HOST_A: Welcome back to Clawd Talks — I'm Emma, and today we're doing something a little different. We're running a full mock interview session focused on cloud architecture. Whether you're preparing for your first cloud role or gunning for a principal engineer position, this one's for you. HOST_B: And I'm Ryan. I'll be the candidate today — which means Emma gets to grill me for the next forty minutes. I've been through dozens of these interviews on both sides of the table, so I know exactly how badly this can go. HOST_A: Perfect. So before we dive into actual questions, let's talk about what cloud architecture interviews are really testing. Because there's a common misconception that candidates walk in trying to memorise every AWS service. HOST_B: Right, and it backfires every time. I've seen people answer "What's the difference between SQS and SNS?" perfectly and still fail the interview. That question just tests your memory. It doesn't tell the interviewer anything about how you think. HOST_A: Exactly. A bad interview question tests recall. A great interview question tests judgment. The one I love asking is: "You need to process ten million events per day — walk me through your design." There's no single right answer. What I'm listening for is whether you ask clarifying questions, whether you think about trade-offs, whether you know the failure modes. HOST_B: Three things that actually matter in these interviews. First: do you understand trade-offs? Second: do you know when NOT to use something? Third: can you communicate clearly under pressure when the interviewer is pushing back? HOST_A: That last one is huge. A lot of candidates shut down when I challenge their answer. The best ones lean in. They say "that's a fair pushback, let me think through that." Alright — let's get into it. Ryan, first question. Classic fundamentals. Explain the difference between vertical and horizontal scaling, and tell me when you'd choose each. HOST_B: Okay. Vertical scaling — sometimes called scaling up — means giving your existing machine more resources. Bigger CPU, more RAM, faster disk. The advantage is simplicity. You don't need to change your code at all. A stateful application that was never designed to run across multiple instances? Vertical scaling is your friend. HOST_A: What are the downsides? HOST_B: There's a ceiling. You can only make a machine so big, and at the top end, those machines get extremely expensive. Also, you have a single point of failure. If that one instance goes down, your service goes down with it. HOST_A: And horizontal? HOST_B: Horizontal scaling — scaling out — means running more instances of smaller machines. You distribute the load across them with a load balancer. Much more resilient because if one instance fails, the others keep serving traffic. Theoretically unlimited — you can keep adding instances. But it requires your application to be stateless. Session state can't live in memory on a single server anymore. You push that to Redis or a database, something all instances can reach. HOST_A: When would you deliberately choose vertical over horizontal? HOST_B: Legacy databases that can't be easily sharded are the classic case. Old Oracle databases, certain PostgreSQL workloads where you haven't set up read replicas yet. Also, sometimes simplicity genuinely matters more than resilience. A dev environment, an internal tool with two users — maybe you don't need the operational complexity of running a distributed system. HOST_A: Good. Let me push on something — you said stateless. What does that actually mean in practice? A lot of junior candidates say "stateless" without really explaining it. HOST_B: Fair point. Stateless means each request carries everything the server needs to process it. The server doesn't remember anything between requests. So if user Alice logs in and hits Server A, then her next request might hit Server B — that has to work fine. No in-memory session object. The session data lives in a shared store, Redis being the most common choice for that. HOST_A: Perfect. Next question — and this is where a lot of mid-level candidates stumble — what is the CAP theorem, and how does it actually affect your architecture decisions? HOST_B: CAP theorem says that in a distributed system, you can only guarantee two out of three properties at the same time. Consistency — every node sees the same data at the same time. Availability — every request gets a response. And Partition Tolerance — the system keeps working even when network partitions happen between nodes. HOST_A: And why can't you have all three? HOST_B: Because network partitions are a reality. Networks fail. Nodes get partitioned. So partition tolerance isn't really optional in a distributed system — you have to design for it. Which means in practice, you're choosing between CP and AP. Consistent and partition-tolerant, which might mean rejecting requests when you can't guarantee consistency. Or available and partition-tolerant, which means you might serve stale data but you never reject a request. HOST_A: Give me a concrete example of each. HOST_B: DynamoDB defaults to AP — eventually consistent reads. Two nodes might disagree briefly after a write, but you'll always get a response. You can configure it for strong consistency, which makes it more