Become an AWS Solutions Architect: 15 Real-World Scenarios to Master

Transitioning to an AWS Solutions Architect role? You know that technical knowledge alone isn’t enough. The role demands the ability to translate business requirements into secure, scalable, and cost-effective cloud architectures. True architects excel at navigating complex trade-offs and making strategic decisions with real business impact.

To help you develop this critical thinking, I’ve created 15 comprehensive, real-world scenarios that mirror the challenges AWS Solutions Architects face daily. Each scenario includes detailed business context, technical constraints, and architectural options. More importantly, I’ll walk through the architectural reasoning and trade-offs behind each recommended solution.

---

What Makes a Great Solutions Architect?

The best AWS Solutions Architects move beyond knowing services to understanding:

• Business-to-Technology Translation: How technical decisions impact business outcomes
• Strategic Trade-Off Analysis: Balancing cost, performance, security, and complexity
• Pattern Recognition: Identifying which architectural patterns fit which business problems
• Stakeholder Communication: Explaining technical choices to both technical and non-technical audiences

These scenarios are designed to help you practice exactly these skills.

---

The Architect’s Challenge: 15 Real-World Scenarios

Scenario 1: Multi-Region Web Application

A global e-commerce company is designing a web application that must sustain high traffic loads during flash sales while maintaining low latency for users in North America and Europe. The application consists of a stateless web tier, a stateful session management layer, and a backend database. The company requires automatic failover in case of a regional AWS outage with minimal downtime. Which architecture design best meets these requirements?

Options:

• A) Deploy the application in a single AWS region across multiple Availability Zones, using Amazon Route 53 with latency-based routing and an RDS Multi-AZ database.
• B) Deploy identical stacks in two AWS regions using AWS CloudFormation. Use Amazon Route 53 with a failover routing policy pointing to an Application Load Balancer in each region. Configure RDS with a cross-region read replica.
• C) Deploy the web tier on Amazon EC2 instances behind an Application Load Balancer in one region, using Amazon ElastiCache for session storage. Use Amazon S3 for static assets and Amazon CloudFront for global content delivery.
• D) Use AWS Elastic Beanstalk for automatic scaling in a primary region. Implement an Amazon DynamoDB global table for the database and Amazon Cognito for user session state.

---

Scenario 2: Batch Processing Pipeline

A healthcare analytics company needs to process large volumes of sensitive patient data (PHI) nightly. The data arrives as encrypted files in an Amazon S3 bucket. Processing involves validation, transformation, and loading into a data warehouse. The pipeline must be scalable, cost-effective, compliant with HIPAA, and ensure data is encrypted at rest and in transit. Which design fulfills these requirements most effectively?

Options:

• A) Trigger an AWS Lambda function on S3 upload to process each file immediately. Store results in an Amazon RDS PostgreSQL database with encryption enabled.
• B) Use AWS Step Functions to orchestrate a pipeline where AWS Batch processes the files using spot EC2 instances. Load results into Amazon Redshift with encryption enabled. Use AWS KMS for key management and ensure all inter-service traffic uses TLS.
• C) Configure an Amazon S3 event to send notifications to an Amazon SQS queue. Use an Auto Scaling group of EC2 instances to poll the queue, process files, and write to an Amazon DynamoDB table.
• D) Use AWS Glue to crawl the S3 data, transform it via Glue ETL jobs, and load it into an Amazon RDS for MySQL instance inside a private subnet.

---

Scenario 3: Hybrid Network Connectivity

A financial institution must securely connect its on-premises data center to AWS VPCs. The connection must support low-latency, high-throughput data sync for market trading applications and provide redundancy. The on-premises firewall only supports IPsec VPNs. Which networking setup provides the most reliable and performant hybrid architecture?

Options:

• A) Establish a single AWS Site-to-Site VPN connection between the on-premises router and a Virtual Private Gateway. Use static routing and ensure the VPC subnets have appropriate route table entries.
• B) Provision two AWS Direct Connect connections from different providers, terminating at separate Direct Connect locations. Configure a backup Site-to-Site VPN for failover using AWS Transit Gateway.
• C) Deploy an AWS Client VPN endpoint to allow on-premises servers to connect securely to the VPC over the public internet.
• D) Implement an AWS Site-to-Site VPN with two tunnels for high availability, using BGP dynamic routing over the VPN connections.

