SkarpSkarp

Chapter 2 of 9

AWS Foundations and the Well-Architected Lens

Before tackling complex scenarios, anchor your thinking in how AWS itself structures the cloud: Regions, AZs, core services, and the Well‑Architected Framework that quietly drives many exam answers. This module connects the moving parts so exam questions start to feel predictable instead of random.

15 min readen

Big Picture: AWS Foundations + Exam Lens

Why This Module Matters

You will connect AWS building blocks (Regions, AZs, core services) with the AWS Well-Architected Framework. This is how SAA-C03 expects you to think: design-level tradeoffs, not button-click details.

Predictable Exam Patterns

You will see how infrastructure shapes availability, latency, and disaster recovery, and how EC2, S3, RDS, DynamoDB, VPC, and IAM fit together in typical solution architectures.

Use the Well-Architected Lens

As you learn each concept, ask: which Well-Architected pillar does this support, and what tradeoff is being made? This makes scenario questions feel structured instead of random.

AWS Global Infrastructure: Regions, AZs, Edge

Regions

A Region is a geographic area like `us-east-1`. You choose Regions for latency, data residency/compliance, and which AWS services are available there.

Availability Zones

An AZ is one or more data centers in a Region, with independent power and networking. AZs are connected with low-latency links. Use multiple AZs for high availability.

Edge Locations

Edge locations are smaller sites used by CloudFront and Route 53 to cache and serve content close to users, reducing latency for static and DNS traffic.

Pillars Connection

Multi-AZ and multi-Region support reliability. Placing workloads close to users supports performance. Right-sizing cross-Region use supports cost and sustainability.

Design Choice Exercise: Region vs AZ vs Edge

Work through these quick scenarios. Answer in your head or jot them down; then compare with the guidance.

  1. Scenario: Internal HR app for one country
  • Employees are all in Germany. Data must stay in the EU by regulation. Latency can be 50–100 ms without issues.
  • Question: What matters more: Region, AZ, or edge locations?
  • Hint: Think compliance + basic availability.

Suggested reasoning:

  • Choose an EU Region (for example, `eu-central-1` or `eu-west-1`) to meet data residency rules.
  • Use multi-AZ (for example, RDS Multi-AZ, EC2 Auto Scaling across 2 AZs) for availability.
  • Edge locations are less critical because this is an internal app, not public global content.
  1. Scenario: Global marketing website with images and videos
  • Users are worldwide. Static content must load quickly from anywhere.
  • Question: Which AWS construct is most important for latency?

Suggested reasoning:

  • Use CloudFront with edge locations to cache static content close to users.
  • The origin Region still matters, but edge locations have the biggest latency impact globally.
  1. Scenario: Critical trading app
  • Must survive data center failure within a Region with minimal downtime.
  • Question: Which design choice is essential?

Suggested reasoning:

  • Deploy across multiple AZs in the same Region (multi-AZ EC2, RDS Multi-AZ, load balancer across AZs).
  • Multi-Region might be used for disaster recovery, but multi-AZ is the first reliability step.

As you read exam questions, pause and classify: Is this problem mainly about Region, AZ, or edge?

Core Compute and Storage: EC2 and S3

EC2 Overview

Amazon EC2 provides virtual servers. You pick instance type, OS, storage, and network. Use Auto Scaling and load balancers across AZs for high availability and elasticity.

EC2 and Pillars

Performance: right-size instances and use Auto Scaling. Cost: Spot, Savings Plans, or Reserved Instances. Reliability: distribute EC2 across multiple AZs.

S3 Overview

Amazon S3 is object storage with very high durability. Data is automatically stored across multiple AZs in a Region. Ideal for files, backups, logs, and static website assets.

S3 Patterns and Pillars

Use S3 as a CloudFront origin, for static sites, and with lifecycle policies. Reliability: durability and versioning. Cost: storage classes. Security: bucket policies and encryption.

Example Architecture: Simple Web App on AWS

Requirements

A web app in `us-east-1` needs high availability, low latency static content, secure database access, and reasonable cost. Users are mainly in one Region.

