Security, Cost & Well-Architected Frameworks
Cost Optimization Strategies
Cost optimization is a key differentiator for cloud architects. Interviewers expect you to balance performance, reliability, and cost effectively.
AWS Pricing Models
Compute Pricing Options
| Model | Discount | Commitment | Best For |
|---|---|---|---|
| On-Demand | 0% | None | Variable workloads |
| Savings Plans | Up to 72% | 1-3 years | Predictable compute |
| Reserved Instances | Up to 72% | 1-3 years | Specific instances |
| Spot Instances | Up to 90% | None | Fault-tolerant workloads |
Savings Plans vs Reserved Instances
| Aspect | Savings Plans | Reserved Instances |
|---|---|---|
| Flexibility | Any instance family | Specific instance type |
| Region | Region-flexible (Compute SP) | Region-specific |
| Service | EC2, Lambda, Fargate | EC2, RDS only |
| Management | Simpler | More complex |
| Recommendation | Modern choice | Legacy workloads |
Interview Question: Cost Strategy
Q: "Design a cost optimization strategy for a variable workload with a predictable baseline."
A: Hybrid approach:
Workload Analysis:
├── Baseline: 100 instances (consistent)
├── Peak: 300 instances (variable)
└── Fault-tolerant batch: 50 instances
Cost Strategy:
├── Baseline (100): Compute Savings Plan (3-year)
│ └── 66% savings
├── Variable (0-200): On-Demand + Spot mix
│ ├── Critical: On-Demand
│ └── Non-critical: Spot (70/30 mix)
└── Batch (50): Spot Instances
└── Up to 90% savings
Expected Savings: 45-55% compared to all On-Demand.
Right-Sizing
Analysis Process
-
Collect Metrics (2-4 weeks minimum)
- CPU utilization
- Memory usage
- Network throughput
- Storage IOPS
-
Identify Candidates
- Average CPU < 40%: Downsize
- CPU consistently > 80%: Upsize
- Memory-bound: Consider memory-optimized
-
Test and Validate
- Load test new size
- Monitor for 1-2 weeks
- Rollback plan ready
AWS Tools for Right-Sizing
| Tool | Function | Cost |
|---|---|---|
| Cost Explorer | Right-sizing recommendations | Free |
| Compute Optimizer | ML-based recommendations | Free (basic) |
| Trusted Advisor | Instance recommendations | Business/Enterprise |
Interview Question: Right-Sizing RDS
Q: "Your RDS database is consistently at 20% CPU. What's your recommendation?"
A: Don't immediately downsize. Analyze holistically:
-
Check Memory Pressure
- Low CPU doesn't mean oversized
- Database may be memory-bound
-
Analyze Query Patterns
- Peak vs average utilization
- Batch job timing
-
Consider Buffer Pool
- Larger instance = more cache
- May improve performance significantly
-
Recommendation
- If memory and IOPS also low: Downsize
- If memory high: Stay or switch to memory-optimized
- Test thoroughly before production change
Storage Optimization
S3 Storage Classes
| Class | Access Pattern | Cost (per GB) | Retrieval |
|---|---|---|---|
| Standard | Frequent | $$$ | Instant |
| Intelligent-Tiering | Variable | $$$ + monitoring | Instant |
| Standard-IA | Infrequent (30+ days) | $$ | Instant |
| One Zone-IA | Infrequent, non-critical | $ | Instant |
| Glacier Instant | Archive, instant access | $ | Instant |
| Glacier Flexible | Archive | ¢ | Minutes-hours |
| Glacier Deep Archive | Long-term archive | ¢ | Hours |
S3 Lifecycle Policies
Lifecycle Rules:
- Transition to Standard-IA: 30 days
- Transition to Glacier: 90 days
- Transition to Deep Archive: 365 days
- Delete: 7 years (compliance)
EBS Optimization
| Volume Type | Use Case | Cost Consideration |
|---|---|---|
| gp3 | General purpose | 20% cheaper than gp2 |
| io2 | High IOPS | Pay for provisioned IOPS |
| st1 | Throughput | Cheaper for sequential |
| sc1 | Cold storage | Cheapest block storage |
Quick Win: Migrate gp2 to gp3 for immediate 20% savings with same or better performance.
Data Transfer Costs
Transfer Cost Matrix
| From | To | Cost |
|---|---|---|
| Internet | AWS | Free |
| AWS | Internet | $0.09/GB (first 10TB) |
| Same Region (AZ to AZ) | $0.01/GB | |
| Cross-Region | $0.02/GB | |
| VPC Peering (same region) | $0.01/GB | |
| PrivateLink | $0.01/GB + hourly |
Cost Reduction Strategies
-
Use VPC Endpoints
- S3 Gateway endpoint: Free
- Avoid NAT Gateway data processing
-
Regional Deployment
- Keep compute near data
- Multi-region only when required
-
CloudFront for Egress
- Often cheaper than direct egress
- Additional caching benefits
-
Compression
- Compress data before transfer
- Significant savings for text/logs
Interview Question: Data Transfer
Q: "Your monthly data egress is $50,000. How would you reduce it?"
A: Multi-pronged approach:
| Strategy | Potential Savings |
|---|---|
| CloudFront distribution | 20-40% |
| Response compression | 30-50% |
| Caching headers | 20-30% |
| Regional endpoints | 10-20% |
| S3 Transfer Acceleration review | Variable |
Action Plan:
- Analyze CloudWatch for transfer patterns
- Implement CloudFront for repeat requests
- Enable gzip/brotli compression
- Review API response sizes
- Consider reserved capacity for predictable egress
FinOps Practices
Cost Allocation
-
Tagging Strategy
- Mandatory: Environment, Owner, Project, CostCenter
- Enforce via SCP or AWS Config
-
AWS Organizations
- Separate accounts by business unit
- Consolidated billing
- Reserved capacity sharing
Monitoring and Governance
| Tool | Purpose |
|---|---|
| AWS Budgets | Alerts and forecasting |
| Cost Anomaly Detection | ML-based anomaly alerts |
| Cost Explorer | Analysis and reporting |
| Savings Plans recommendations | Purchase guidance |
Chargeback Model
Central IT Budget
↓
Cost Allocation Tags
↓
Monthly Reports per Team
↓
Business Unit Chargeback
Key Insight: Cost optimization is continuous, not one-time. Implement automated policies, regular reviews, and team accountability to maintain efficiency as workloads evolve.
Next, we'll explore the AWS Well-Architected Framework. :::