---

Scenario 4: Serverless Real-Time Dashboard

A logistics company wants a real-time dashboard to track delivery vehicle locations and status. Data is sent from vehicle GPS devices every 30 seconds. The solution must be serverless, scale to thousands of vehicles, and update the dashboard with <5 second latency. Which architecture is most suitable?

Options:

• A) GPS devices publish messages to an Amazon Kinesis Data Stream. An AWS Lambda function processes the stream and updates vehicle location in an Amazon DynamoDB table. The dashboard queries DynamoDB via Amazon API Gateway.
• B) Devices send data via MQTT to AWS IoT Core. An IoT rule sends data to Amazon Kinesis Data Firehose, which batches and writes to Amazon S3. Use Amazon QuickSight to build a dashboard on the S3 data.
• C) Devices send HTTP POST requests to an Amazon API Gateway endpoint, which triggers a Lambda function to write to Amazon Aurora Serverless. The dashboard queries Aurora directly.
• D) Use Amazon SQS to queue messages from devices. An AWS Fargate task polls the queue, updates an Amazon ElastiCache for Redis cluster, and the dashboard reads from Redis via a WebSocket API.

---

Scenario 5: Disaster Recovery for Critical Database

An enterprise runs a customer-facing order management system with an Amazon RDS for MySQL database. They require a Disaster Recovery (DR) strategy with a Recovery Point Objective (RPO) of 5 minutes and a Recovery Time Objective (RTO) of 30 minutes in case of a regional failure. What is the most cost-effective DR plan that meets these objectives?

Options:

• A) Create a standby RDS instance in another region using cross-region read replicas. Promote the replica to a standalone database during a disaster.
• B) Take hourly automated RDS snapshots and copy them to another region. In a disaster, restore the latest snapshot in the secondary region.
• C) Use AWS Database Migration Service (DMS) for continuous replication to an RDS instance in another region.
• D) Implement a Multi-AZ RDS deployment in the primary region, and use AWS Backup to schedule daily cross-region backups.

---

Scenario 6: Secure Microservices Architecture

A company is migrating a monolithic application to microservices. The new architecture must enforce strict security boundaries between services, centralize authentication/authorization, and encrypt all internal traffic. Each service team must be able to deploy independently. Which design best addresses these needs?

Options:

• A) Deploy each microservice in its own Amazon ECS cluster. Use IAM roles for tasks and Application Load Balancers for inter-service communication over HTTPS.
• B) Deploy microservices on Amazon EKS with Kubernetes network policies. Use an API Gateway for external traffic and Istio for service mesh security and mTLS.
• C) Host each microservice in a separate AWS account, using VPC peering for connectivity. Use AWS Organizations for central IAM policies.
• D) Use AWS App Runner for each service. Rely on IAM for authorization and use Amazon API Gateway with WAF to expose services publicly.

---

Scenario 7: High-Performance File Storage

A media company needs a shared file storage solution for a rendering farm of 200 Linux EC2 instances. The storage must support concurrent read/write access with high throughput and low latency, be scalable, and integrate with existing on-premises workflows via a secure connection. Which storage solution should they choose?

Options:

• A) Store files on Amazon S3, and use an S3 Mountpoint to make the bucket available as a file system on the EC2 instances.
• B) Use an Amazon EFS file system, mount it on all EC2 instances, and establish an AWS Direct Connect link for on-premises access.
• C) Provision an Amazon FSx for Lustre file system, mount it on the EC2 instances, and use AWS Storage Gateway for on-premises integration.
• D) Create an Amazon EBS volume, attach it to a master instance, and use a custom NFS server to share it with the other instances.

---

Scenario 8: Event-Driven Order Processing

An online retailer’s order processing system must handle spikes during sales events. The process involves: order validation, payment processing, inventory check, and shipping notification. Each step must be durable, and the system should gracefully handle partial failures. Which design is most resilient and decoupled?

