AWS · ANS-C01

Multi-Service Tradeoff — AWS Advanced Networking (ANS-C01)

8%of exam questions (16 of 200)

Operational ownership, not capability, decides the compute layer

Requirement: containerized microservices, event-driven processing, variable traffic with bursty peaks. Competing choices: ECS on Fargate, EKS on managed nodes, Lambda with SQS trigger. Deciding constraint: the team size and operational overhead tolerance stated in the scenario. EKS provides the most control but requires cluster management expertise. ECS on Fargate eliminates node management. Lambda with SQS carries the lowest operational overhead but introduces cold-start and timeout constraints. ANS-C01 embeds the deciding constraint — read for team size and ownership language.

What This Pattern Tests

The exam gives you a decoupling requirement and tests whether you pick the right messaging service. SQS is point-to-point with at-least-once delivery (Standard) or exactly-once (FIFO, 3,000 msg/s with batching). SNS is pub/sub fan-out to multiple subscribers. EventBridge is content-based routing with schema registry and 35+ AWS service sources. The trap is choosing SQS for fan-out (use SNS) or SNS for ordered processing (use SQS FIFO). DynamoDB vs. Aurora vs. ElastiCache follows the same pattern: key-value at any scale vs. relational joins vs. microsecond reads from memory.

Decision Axis

Communication pattern (point-to-point vs. fan-out vs. content routing) and data access pattern (key-value vs. relational vs. cache) determine the service.

Associated Traps

Over-Engineering (12)CloudFront + Lambda@Edge + API Gateway + DynamoDB + SES — for a static site with a contact form.Near-Right Architecture (4)CloudFront + ALB or Global Accelerator + NLB? Both cut latency — only one preserves client IPs over TCP.

More Top Traps on This Exam

Compliance Misconception · 30%S3 encryption + HTTPS does not make you HIPAA-compliant — you still need a BAA and eligible services only.

Decision Rules

Choose between CloudFormation StackSets (declarative, drift-detectable, native multi-account orchestration) and Lambda-based imperative SDK automation (event-driven but requiring custom state management) for repeatable multi-account network provisioning.

AWS CloudFormationAWS LambdaAWS Transit Gateway

When the requirement is organization-wide continuous drift detection plus auto-remediation with minimal operational overhead, choose AWS Config managed rules with CloudFormation StackSets remediation over a custom Lambda-based imperative pipeline that duplicates those native capabilities at the cost of additional operational complexity.

AWS ConfigAWS CloudFormationAWS Lambda

Whether to use CloudFormation StackSets (declarative, Organizations-aware, native drift detection) or Lambda-driven imperative SDK orchestration (custom retry, state tracking, account enumeration) to satisfy the repeatable-infrastructure and drift-prevention constraints simultaneously at minimal operational cost.

AWS CloudFormationAWS LambdaAWS Config

Determine whether CloudFormation StackSets with OU-level automatic deployment is superior to an EventBridge-triggered Lambda pipeline for multi-account VPC endpoint provisioning, based on which option satisfies the repeatable-infrastructure and new-account-onboarding constraint without introducing unnecessary operational overhead.

AWS CloudFormationAmazon EventBridgeAWS Lambda

Domain Coverage

Network Implementation

Difficulty Breakdown

Medium: 8Hard: 8

Build recognition speed →

See all ANS-C01 patterns →