Core Design Pieces

Use a VPC with 2 AZs, ALB in public subnets, EC2 Auto Scaling in private subnets, RDS Multi-AZ for the database, S3 (and maybe CloudFront) for static assets, and IAM roles.

Reliability and Performance

Reliability: multi-AZ ALB, EC2, RDS with health checks and Auto Scaling. Performance: S3/CloudFront for static assets and scaling EC2 based on load.

Security, Cost, Sustainability

Security: private subnets, security groups, IAM roles. Cost: Auto Scaling, S3 storage, Savings Plans. Sustainability: right-size capacity and avoid idle resources.

Databases and Data Stores: RDS vs DynamoDB

RDS Basics

Amazon RDS is a managed relational database service. It supports engines like MySQL, PostgreSQL, and Aurora, with Multi-AZ, read replicas, and automated backups.

When to Use RDS

Choose RDS when you need joins, transactions, or complex SQL queries, or when migrating an existing relational application.

DynamoDB Basics

DynamoDB is a fully managed NoSQL key-value and document store with single-digit millisecond latency and automatic scaling.

When to Use DynamoDB

Choose DynamoDB when you need massive scale, predictable low latency, or flexible schema; global tables support multi-Region active-active setups.

Networking and Identity: VPC and IAM

VPC Essentials

A VPC is your isolated AWS network. Use public subnets for internet-facing resources, private subnets for internal ones, and route tables and gateways to control traffic.

VPC and Pillars

Security: isolate app tiers with subnets and security groups. Reliability: subnets across multiple AZs. Performance: place resources close to each other to reduce latency.

IAM Essentials

IAM manages who can do what on which resources. Core pieces: users, groups, roles, and policies. Always aim for least privilege.

IAM and Exam Patterns

If you see access denied or credential concerns, think IAM roles and policies. Use roles for EC2 and other services instead of embedding access keys.

The AWS Well-Architected Framework: 6 Pillars

Pillars Overview

The AWS Well-Architected Framework has six pillars: operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability.

Ops, Security, Reliability

Operational excellence: run, monitor, and improve systems. Security: protect data and systems. Reliability: design to recover from failures and meet demand.

Performance and Cost

Performance efficiency: use resources efficiently as demand changes. Cost optimization: avoid unnecessary costs with Auto Scaling, lifecycle policies, and right-sizing.

Sustainability

Sustainability: reduce environmental impact. Use efficient code, managed services, and right-sized resources to minimize waste and energy use.

Quick Pillar Check

Match the design decision to the most relevant Well-Architected pillar.

You are asked to redesign a workload to reduce idle EC2 capacity and move infrequently accessed logs to cheaper storage. Which pillar is MOST directly addressed?

  1. Reliability
  2. Cost optimization
  3. Performance efficiency
  4. Operational excellence
Show Answer

Answer: B) Cost optimization

Reducing idle EC2 capacity and moving infrequently accessed logs to cheaper storage are classic **cost optimization** actions (right-sizing and using appropriate storage classes). Reliability and performance may also improve, but cost is the main driver.

Core Service Choice Quiz

Decide which service best fits the scenario.

An application needs millisecond-latency access to simple key-value data at very high scale, with minimal operational overhead. Which AWS service is the BEST fit?

  1. Amazon RDS Multi-AZ
  2. Amazon DynamoDB
  3. Amazon S3 Standard
  4. Amazon EFS
Show Answer

Answer: B) Amazon DynamoDB

Amazon DynamoDB is designed for high-scale, low-latency key-value and document workloads with minimal operational overhead. RDS is relational, S3 is object storage, and EFS is a file system.

Mini-Design: Apply the Well-Architected Lens

Take 2 minutes to mentally design a solution and map it to pillars.

Scenario

A startup runs a photo-sharing app. Currently:

  • One EC2 instance in a single AZ runs everything.
  • Photos are stored on the instance's local disk.
  • Database is on the same instance.
  • Users sometimes see downtime during OS patches.

Task 1: Identify 3 major risks

Think about: single points of failure, durability, and operations.

Suggested risks

  • Single EC2 instance in one AZ: low reliability.
  • Photos on local disk: risk of data loss if the instance fails.
  • Manual patching on the only instance: operational risk and downtime.