CP. PostgreSQL on RDS is CP by design — if the primary goes down during a partition, you might not get a response rather than get stale data. HOST_A: And how does this translate to real decisions? HOST_B: You match the CAP model to your business requirements. A shopping cart — totally fine with AP. If the cart briefly shows an item that was just removed, the user won't even notice. But a financial transaction? You need CP. You cannot have two nodes thinking a transfer is in two different states simultaneously. The business consequence is too severe. HOST_A: I love that framing — match the CAP model to business requirements. Alright, let's hit SQL versus NoSQL, because this is a question where candidates love to overcomplicate things. HOST_B: Ha, yes. I've heard people spend ten minutes hedging on this. The honest answer is: for most applications, you should start with PostgreSQL. Relational databases have been solving hard problems for forty years. ACID transactions, complex joins, mature tooling — unless you have a specific reason to reach for something else, a relational DB will serve you well. HOST_A: When do you reach for NoSQL then? HOST_B: When your access patterns are simple but your scale requirements are extreme. DynamoDB is the best example — key-value lookups, single-digit millisecond latency, and it scales to genuinely any size. But the trade-off is that complex queries become your problem to solve in application code, or you can't do them at all. HOST_A: What about document stores like MongoDB? HOST_B: MongoDB shines when your data shapes are evolving quickly. You don't have a fixed schema yet, you're iterating fast. Or when your data is naturally hierarchical — nested objects — and you'd be doing lots of joins to reconstruct them from relational tables. HOST_A: And Cassandra? HOST_B: Cassandra is purpose-built for massive write throughput and time-series data. Append-heavy workloads. Think IoT telemetry, event logs, anything where you're writing at hundreds of thousands of events per second across many nodes. The trade-off is that your queries are very constrained by how you've modelled your partition keys. HOST_A: What's the mistake you see most often with NoSQL? HOST_B: People choose it because it sounds modern. DynamoDB is the hot choice right now, and teams reach for it without understanding what they're giving up. Then they try to do a reporting query across multiple entities and realise they can't join anything. They end up duplicating data everywhere or running expensive full scans. HOST_A: Alright, let me throw a networking fundamentals question at you. Walk me through what happens from the moment a user types a URL into their browser to the moment they see the page. HOST_B: Okay. First, DNS resolution. The browser checks its own cache — did I look this up recently? If not, it goes to the OS cache, then to the recursive resolver — typically your ISP's or something like 8.8.8.8. The resolver works up the chain: root nameserver, then the TLD nameserver for dot-com, then the authoritative nameserver for that specific domain. Eventually you get an IP address back. HOST_A: And then? HOST_B: Then a TCP connection to that IP on port 443 for HTTPS. If it's the first connection, you have a TLS handshake on top — with TLS 1.3 that's one or two round trips. Then the actual HTTP request goes out, hits either a CDN edge node or a load balancer, gets routed to the origin server, and the response comes back. HOST_A: Why does this matter architecturally? HOST_B: A few things. TTL on DNS records directly affects your failover time. If you set a TTL of one hour and a server goes down, some users are stuck for an hour. Low TTL means faster failover but more DNS queries. CDNs matter because they serve from edge locations close to the user — dramatically lower latency for anything static. And TLS handshake overhead is real — HTTP/2 connection reuse and keep-alive headers exist specifically to amortise that cost. HOST_A: Perfect. Last fundamentals question — what's a CDN and when should you use one? HOST_B: A Content Delivery Network is a globally distributed network of cache servers — called edge nodes — located close to users in different geographies. Instead of every request travelling to your origin server in us-east-1, a user in Frankfurt hits an edge node in Frankfurt. HOST_A: What does it actually help with? HOST_B: Latency for static assets primarily — images, JavaScript, CSS, video. Also DDoS protection, because the edge network absorbs volumetric attacks before they reach your origin. And it reduces load on your origin server because the edges cache popular content. HOST_A: When shouldn't you use a CDN, or when does it not help? HOST_B: For dynamic content — personalised API responses, real-time data. A CDN can't cache a user's account page. For those use cases, if you need global low latency, you need multi-region deployment or edge computing, like Cloudflare Workers or Lambda@Edge. CDN caching only helps if the response is the same for every user. HOST_A: Okay, let's level up. We're moving into design pattern territory now. Ryan, I want you to design a system that handles a hundred thousand concurrent users. HOST_B: Alright. First thing I'm doing is asking clarifying questions — because "a hundred thousand concurrent users" doesn't