Architecture Drills

API Gateway Domain Cert Region Choice | SAA-C03

2 January 2026·1017 words·5 mins

Architecture Drills AWS SAA-C03 FinOps Decision Matrix API Gateway ACM Route 53 Custom Domain HTTPS

A critical analysis of API Gateway custom domain configuration, focusing on the regional vs. edge-optimized endpoint decision and the often-overlooked ACM certificate region requirement that trips up SAA candidates.

Automate OS Patching Without Rebuilding Images | GCP PCA

2 January 2026·743 words·4 mins

Architecture Drills Google Cloud Platform GCP PCA GCP FinOps SRE Compute Engine GKE

A global fintech firm needs to deploy a Debian-based application with minimal manual OS patching. We explore the best approach aligning with SRE and FinOps principles.

Delegate User Creation in Entra ID | Azure AZ-104

2 January 2026·683 words·4 mins

Architecture Drills Microsoft Azure AZ-104 Azure CAF Governance Azure AD

A breakdown of user account delegation in Azure AD, focusing on governance and operational boundaries across multiple tenants.

Hybrid Identity Trade-Off for Logic Apps | Azure AZ-305

2 January 2026·649 words·4 mins

Architecture Drills Microsoft Azure AZ-305 Azure CAF Governance Azure API Management

A breakdown of a hybrid integration scenario focusing on secure access control, governance, and minimizing impact on existing workloads.

Serverless DynamoDB API Integration Trade-offs | SAP-C02

1 January 2026·1103 words·6 mins

Architecture Drills AWS SAP-C02 FinOps Decision Matrix API Gateway DynamoDB Lambda Serverless

A professional-level analysis comparing API Gateway direct integration vs Lambda-based patterns for DynamoDB exposure, with FinOps quantification and real-world trade-off matrices.

Multi-VPC Connectivity Decision Trade-offs | GCP PCA

1 January 2026·780 words·4 mins

Architecture Drills Google Cloud Platform GCP PCA GCP FinOps SRE VPC Networking

Explore how to enable selective internal IP communication between Compute Engine instances across isolated VPCs while preserving network separation.

Event-Driven Decision for User Action Capture | Azure AZ-305

1 January 2026·727 words·4 mins

Architecture Drills Microsoft Azure AZ-305 Azure CAF Governance Event Grid Azure Functions Event Hubs

A drill scenario focused on designing a resilient, scalable event capture pipeline using Azure PaaS with governance and hybrid readiness in mind.

VPC Isolation Trade-off for RDS Access | SAA-C03

1 January 2026·911 words·5 mins

Architecture Drills AWS SAA-C03 FinOps Decision Matrix VPC Security Groups RDS Network Architecture

Master the fundamental difference between network-layer isolation (route tables) and application-layer security (security groups) when protecting RDS databases in multi-tier VPC architectures.

Secrets Rotation Automation Trade-offs | SAP-C02

1 January 2026·1170 words·6 mins

Architecture Drills AWS SAP-C02 FinOps Decision Matrix Secrets Manager CloudFormation Security Automation RDS

This SAP-C02 scenario examines how to architect automated credential rotation for RDS databases using CloudFormation, comparing AWS Secrets Manager’s native rotation against custom Lambda-based approaches and Parameter Store alternatives.

Private Access from Cloud Run to GKE API | GCP ACE

1 January 2026·770 words·4 mins

Architecture Drills Google Cloud Platform GCP ACE GCP FinOps SRE Cloud Run GKE

Explore a fintech startup’s challenge to securely connect a Cloud Run service to a GKE API endpoint using best-practice Google Cloud architecture approaches.