Options:

• A) Build a monolithic application on EC2 instances with an Auto Scaling group, using a multi-threaded design and an RDS database with stored procedures.
• B) Use Amazon SQS queues between each processing step (validation, payment, etc.). Implement AWS Lambda functions to poll their respective queues, with Dead Letter Queues for failed messages.
• C) Use Amazon Kinesis Data Streams to capture order events. Have EC2 instances in an Auto Scaling group consume from the stream and update a central database.
• D) Orchestrate the workflow using AWS Step Functions, calling various AWS services (Lambda, DynamoDB, SNS) for each step, with built-in retry logic.

---

Scenario 9: Cost-Optimized Archival Solution

A regulatory body requires storing millions of historical documents (PDFs, images) for 7 years. Access is rare (a few retrievals per month) but must be completed within 12 hours when requested. The solution must minimize storage costs. Which storage strategy is most cost-effective?

Options:

• A) Store all documents in Amazon S3 Standard storage class. Use S3 Lifecycle policies to transition objects to S3 Glacier after 30 days.
• B) Store all documents directly in Amazon S3 Glacier Deep Archive. Use expedited retrievals when needed.
• C) Store documents in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Use S3 Select to retrieve partial files.
• D) Use a tiered approach: store new documents in S3 Standard, transition to S3 Glacier after 90 days, and to S3 Glacier Deep Archive after 365 days.

---

Scenario 10: Automated CI/CD for Regulated Industry

A bank is implementing CI/CD for a web application hosted on AWS. Their compliance team mandates that all infrastructure changes must be reviewed, logged, and revertible. The pipeline must run security scans on code and deployed infrastructure. Which CI/CD approach best meets compliance and automation goals?

Options:

• A) Use AWS CodePipeline with AWS CodeCommit, CodeBuild, and CodeDeploy. Use AWS CloudTrail for auditing and Amazon EventBridge to trigger scans via Lambda after deployment.
• B) Use Jenkins on EC2 instances for builds, with manual approval gates in the pipeline. Store artifacts in S3 and use Terraform for infrastructure deployed from a master branch.
• C) Use AWS CodePipeline to deploy using AWS CloudFormation with change sets. Require manual approval for the change set execution. Integrate AWS Security Hub and Amazon Inspector scans into the pipeline stages.
• D) Use GitLab CI/CD runners on ECS Fargate. Use OPA (Open Policy Agent) for policy checks and AWS Config to monitor for compliance.

---

Scenario 11: Global Static Website with Dynamic Elements

A news organization has a static website (HTML, CSS, JS) that must load instantly worldwide. The site includes a personalized “breaking news” banner that changes based on user location. Which architecture provides the best performance and dynamic capability?

Options:

• A) Host the entire website on Amazon S3, fronted by Amazon CloudFront. Use CloudFront Lambda@Edge to modify the banner HTML origin response based on the viewer’s country.
• B) Host the website on an EC2 instance behind an Application Load Balancer. Use Amazon Route 53 latency-based routing to direct users to the nearest region.
• C) Use AWS Amplify to host the static content. Fetch the banner content via API calls from the client to an API Gateway endpoint backed by Lambda.
• D) Use Amazon CloudFront with an S3 origin. Configure the website to make an AJAX call to a geographically close API Gateway endpoint to fetch the banner text after page load.

---

Scenario 12: Real-Time Analytics on Streaming IoT Data

A smart factory has 10,000 sensors emitting data every second. The operations team needs real-time dashboards showing machine health (aggregated per minute) and must be alerted immediately if any sensor value exceeds a threshold. Which architecture is most efficient?

Options:

• A) Send sensor data to Amazon Kinesis Data Streams. Use Kinesis Data Analytics to run SQL queries for minute-level aggregations and write results to Amazon Redshift for dashboards. Use Kinesis Data Analytics to also detect threshold breaches.
• B) Use AWS IoT Core to ingest data. Write all data to an Amazon Timestream database. Use QuickSight for dashboards and IoT Rules with a Lambda action for alerts.
• C) Publish sensor data to Amazon Managed Streaming for Apache Kafka (MSK). Use Kafka Streams for aggregation and anomaly detection, writing results to Amazon DynamoDB. Use Amazon CloudWatch for alerts.
• D) Send data to an Amazon SQS queue. Use an Auto Scaling group of EC2 instances to process messages, store aggregates in Amazon ElastiCache, and use CloudWatch custom metrics for alerts.

