Cost Blind Spot — AWS SysOps Administrator (SOA-C03)
The architecturally correct answer was also the most expensive. The exam wanted the cost-optimized option that still meets requirements.
The Answer That Costs Three Times More
Multi-AZ RDS, cross-region read replicas, and daily snapshots to S3 — each component is individually defensible. A candidate designing for production would approve this stack. But when the scenario specifies a development environment with low availability requirements, the exam is testing cost proportionality. Over-engineering a dev workload is not caution; it is a wrong answer. The correct option applies the minimum architecture that satisfies the stated requirement.
The Scenario
The question describes a video transcoding pipeline processing uploaded files — fault-tolerant, no user-facing latency requirements, files reprocessable on failure. You choose a Multi-AZ ECS cluster with On-Demand Fargate tasks and auto-scaling. The correct answer uses EC2 Spot Instances in an Auto Scaling group with a Spot Fleet diversified across instance types and AZs. Same throughput, 60-90% less cost. The workload is explicitly fault-tolerant (files can be reprocessed), which is the textbook Spot qualification. The exam said "most cost-effective" and you optimized for availability that the scenario never required.
How to Spot It
- •When the question says "cost-effective" or "minimize cost," check whether the workload is fault-tolerant. Batch processing, media transcoding, CI/CD builds, data analysis, and any workload with "reprocessable on failure" are Spot Instance candidates. Spot saves 60-90% over On-Demand.
- •Multi-AZ deployments, provisioned IOPS, and dedicated hosts all add cost. If the scenario does not mention an SLA, uptime requirement, or "highly available," these features are cost traps the exam uses to test whether you add unnecessary resilience.
- •S3 Intelligent-Tiering adds a $0.0025/1000 objects monitoring fee. For billions of small objects, that monitoring fee exceeds the storage savings. The exam tests whether you know when Intelligent-Tiering costs more than just picking the right tier manually.
Decision Rules
Whether 'encryption is enabled' without KMS satisfies a compliance audit-trail requirement, or whether KMS customer-managed keys are the minimum necessary configuration to produce per-key CloudTrail events — with the cost of KMS API calls being a non-negotiable consequence of the compliance constraint, not an optional overhead.
Select the S3 storage class whose retrieval SLA fits within 30 minutes at the lowest available per-GB price, recognising that S3 Glacier Instant Retrieval provides millisecond access at a fraction of S3 Standard cost while S3 Glacier Flexible Retrieval Standard (3–5 hours) fails the RTO even though its storage price is marginally lower.
Whether to retain all 90 days of application logs in CloudWatch Logs (operationally simple, single query surface) or export logs to S3 after a short operational retention window and query historical data via Athena — the correct choice satisfies the retention mandate at a cost that does not breach the fixed monthly budget given the stated ingest volume.
Whether to enable AWS X-Ray with configured sampling rules to produce a cross-service segment map and trace timeline (targeted cost, direct call-chain correlation) versus expanding CloudWatch Logs verbosity and using Logs Insights queries across each service's log group (higher ingestion cost at scale, no cross-service segment stitching).
Domain Coverage
Difficulty Breakdown
Related Patterns