway vs VPN vs Direct Connect
2 NAT Gateway vs NAT Instance
3 VPC Peering vs Transit Gateway
4 Edge caching vs origin traffic
5 Cross-AZ vs single-AZ traffic
📘 Knowledge
1 | AWS Cost Management Features
Network cost optimization starts with visibility into data transfer and routing charges.
Cost Allocation Tags & Multi-Account Billing
Network cost should be tracked by:
1 Environment (prod/dev/test)
2 Application or service
3 Network layer (VPC, NAT, ALB)
1.1 Cost Allocation Tags
Used to track:
1. NAT Gateway cost
2. Load Balancer usage
3. VPC traffic patterns
1.2 Multi-Account Billing (AWS Organizations)
Centralized billing for:
1. Multiple accounts
2. Environment separation
3. Cost visibility across teams
2 | AWS Cost Management Tools
2.1 Cost Explorer
- Analyze data transfer trends
- Identify expensive network paths
2.2 AWS Budgets
- Alerts for unexpected network cost spikes
2.3 Cost and Usage Report (CUR)
- Deep-level network cost analysis
3 | Load Balancing Concepts
Application Load Balancer (ALB)
- Layer 7 routing
- Cost based on usage
4 | NAT Gateways
NAT Gateways vs NAT Instances
4.1 NAT Gateway
- Managed
- Highly available
- Higher cost (per hour + per GB)
Production → NAT Gateway
Avoid NAT Gateway usage for AWS services:
- Gateway Endpoint (S3, DynamoDB) → FREE
- Interface Endpoint → Private connectivity
4.2 NAT Instance
- EC2-based
- Cheaper but requires management
Dev/Test → NAT Instance
5 | Network Connectivity Options
5.1 Internet Gateway (IGW)
- Public internet access
- No additional hourly cost
5.2 AWS Site-to-Site VPN
- Encrypted over internet
- Quick setup
- Lower cost than Direct Connect
5.3 AWS Direct Connect
- Dedicated private connection
- High performance
- Higher fixed cost
6 | Network Routing, Topology, and Peering
6.1 VPC Peering
- Direct VPC-to-VPC connection
- Low cost
- Not scalable for large architectures
6.2 AWS Transit Gateway
- Central routing hub
- Scalable but adds cost per attachment
7 | Network Services
7.1 Amazon Route 53
Route 53 is a scalable DNS and domain management service used to:
- Route user traffic to applications
- Improve availability with health checks
- Optimize routing decisions (latency, geography, failover)
7.2 AWS Global Accelerator
- Optimizes routing
- Reduces latency
7.3 Amazon CloudFront
- Caches content globally
- Reduces origin load and data transfer costs
Skills
A | NAT Strategy
- Single NAT Gateway → cost efficient
- Multi-AZ NAT → high availability
B | Connectivity Selection
| Requirement | Solution |
|---|---|
| Internet access | IGW |
| Hybrid connection | VPN |
| Enterprise private link | Direct Connect |
C | Routing Optimization
1 Reduce cross-AZ traffic
2 Use VPC endpoints
3 Use CloudFront for caching
Cross-AZ Traffic
Avoid unnecessary:
- Cross-AZ calls
- Distributed chatty microservices
Cross-Region Traffic
Use only when needed for:
- DR
- Global users
VPC Endpoints
Avoid NAT Gateway usage for AWS services.
- Gateway Endpoint (S3, DynamoDB) → FREE
- Interface Endpoint → Private connectivity
D | CDN Strategy
Amazon CloudFront
- Caches content globally
- Reduces origin load and data transfer costs
Use CloudFront for:
1 Global users
2 Static assets
3 API acceleration
E | Workload Optimization
Look for:
1 Unused NAT Gateways
2 Cross-region traffic waste
3 Missing caching layers
F | Throttling Strategy
RDS Proxy
- Connection pooling
- Reduces database/network pressure
API Throttling
- Prevents traffic spikes
- Reduces scaling cost
G | Bandwidth Allocation
- VPN = small workloads
Direct Connect = high traffic workloads
Single VPN → low throughput
Multiple VPNs → higher throughput
Direct Connect → stable high bandwidth
🧠 Cheat Sheet
| Requirement | Solution |
|---|---|
| Reduce NAT cost | VPC Endpoints |
| Global traffic | CloudFront |
| Hybrid networking | VPN / Direct Connect |
| Multi-VPC architecture | Transit Gateway |
| Simple connectivity | VPC Peering |
| Reduce DB/network load | RDS Proxy + caching |
| High bandwidth private link | Direct Connect |
Recap Checklist ✅
1. [ ] I can choose NAT Gateway vs NAT Instance
2. [ ] I understand VPN vs Direct Connect trade-offs
3. [ ] I can reduce cost using VPC Endpoints
4. [ ] I understand cross-AZ and cross-region cost impact
5. [ ] I can apply CloudFront for edge optimization
6. [ ] I understand Transit Gateway vs VPC Peering
7. [ ] I can optimize ALB usage
8. [ ] I can identify expensive routing patterns
AWS Whitepapers and Official Documentation
Cost Management
1. Cost Explorer
2. AWS Budgets
3. CUR
4. Organizations
Networking Core Services
1. VPC
2. Transit Gateway
3. VPC Peering
4. Direct Connect
5. VPN
Optimization Services
1. Cloudfront
2. Global Accelerator
3. VPC Endpoints
4. Load Balancing
Performance Optimization
🚀
Top comments (0)