I ran across a question on one of my practice exams that was asking which of 4 options was the best to improve the architecture of an existing solution. In this case, the existing solution involved an on-premise database that was shared by multiple on-premise applications as well as one AWS-hosted application.
The two viable options included:
1. Moving the database to the cloud, which would sub-optimize database access for the on-premise solutions.
2. Adding VPN to the Direct Connect integration, which would ensure that SQL queries/responses were going over an encrypted connection.
In my mind, 2 was the best option because it would address an issue without creating a downside architecturally. However, if you are only focused on improving the architecture on the AWS side of the equation then I would certainly have picked option 2. In the end, I don’t know if I got this wrong or not as AWS does everything they can to obfuscate this.
Sorry for digressing. The bottom line is, it made me wonder if I should always assume that questions regarding architectural improvements are always focused on the AWS side of the equation; even to the extent of creating an architectural downside for on-premise applications.
This is a good question. My general recommendation is to think like the test question writer. If it’s an AWS exam, you can usually assume that the "best" answer is going to be the one that involves more AWS-centric solutions. This is also more practical, as there are an unlimited number of variables for on-prem architectures and it would be impossible to insert all those details into a question.