Skip to main content
  1. Home
  2. >
  3. AWS
  4. >
  5. SAA-C03
  6. >
  7. This article

AWS SAA-C03 Drill: Hybrid Data Transfer - The Bandwidth vs. Cost Trade-off Analysis

·980 words·5 mins·
Architecture Drills AWS SAA-C03 FinOps Decision Matrix AWS Direct Connect Hybrid Cloud Data Transfer
Jeff Taakey
Author
Jeff Taakey
21+ Year Enterprise Architect | Multi-Cloud Architect & Strategist.
Jeff's Architecture Insights
Go beyond static exam dumps. Jeff’s Insights is engineered to cultivate the mindset of a Production-Ready Architect. We move past ‘correct answers’ to dissect the strategic trade-offs and multi-cloud patterns required to balance reliability, security, and TCO in mission-critical environments.
Table of Contents

While preparing for the AWS SAA-C03, many candidates get confused by hybrid connectivity options. In the real world, this is fundamentally a decision about Network Capacity vs. Operational Cost. Let’s drill into a simulated scenario.

The Scenario
#

TechFabric Industries operates a mission-critical inventory management system in their on-premises data center. The application generates time-sensitive operational data (sensor logs, quality control images, transaction records) totaling 500GB daily, which must be backed up to Amazon S3 for compliance and disaster recovery.

As production volume has tripled over 18 months, employees now experience severe internet slowdowns during backup windows (2-6 PM daily). Video conferencing drops, SaaS applications timeout, and the IT director receives escalating complaints. The current 1 Gbps shared internet connection has become a bottleneck.

Key Requirements
#

Design a long-term, scalable solution that ensures timely S3 backups while eliminating impact on employee internet usage.

The Options
#

  • A) Establish an AWS Site-to-Site VPN connection and route all backup traffic through a VPC Gateway Endpoint to S3.
  • B) Provision a new AWS Direct Connect connection and route backup traffic through this dedicated link.
  • C) Order AWS Snowball devices daily, load backup data onto the devices, and ship them to AWS each day.
  • D) Submit a support ticket through the AWS Management Console requesting removal of S3 service limits on the account.

Correct Answer
#

Option B.

The Architect’s Analysis
#

Correct Answer
#

Option B — Establish AWS Direct Connect for dedicated hybrid connectivity.

Step-by-Step Winning Logic
#

This is a long-term bandwidth allocation problem, not a configuration or service limit issue. Direct Connect provides:

  1. Dedicated Network Capacity: A private 1 Gbps or 10 Gbps link that does not share bandwidth with employee internet traffic.
  2. Predictable Performance: Consistent latency and throughput, critical for time-sensitive data.
  3. Scalability: As data volume grows, you can upgrade port speed or add additional connections.
  4. Cost Efficiency at Scale: Data transfer out via Direct Connect ($0.02/GB for the first 10TB) is cheaper than internet egress for sustained workloads.

The Financial Justification:

  • Productivity Cost: 200 employees losing 30 min/day = 100 hours/day = ~$5,000/month in lost productivity (at $50/hr blended rate).
  • Direct Connect Cost: ~$300/month (port) + $0.02/GB × 15TB/month = $300 + $300 = $600/month.
  • ROI: Positive from month one when factoring in productivity recovery.

The Traps (Distractor Analysis)
#

Why not Option A (VPN + VPC Gateway Endpoint)?
#

  • Bandwidth Misconception: VPN connections still use the internet connection—they provide encryption and routing, not additional capacity. The 1 Gbps bottleneck remains.
  • Gateway Endpoint Misunderstanding: VPC Gateway Endpoints allow private connectivity to S3 from within a VPC, but they don’t solve the on-premises bandwidth problem.
  • Exam Trap: Confuses candidates who know VPN is cheaper but miss that it doesn’t create new capacity.

