Decision Matrix

IAM Policy Evaluation and Deletion Rights | SAA-C03

21 January 2026·876 words·5 mins

Architecture Drills Cloud Provider (AWS/Azure/GCP) AWS SAA-C03 FinOps Decision Matrix IAM

Two IAM policies are attached to a group. The user can perform only the action that is explicitly allowed and not blocked by any explicit deny.

EC2 Placement Groups—Speed vs Resilience | SAP-C02

21 January 2026·1270 words·6 mins

Architecture Drills AWS SAP-C02 FinOps Decision Matrix EC2 Placement Groups Enhanced Networking HPC

When building low-latency, high-throughput applications without fault tolerance requirements, understanding the nuances between Cluster, Spread, and Partition placement groups is critical. This drill explores why network topology, not just instance type, determines success.

Hybrid SFTP to S3 with AD Auth | SAA-C03

21 January 2026·947 words·5 mins

Architecture Drills Cloud Provider (AWS/Azure/GCP) SAA-C03 FinOps Decision Matrix AWS Transfer Family

Migrate a legacy SFTP workflow to AWS with Amazon S3 storage while keeping on-prem Microsoft AD authentication. The lowest-ops path is AWS Transfer Family using Directory Service AD Connector for identity federation.

Resilient IoT Ingestion Trade-offs | SAP-C02

20 January 2026·1133 words·6 mins

Architecture Drills Cloud Provider (AWS) AWS SAP-C02 FinOps Decision Matrix Amazon MSK AWS IoT Core

A leading manufacturing firm needed to redesign their sensor data ingestion to avoid data loss after on-premises Kafka outages. This drill explores managed AWS streaming and IoT services to balance resilience, cost, and operational overhead.

Auto-Healing Network Inspection Route Decisions | SAP-C02

20 January 2026·1521 words·8 mins

Architecture Drills AWS AWS SAP-C02 FinOps Decision Matrix Auto Scaling CloudWatch Lambda SNS Network Engineering Event-Driven Architecture

When network appliances fail in auto-scaling groups, static routes become stale. This SAP-C02 scenario explores the orchestration pattern combining custom metrics, event-driven automation, and Lambda-based route reconciliation—a real-world decision between operational complexity and infrastructure reliability.

Cut Idle Compute via Event Triggers | SAP-C02

19 January 2026·1394 words·7 mins

Architecture Drills AWS SAP-C02 FinOps Decision Matrix Lambda Event-Driven Architecture Cost Optimization S3 Event Notifications

A financial analytics firm wastes 40% of EC2 costs on idle time. This drill analyzes four architectures—Lambda, SQS+ASG, containerized polling, and ECS Fargate—to identify the optimal event-driven solution balancing FinOps impact and operational overhead.

Cross-Account Migration Cost vs Uptime | SAP-C02

19 January 2026·1027 words·5 mins

Architecture Drills Cloud Provider (AWS) SAP-C02 FinOps Decision Matrix Lambda Aurora Cross-Account Migration

A mid-size enterprise plans to migrate a critical Lambda + Aurora application from an existing AWS account to a new AWS account. This drill explores options balancing downtime, security, and FinOps impact.

Enforcing Spend Limits with SCP vs Budgets | SAP-C02

19 January 2026·1439 words·7 mins

Architecture Drills AWS SAP-C02 FinOps Decision Matrix AWS Organizations SCP AWS Budgets Cost Control Landing Zone

How do you enforce developer spending limits in AWS Organizations without blocking innovation? This drill analyzes the critical difference between SCPs (preventive), IAM policies (identity-based), and AWS Budgets (reactive) for cost control—a common SAP-C02 trap.

Secure SSH Audit vs Perimeter Control | SAP-C02

19 January 2026·1894 words·9 mins

Architecture Drills AWS SAP-C02 FinOps Decision Matrix Systems Manager Session Manager EC2 Security Audit

A high-level summary: Migrating from traditional SSH to modern session management while balancing security, audit requirements, and operational complexity for a startup’s EC2 fleet.

RDS Read Scaling Trade-off Decision | SAA-C03

19 January 2026·1302 words·7 mins

Architecture Drills AWS SAA-C03 FinOps Decision Matrix RDS Read Replica Multi-AZ Database Scaling

Learn why RDS Read Replicas defeat Multi-AZ for read scaling, and how to size them correctly. A critical SAA-C03 scenario analyzing read traffic offloading strategies.