Task 2: Sketch an improved design using core services

Aim for simple but well-architected.

Suggested improvements

  • Move photos to S3 (high durability, cheaper, easier to scale).
  • Use RDS Multi-AZ for the database.
  • Put app servers in an Auto Scaling group across 2 AZs behind an ALB.
  • Use IAM roles for EC2 to access S3 and RDS securely.
  • Use CloudWatch for monitoring and alarms.

Task 3: Map to pillars

  • Reliability: multi-AZ EC2 and RDS, S3 durability.
  • Security: IAM roles, private subnets for app and DB.
  • Performance efficiency: Auto Scaling and S3 for static assets.
  • Cost optimization: scale out/in, S3 storage classes for older photos.
  • Operational excellence: monitoring, easier deployments.
  • Sustainability: right-sized, auto-scaled compute instead of one over-provisioned instance.

Use this pattern whenever you see a "single server" anti-pattern on the exam: move to managed, multi-AZ, and elastic services.

Review Key Terms

Flip through these cards to reinforce core concepts and how they connect to the Well-Architected pillars.

Region vs Availability Zone (AZ)
A Region is a geographic area (for example, `us-east-1`). An AZ is one or more data centers within a Region. Use **multiple AZs** for high availability; use **multiple Regions** for disaster recovery or compliance.
Edge location
A site used by services like CloudFront and Route 53 to cache and serve content closer to users. Key for **low latency** content delivery and DNS.
Amazon EC2
Virtual servers in the cloud. You manage OS and runtime. Use Auto Scaling and load balancers across AZs for **reliability**, **performance**, and **cost optimization**.
Amazon S3
Highly durable object storage across multiple AZs in a Region. Common for backups, logs, and static assets. Supports lifecycle policies and multiple storage classes for **cost optimization**.
Amazon RDS
Managed relational database service with Multi-AZ and read replicas. Use when you need SQL, joins, and transactions. Strong for **reliability** and **operational excellence**.
Amazon DynamoDB
Fully managed NoSQL key-value/document database with single-digit millisecond latency and automatic scaling. Ideal for high-scale, low-latency workloads.
Amazon VPC
Your isolated network in AWS. Use subnets, route tables, security groups, and gateways to control traffic. Central to **security** and **reliability**.
AWS IAM Role
An identity with permissions that AWS services can assume. Use roles (not hard-coded keys) to grant EC2, Lambda, and others access to AWS resources. Core to **security**.
Well-Architected: Reliability
Design to withstand failures: multi-AZ, health checks, Auto Scaling, backups, and cross-Region strategies where needed.
Well-Architected: Cost optimization
Avoid unnecessary cost via right-sizing, Auto Scaling, appropriate storage classes, and pricing models like Savings Plans.

Key Terms

Region
A physical geographic area where AWS has multiple data centers grouped into Availability Zones. You choose Regions for latency, compliance, and service availability.
AWS IAM
Identity and Access Management, the service that controls authentication and authorization to AWS resources using users, groups, roles, and policies.
Amazon S3
Simple Storage Service, an object storage service that provides high durability and scalability for data such as files, backups, and logs.
Amazon EC2
Elastic Compute Cloud, a core AWS service that provides resizable virtual servers in the cloud.
Amazon RDS
Relational Database Service, a managed relational database offering supporting multiple database engines with automated backups and high-availability options.
Amazon VPC
Virtual Private Cloud, a logically isolated section of the AWS Cloud where you can define and control your virtual network environment.
Edge location
A site used by services like Amazon CloudFront and Amazon Route 53 to cache and serve content closer to end users to reduce latency.
Amazon DynamoDB
A fully managed NoSQL key-value and document database service designed for single-digit millisecond performance at any scale.
Availability Zone (AZ)
One or more discrete data centers in a Region with independent power and networking. AZs are connected with low-latency links and are used together for high availability.
AWS Well-Architected Framework
A set of best practices organized into six pillars (operational excellence, security, reliability, performance efficiency, cost optimization, sustainability) used to evaluate and improve cloud architectures.

Finished reading?

Test your understanding with a custom practice exam on this chapter.

Test yourself