Why not Option C (Daily Snowball Shipments)?
#

  • Operational Nightmare: Snowball is designed for one-time migrations or offline edge processing, not daily operational backups.
  • Lead Time: Snowball requires ordering (2-3 days), loading, and shipping—incompatible with “time-sensitive data.”
  • Cost at Scale: At $300/shipment (10TB device), daily use = $9,000/month vs. $600 for Direct Connect.
  • Use Case Mismatch: Snowball is for petabyte-scale infrequent transfers, not recurring operational workflows.

Why not Option D (Support Ticket for S3 Limits)?
#

  • Non-Existent Problem: There are no account-level “backup limits” to S3 that would cause this symptom. S3 scales automatically.
  • Root Cause Confusion: This option tests whether you understand the difference between network congestion and service quotas.
  • Exam Red Flag: “Submit a support ticket” is rarely the correct answer for architectural design questions—it’s a procedural action, not a design.

The Architect Blueprint
#

graph LR OnPrem[On-Premises Data Center<br/>Inventory System] -->|Dedicated 1Gbps<br/>Private Connection| DX[AWS Direct Connect<br/>Location] DX -->|Private VIF| VGW[Virtual Private Gateway<br/>in VPC] VGW -->|VPC Gateway Endpoint<br/>Private Route| S3[Amazon S3<br/>Backup Bucket] OnPrem -.->|Employee Traffic<br/>Unaffected| Internet[Internet<br/>1 Gbps Shared] Internet -.->|SaaS, Email, Video| Cloud[Cloud Services] style DX fill:#FF9900,stroke:#232F3E,stroke-width:3px,color:#fff style S3 fill:#569A31,stroke:#232F3E,stroke-width:2px,color:#fff style OnPrem fill:#3B48CC,stroke:#232F3E,stroke-width:2px,color:#fff

Diagram Note: Direct Connect creates a separate physical path for backup traffic, completely isolating it from the shared internet connection used by employees.

The Decision Matrix
#

Option Est. Complexity Est. Monthly Cost Pros Cons
A) VPN + Gateway Endpoint Low ~$40/month (VPN connection) Simple to configure; low upfront cost Does not add bandwidth; still shares internet link; doesn’t solve core problem
B) Direct Connect Medium ~$600/month (1Gbps port + data transfer) Dedicated capacity; predictable performance; scalable; lower data transfer costs Higher monthly cost; 1-2 week setup time; requires compatible router
C) Daily Snowball Very High ~$9,000/month ($300/day) No network dependency Operationally infeasible for daily use; 2-4 day turnaround; extremely expensive at scale
D) Support Ticket N/A $0 Not a valid solution; no S3 limits are causing this issue

FinOps Note: While Direct Connect has a higher baseline cost, the true cost of Option A includes hidden productivity loss (~$5,000/month), making it 8x more expensive in total cost of ownership.

Real-World Practitioner Insight
#

Exam Rule
#

“For the SAA-C03 exam, when you see ’long-term solution’ + ‘high-volume data transfer’ + ‘on-premises to AWS’, always prefer AWS Direct Connect over VPN or Snowball. The keyword ’long-term’ disqualifies one-time migration tools.”

Real World
#

In production environments, we’d likely:

  1. Implement a phased approach: Start with VPN for immediate relief while Direct Connect is provisioned (1-2 week lead time).
  2. Right-size the connection: Use AWS’s Data Transfer Calculator to determine if 1 Gbps or 10 Gbps is optimal based on growth projections.
  3. Consider Direct Connect Gateway: If the company has multiple VPCs or plans multi-region expansion, this allows one DX connection to serve multiple destinations.
  4. Leverage S3 Transfer Acceleration temporarily during DX setup to reduce upload times over the existing internet link.
  5. Evaluate hybrid storage solutions: AWS Storage Gateway (File Gateway mode) could cache frequently accessed data on-premises while automatically tiering to S3, reducing the backup window.

Operational Tip: Many enterprises negotiate hybrid pricing with Direct Connect partners at colocation facilities, reducing the port cost by 30-50% compared to AWS’s published rates.

Related Articles

Weekly AWS SAA-C03 Drills: Think Like a CTO

Get 3-5 high-frequency scenarios every week. No brain-dumping, just pure architectural trade-offs.