Architecture Drills

Rotate RDS Credentials Without Downtime | SAA-C03

4 January 2026·990 words·5 mins

Architecture Drills AWS SAA-C03 FinOps Decision Matrix Secrets Manager RDS Security EC2

Explores the security and operational considerations when implementing automated database credential rotation for EC2-RDS architectures, comparing AWS Secrets Manager, Systems Manager Parameter Store, and custom solutions.

SCP Explicit Deny vs FullAWSAccess | SAP-C02

4 January 2026·1098 words·6 mins

Architecture Drills AWS SAP-C02 FinOps Decision Matrix AWS Organizations SCP IAM Governance Multi-Account Strategy

A critical analysis of SCP inheritance and policy evaluation logic in AWS Organizations, focusing on the explicit deny requirement to override default FullAWSAccess permissions.

Batch Migration Decision—Managed vs Lift-and-Shift | GCP ACE

4 January 2026·613 words·3 mins

Architecture Drills Google Cloud Platform GCP ACE GCP FinOps SRE Cloud Run

A growing fintech startup needs to migrate an on-premises batch analytics job running nightly to GCP with minimal cost and operational effort. Which approach best balances operational simplicity and cost efficiency?

Key Vault Role-Based Access Decision | Azure AZ-305

4 January 2026·796 words·4 mins

Architecture Drills Microsoft Azure AZ-305 Azure CAF Governance Azure Key Vault Azure AD PIM Managed Identity

A breakdown of a complex enterprise governance scenario with multiple departmental identity and access management needs.

ALB HTTPS Redirect Decision Logic | SAA-C03

4 January 2026·1240 words·6 mins

Architecture Drills AWS SAA-C03 FinOps Decision Matrix Application Load Balancer HTTPS Security Redirect Rules

A foundational analysis of ALB redirect rules vs. alternative approaches to enforce HTTPS traffic, examining why native load balancer features trump complex network-layer solutions for this common security requirement.

AKS Access via RBAC in Hybrid | Azure AZ-104

4 January 2026·716 words·4 mins

Architecture Drills Microsoft Azure AZ-104 Azure CAF Governance AKS Azure AD

A breakdown of a scenario focusing on Azure AD integration, role assignment, and enterprise governance challenges managing AKS permissions.

Private Marketplace Governance via SCPs | SAP-C02

3 January 2026·1427 words·7 mins

Architecture Drills AWS SAP-C02 FinOps Decision Matrix AWS Organizations SCP Private Marketplace IAM Governance

How do you enforce centralized procurement controls across a multi-account AWS Organization while maintaining least-privilege access? This drill explores SCP design patterns, role naming protection, and the critical difference between account-level and organization-level governance.

Clickstream Streaming vs Batch Decision | SAA-C03

3 January 2026·1146 words·6 mins

Architecture Drills AWS SAA-C03 FinOps Decision Matrix Kinesis EMR Redshift Data Pipeline Analytics

Comparing streaming ingestion (Kinesis) vs. batch processing (EMR) for 30TB daily clickstream data - focusing on latency, cost, and operational simplicity.

Anthos Observability Telemetry Trade-offs | GCP PCA

3 January 2026·714 words·4 mins

Architecture Drills Google Cloud Platform GCP PCA GCP FinOps SRE Anthos Service Mesh

A global fintech startup experiences latency in its Anthos microservices platform and must decide how to best identify the culprit using Anthos observability tools.

Govern Multi-Tenant Delegated User Creation | Azure AZ-104

3 January 2026·723 words·4 mins

Architecture Drills Microsoft Azure AZ-104 Azure AD CAF Governance Role-Based Access Control

A breakdown of delegated user management scenarios focusing on Azure AD governance, hybrid identity considerations, and role-based access control.