---

Scenario 13: Database Selection for Diverse Workloads

A startup is building a new social mobile app. Workloads include: user profile storage (structured, high read/write), real-time chat (millions of concurrent connections, low latency), and a timeline feed (complex queries, joins). Which combination of AWS database services is most appropriate?

Options:

• A) Amazon Aurora PostgreSQL for all features (profiles, chat, feed). Use read replicas to scale reads.
• B) Amazon DynamoDB for user profiles and chat messages. Use Amazon ElastiCache for Redis for the online presence and real-time chat layer. Use Aurora for the timeline feed.
• C) Amazon RDS for MySQL for user profiles and chat history. Use Amazon SQS for chat messaging and Amazon Neptune for the feed graph.
• D) Use Amazon DocumentDB for user profiles and chat. Use Amazon Keyspaces (Apache Cassandra) for the timeline feed.

---

Scenario 14: Lift-and-Shift Migration Strategy

A manufacturing company plans to migrate 50 on-premises physical servers (mix of Windows and Linux) to AWS within 6 months with minimal application changes. The servers have dependencies on each other via IP addresses. The company wants to keep the same subnet IP ranges and maintain a seamless hybrid connection during the cutover. What is the recommended migration approach?

Options:

• A) Use AWS Server Migration Service (SMS) to replicate VM images to Amazon EC2. Use AWS VPN to connect on-premises to a VPC with a matching subnet schema.
• B) Rebuild each application as a container and deploy on Amazon ECS. Use AWS Direct Connect for network connectivity.
• C) Use AWS Database Migration Service for databases only. Rehost the application servers on EC2 using AWS Launch Wizard.
• D) Use AWS Application Discovery Service to map dependencies, then use AWS Migration Hub and AWS VM Import/Export to migrate servers in waves.

---

Scenario 15: Scalable WebSocket API

A collaborative design platform requires a persistent WebSocket connection for each user to receive real-time updates (like cursor position, comments) from other users in the same project. The solution must support hundreds of thousands of concurrent connections, be highly available, and broadcast updates to groups efficiently. Which backend architecture should be used?

Options:

• A) Deploy a WebSocket server on an EC2 instance in an Auto Scaling group. Use an Application Load Balancer (which supports WebSocket) in front. Store connection states in Amazon DynamoDB.
• B) Use Amazon API Gateway WebSocket API integrated directly with AWS Lambda. Use Amazon DynamoDB to track connection IDs and broadcast messages via the API Gateway Management API.
• C) Use Amazon MQ (ActiveMQ) to handle WebSocket connections and message brokering. Connect client apps directly to the Amazon MQ broker.
• D) Use an Amazon ECS service running a containerized WebSocket server (e.g., Socket.io). Use Amazon ElastiCache for Redis to publish/subscribe messages between server instances.

---

Answer key

Scenario 1: Multi-Region Web Application

Answer: B
Explanation: The scenario demands active-active or active-passive multi-region deployment for high availability and low latency during flash sales. Option B is the most robust: identical stacks in two regions provide true disaster recovery, Route 53 failover enables automatic regional failover, and an RDS cross-region read replica can be promoted to serve as the primary database (meeting the stateful database requirement). Option A is single-region (high availability but not disaster recovery). Option C focuses on global content but is primarily single-region. Option D uses global services (DynamoDB) but the compute (Elastic Beanstalk) is still single-region.

Scenario 2: Batch Processing Pipeline

Answer: B
Explanation: The key requirements are HIPAA compliance, encryption, cost-effective scaling for large nightly batches, and a full ETL pipeline. AWS Step Functions provides orchestration and auditing. AWS Batch with Spot Instances is ideal for cost-effective, scalable compute for batch jobs. Amazon Redshift is a proper data warehouse. KMS and TLS ensure encryption. Option A (Lambda) is for event-driven, smaller payloads, not cost-effective for large nightly batches. Option C (EC2 & SQS) is more manual and less managed. Option D (Glue & RDS) is a poor fit as RDS is not a data warehouse for large-scale analytics.

