AWS Certified Solutions Architect Professional SAP-C02 Practice Question

The correct answer is to implement shuffle sharding. Shuffle sharding is an advanced architectural pattern that provides a high degree of workload isolation and blast radius reduction. It works by creating many virtual shards from a smaller pool of resources (the worker fleet) and assigning each tenant to a unique combination of these resources. In the event of a poison pill taking down the resources in one virtual shard, only the very small number of tenants assigned to that specific combination are affected. This massively reduces the blast radius compared to traditional sharding.

Implementing a separate Auto Scaling group for each tenant is an example of a bulkhead pattern, but it is not practical or cost-effective for a large-scale, multi-tenant application with thousands of tenants due to the high operational overhead and resource underutilization.

Using a standard Multi-AZ Auto Scaling group with an Application Load Balancer is a fundamental high-availability pattern that protects against Availability Zone failures, not application-level correlated failures like a poison pill. A poison pill would cause instances in all Availability Zones to fail, eventually affecting the entire fleet.

Configuring a dead-letter queue (DLQ) on the SQS queue is an essential practice for handling poison pill messages, but it does not solve the architectural problem of blast radius for the compute fleet. The DLQ isolates the problematic message after it has failed processing multiple times, but during those failures, it would have already impacted the shared compute fleet, affecting all tenants. Shuffle sharding proactively contains the impact of the compute failure itself.