tell me what kind of system this is. Is it read-heavy or write-heavy? What does the data model look like? What are the consistency requirements? E-commerce and social media have very different patterns. HOST_A: Let's say it's a read-heavy social platform. User feeds, profiles, posts. HOST_B: Okay. I'd start with a stateless application tier behind an Application Load Balancer. The app servers auto-scale horizontally using an Auto Scaling Group, or container-based with ECS and Fargate if we want to avoid managing instances. The critical point is that none of the application state lives on those servers. HOST_A: What about the database? HOST_B: The database is almost always the bottleneck. For a read-heavy workload, I'd use read replicas — one primary for writes, multiple replicas handling reads. We can route queries at the application layer or use a proxy like RDS Proxy. On top of that, a caching layer with ElastiCache and Redis. Hot data — user profiles, popular feeds — lives in Redis. Cache hit rates of ninety percent mean the database only sees ten percent of the read traffic. HOST_A: And static content? HOST_B: CDN for all static assets. Profile photos, media, JavaScript bundles — none of that hits the origin. HOST_A: I want to push on the number. Is a hundred thousand concurrent users really a hard problem? HOST_B: This is where I'd correct a common misconception. Concurrent users is not the same as requests per second. If those hundred thousand users are mostly reading their feeds and scrolling, with an average request rate of maybe one request every few seconds, that's actually not an enormous number of requests per second. A well-optimised single EC2 instance can handle thousands of concurrent connections. The scary number is if they're all writing simultaneously — then you have write amplification and database contention. HOST_A: Good. Now let's talk high availability versus disaster recovery — a lot of candidates conflate these. HOST_B: They're genuinely different things. High availability is about keeping the system operational during normal, expected failure modes. A single instance dying. An Availability Zone going down. HA is multi-AZ deployment, load balancers, health checks, auto-healing. You're targeting 99.9 to 99.99 percent uptime. HOST_A: And disaster recovery? HOST_B: DR is for catastrophic failures. A full region outage. Accidental data deletion at scale. You define it by two metrics: RPO — Recovery Point Objective, meaning how much data loss is acceptable — and RTO — Recovery Time Objective, meaning how long to recover. Zero RPO means zero data loss. One-hour RTO means you're back up within an hour. HOST_A: Walk me through the DR strategies. HOST_B: There's a spectrum, basically a cost versus recovery speed trade-off. At the cheap end: backup and restore. You take snapshots, store them in another region, and in a disaster you restore from backup. RTO could be hours. Then pilot light — you keep a minimal version of your core infrastructure running warm in another region. Core databases replicating, but app tier scaled to zero. RTO of maybe twenty minutes. Warm standby scales that up — a reduced-capacity version of full production running. Minutes to recover. And at the expensive end: hot standby or active-active, where you're fully running in multiple regions simultaneously. HOST_A: What's the most common mistake you see teams make with DR? HOST_B: Building for multi-region when they actually just need multi-AZ. Multi-AZ HA is relatively cheap and solves ninety-five percent of failure scenarios. Multi-region active-active is extremely expensive and operationally complex. Teams think they need the latter, build it badly, and end up with something that's both expensive and unreliable. HOST_A: Alright, synchronous versus asynchronous architecture. HOST_B: Synchronous is the default model everyone understands — you make a request, you wait for a response. Simple to reason about, simple to debug. The downside is tight coupling. If the downstream service is slow or unavailable, your service is blocked too. HOST_A: When's the right call? HOST_B: User-facing operations that need an immediate response. Authentication — the user is sitting there waiting for a login confirmation. Payment processing — they need to know if their card was charged. Search queries. Anything where the user explicitly needs a result before they can continue. HOST_A: And async? HOST_B: Async means putting a message on a queue and moving on. You're decoupled from the downstream consumer. Even if the consumer is down, the message is buffered in the queue. You get built-in retry, you can scale consumers independently. The downsides are complexity — debugging async flows is much harder — and eventual consistency. HOST_B: The canonical example I always use: user uploads a photo. You synchronously save the original to S3 and return a URL — that's fast, the user sees immediate feedback. But resizing the image, generating thumbnails, uploading variants to the CDN — that goes onto an SQS queue. A Lambda worker picks it up asynchronously. The user doesn't wait for all that processing. HOST_A: Let's talk strangler fig. Do you know it? HOST_B: I do. It's named after the strangler fig tree, which grows around an existing tree and gradually replaces