Scenario 3: Hybrid Network Connectivity

Answer: B
Explanation: The requirement for low-latency, high-throughput, and redundancy for financial trading points directly to AWS Direct Connect. Using two connections from different providers is the highest standard for redundancy and performance. The backup VPN provides an additional failover layer, and Transit Gateway simplifies network management. Option A is a single VPN, which is neither high-throughput nor redundant. Option C (Client VPN) is for user access, not data center connectivity. Option D (dual VPN) improves VPN availability but still relies on internet latency/throughput.

Scenario 4: Serverless Real-Time Dashboard

Answer: A
Explanation: The core requirements are serverless, scalability, and <5-second latency for updates. Option A is a classic serverless real-time pattern: Kinesis Data Streams ingests high-volume telemetry, Lambda processes in near real-time, DynamoDB provides single-digit millisecond reads for the dashboard, and API Gateway serves the frontend. Option B (Kinesis Firehose to S3) introduces batching delays, making real-time impossible. Option C (API Gateway direct to Aurora) can work but may not scale as cost-effectively for thousands of concurrent writes. Option D (Fargate) is container-based, not purely serverless.

Scenario 5: Disaster Recovery for Critical Database

Answer: A
Explanation: The RPO (5 min) and RTO (30 min) are moderately aggressive. A cross-region read replica provides a near-real-time copy (low RPO) and can be promoted to standalone in minutes (meeting the 30-minute RTO), making it the most cost-effective option that meets the objectives. Option B (hourly snapshots) fails the 5-minute RPO. Option C (DMS) can achieve low RPO but is complex and often used for heterogeneous migration. Option D (Multi-AZ + daily backups) is for AZ failure, not regional DR, and has a 24-hour RPO.

Scenario 6: Secure Microservices Architecture

Answer: B
Explanation: This scenario emphasizes strict security boundaries, traffic encryption, and centralized auth. Amazon EKS with a service mesh (like Istio) provides pod-level network policies and enforces mTLS for all inter-service communication, which is the gold standard for microservices security in Kubernetes. Option A (ECS) lacks fine-grained network policies and a service mesh. Option C (separate accounts) is overly complex for initial decomposition. Option D (App Runner) simplifies deployment but offers less control over internal service-to-service security.

Scenario 7: High-Performance File Storage

Answer: C
Explanation: A rendering farm requires high-throughput, low-latency, parallel shared file storage – the exact use case for Amazon FSx for Lustre, which is purpose-built for HPC and ML workloads. Direct Connect provides the needed secure, high-bandwidth connection for on-premises workflows. Option B (EFS) is a good general-purpose shared file system but typically offers lower throughput than Lustre for this specific HPC use case. Option A (S3 Mountpoint) is for object storage, not low-latency file operations. Option D (custom NFS) creates a single point of failure and management overhead.

Scenario 8: Event-Driven Order Processing

Answer: D
Explanation: The need for durability, decoupling, handling partial failures, and clear workflow orchestration is best met by AWS Step Functions. It provides a state machine that visualizes the workflow, has built-in error handling, retries, and can integrate with various AWS services directly, making it the most resilient and manageable choice. Option B (SQS queues) is decoupled but requires building the orchestration logic manually. Option A is monolithic and coupled. Option C (Kinesis) is for real-time streaming analytics, not necessarily for durable, multi-step order processing.

Scenario 9: Cost-Optimized Archival Solution

Answer: D
Explanation: The goal is minimum cost for long-term archival with retrievals within 12 hours. A tiered lifecycle policy that automatically moves data to the cheapest storage class (S3 Glacier Deep Archive) after a cooling-off period is the most cost-optimized strategy. It balances access needs with cost. Option B (direct to Deep Archive) has high retrieval costs and doesn’t leverage cheaper tiers for newer data. Option A (Glacier) is more expensive than Deep Archive for 7-year storage. Option C (Standard-IA) is for infrequent access, not archival, and is significantly more expensive.

