Multi-region design, cloud networking, IAM, cost optimization, and cloud-native patterns for production infrastructure.
4 problems
Design a disaster recovery strategy for a business-critical application with RPO of 5 minutes and RTO of 15 minutes, covering backup, replication, failover automation, and DR testing.
Design a globally distributed database architecture that serves reads locally from any region with sub-10ms latency while maintaining strong consistency for writes across 5 regions.
Design an active-active multi-region architecture serving 500K requests/second globally with sub-100ms latency, handling data replication conflicts and regional failover without downtime.
Explain the architecture of cloud regions, availability zones, and edge locations, and design an application deployment that survives a single AZ failure with no downtime.
4 problems
Design a hub-and-spoke network topology connecting 20+ VPCs through a central transit gateway with shared services, centralized DNS resolution, and network traffic inspection.
Design a hybrid cloud connectivity solution using Direct Connect with VPN failover, BGP routing, and bandwidth planning for an enterprise migrating workloads to AWS while maintaining on-premises data centers.
Design a production VPC architecture with proper subnet layout, CIDR planning, NAT gateways, and security group configuration for a three-tier web application.
Design a service connectivity platform using PrivateLink and service endpoints to enable secure, private access to shared services across 50+ AWS accounts without VPC peering or transit gateway routing.
4 problems
Design an IAM strategy for a 500-engineer organization across 100+ AWS accounts, implementing least privilege, role-based access, cross-account roles, and permission boundaries.
Design a CSPM system that continuously monitors 100+ AWS accounts for security misconfigurations, compliance violations, and configuration drift, with automated remediation.
Design a secrets management system using Vault and KMS for a microservices architecture, implementing envelope encryption, automatic secret rotation, and dynamic database credentials.
Explain encryption at rest and in transit in cloud environments, including KMS key hierarchy, envelope encryption, and when to use server-side vs. client-side encryption.
3 problems
Design a capacity planning system that forecasts resource demand 6 months ahead, manages reservation purchasing, and ensures headroom for traffic spikes across a 10,000-instance fleet.
Design a cost optimization strategy for a $2M/month AWS spend, covering tagging, reserved instances vs. savings plans, right-sizing, and cost allocation across 50 engineering teams.
Design an auto-scaling architecture for a web application that handles 10x traffic spikes during flash sales, using target tracking, step scaling, and warm pools to maintain sub-200ms response times.
3 problems
Design a production Kubernetes platform on EKS/GKE for 200 microservices, covering node group strategy, cluster autoscaling, pod identity, network policies, and multi-tenancy for 20 engineering teams.
Design a serverless event-driven architecture for an order processing system handling 10,000 orders/minute, addressing cold starts, idempotency, error handling with DLQs, and eventual consistency.
Develop a decision framework for choosing between managed cloud services and self-hosted alternatives, covering total cost of ownership, operational burden, and vendor lock-in risks.