Scenario 10: Automated CI/CD for Regulated Industry

Answer: C
Explanation: Compliance mandates review, auditability, and revertibility. AWS CodePipeline with CloudFormation Change Sets is key. Change Sets allow preview and manual approval of infrastructure changes before execution, providing the required control. Integrating Security Hub and Inspector automates security compliance. CloudTrail provides audit trails. Option A lacks the explicit change review mechanism. Option B is manual and less integrated. Option D uses third-party tools but doesn’t highlight the native AWS change control mechanism as clearly as C.

Scenario 11: Global Static Website with Dynamic Elements

Answer: A
Explanation: For a global static site where a tiny dynamic element must be personalized by location with instant load, the optimal solution is to serve the entire site from a global CDN (CloudFront) and modify the response at the edge before it reaches the client using Lambda@Edge. This ensures the personalized content is delivered in the initial page load with no extra client-side calls, providing the best performance. Option D requires a second client-side call, adding latency. Options B and C don’t leverage the full power of the global CDN for the dynamic element.

Scenario 12: Real-Time Analytics on Streaming IoT Data

Answer: A
Explanation: The requirement is for real-time analytics (aggregations and threshold detection) on high-volume streaming data. Kinesis Data Analytics is the purpose-built service for running SQL queries on streaming data in real-time. It can perform the per-minute aggregation for dashboards (sending results to Redshift, QuickSight, etc.) and simultaneously run a separate query to detect threshold breaches for immediate alerts. Option B (Timestream) is for time-series data but the alerting path is less direct. Options C and D are more complex to build and manage.

Scenario 13: Database Selection for Diverse Workloads

Answer: B
Explanation: This tests the purpose-built database principle.

• User Profiles: Key-value access pattern → DynamoDB.
• Real-time Chat: Requires a publish/subscribe system and in-memory speed for presence → ElastiCache for Redis.
• Timeline Feed: Complex queries with joins and relationships → Aurora (PostgreSQL/MySQL).
  This polyglot persistence approach uses the best tool for each job. Option A tries to force one database to do everything, which will not scale optimally. Options C and D use inappropriate services for the given workloads.

Scenario 14: Lift-and-Shift Migration Strategy

Answer: A
Explanation: “Lift-and-shift” (Rehost) with minimal changes, IP dependency, and matching subnet ranges is perfectly addressed by AWS Server Migration Service (SMS) or AWS Application Discovery Service + Migration Hub. Option A correctly identifies using a VPN to maintain hybrid connectivity and keeping the same IP schema in a VPC, which is a common best practice for this migration type. Option D mentions the right services (Discovery, Migration Hub) but VM Import/Export is more manual. Options B and C involve significant re-architecture (containers, app modernization), which contradicts the “minimal changes” requirement.

Scenario 15: Scalable WebSocket API

Answer: B
Explanation: Managing hundreds of thousands of stateful WebSocket connections is a core use case for the Amazon API Gateway WebSocket API. It is a fully managed service that handles connection scaling, management, and stateless integration with Lambda. DynamoDB tracks connections, and the Management API allows efficient broadcasting. This is a canonical serverless WebSocket pattern on AWS. Option A requires you to manage stateful EC2 servers, which is complex to scale. Option C (Amazon MQ) is for traditional message brokers, not designed for massive public WebSocket connections. Option D (ECS/Redis) is a viable “roll-your-own” approach but is far less managed and more operationally complex than Option B.

The Architect’s Mindset

Remember: Great architecture is not about perfect solutions—it’s about appropriate solutions. The “right” architecture depends on your specific context, constraints, and business objectives.

The scenarios presented here are starting points. Real-world problems will be messier, requirements will change, and constraints will emerge. Your value as an architect grows not from knowing all the answers, but from asking the right questions and making informed, defensible decisions.

What architectural challenges are you currently facing? What trade-offs are you navigating? Share your experiences in the comments—the best learning happens through shared challenges and diverse perspectives.

Keep designing, keep learning, and remember: every complex system was once a simple idea waiting for the right architecture.