it. Architecturally, it's about incrementally replacing a monolith with microservices without doing a big bang rewrite. HOST_A: How does it actually work? HOST_B: You put an API gateway or a proxy in front of the monolith. New features get built as separate microservices behind that proxy. Existing functionality gets migrated piece by piece — first extract authentication, then billing, then user management — each time routing those requests away from the monolith. The monolith keeps handling everything that hasn't been migrated yet. Over time — typically eighteen months to two years for a real migration — the monolith handles less and less traffic until you can retire it entirely. HOST_A: Why is the alternative — the big bang rewrite — almost always a failure? HOST_B: Because you underestimate the accumulated complexity in the monolith. There are years of edge cases, business rules, and subtle behaviours that nobody documented. You write a new system, ship it, and immediately start getting bug reports for things the monolith handled that nobody remembered to spec out. Meanwhile the old monolith is still getting new features, and you're chasing a moving target. HOST_A: Next one — circuit breaker pattern. Why does this matter in microservices specifically? HOST_B: In a monolith, if one component is slow, maybe it affects performance. In microservices, a slow downstream service can take out the entire chain. Here's the failure mode: Service A calls Service B. Service B is having a bad day — requests are timing out after thirty seconds. Service A's thread pool fills up with threads waiting for Service B. Connection pools get exhausted. Service A stops responding. Now Service C, which calls Service A, starts timing out too. You get a cascading failure across the whole distributed system. HOST_A: And the circuit breaker prevents that? HOST_B: Right. A circuit breaker sits between services. When the failure rate exceeds a threshold, the circuit "opens" — instead of actually calling Service B, the circuit breaker immediately returns an error or a fallback value. No waiting. Service A stays healthy. The circuit tries to recover — it goes to a half-open state periodically, lets a test request through, and if it succeeds, closes again. HOST_A: What's the related pattern for isolating resource pools? HOST_B: Bulkhead pattern. Named after the bulkhead compartments in a ship that contain flooding to one section. You give each downstream dependency its own thread pool. If Service B's thread pool is exhausted, Service C's thread pool is completely unaffected. The failure can't cross compartment boundaries. HOST_A: Alright, we're going deep now. Principal level. Ryan, design me a multi-region active-active architecture. And tell me what the hardest problems are. HOST_B: Okay. Active-active means both regions are simultaneously serving production traffic — not just sitting there as a failover target. Users in Europe hit the EU region, users in the US hit the US region. Benefits are clear: lower latency globally, true zero-downtime if one region has an outage. HOST_A: What's the hard part? HOST_B: Data. Data is the hard part, always. If a user in London and a user in New York both update the same record at the same moment — which one wins? You have writes going to two separate databases in two regions, and they need to converge somehow. HOST_A: What are your options? HOST_B: A few. DynamoDB Global Tables gives you eventual consistency across regions — writes replicate in seconds. For most use cases that's fine. Aurora Global Database keeps a primary in one region, read-replica clusters in others with sub-second lag — but writes still go to the primary, so it's more active-passive on the write path. CockroachDB is built for true multi-region SQL with its own consensus protocol. HOST_A: What about conflict resolution? HOST_B: That's the really hard problem. Last-write-wins is the simplest — whoever had the higher timestamp prevails. But what if clocks drift between regions? You get unexpected overwrites. Some systems use vector clocks for causal ordering. Others make conflict resolution application-specific — merge strategies that make sense for your domain. There's no universal answer, which is why this is genuinely difficult. HOST_A: Session stickiness? HOST_B: You generally want a user's session to stay in one region for its duration. You use something like Route 53 latency-based routing so that initial DNS resolution puts them into the closest region, and then session cookies keep them there for the lifetime of the session. HOST_A: What's your bottom line on active-active? HOST_B: Most applications don't need it. They need solid multi-AZ HA and a properly tested DR runbook. Active-active is genuinely expensive — you're paying for double the infrastructure, cross-region data transfer, and enormous operational complexity. If you can't clearly articulate the business need, don't build it. HOST_A: I'll push back on that. For anything that's genuinely business-critical, shouldn't multi-region be the baseline? HOST_B: I'd argue that mastering single-region reliability is a prerequisite. I've seen teams jump straight to multi-region active-active and their multi-region setup is less reliable than a solid single-region system would have been, because they spread complexity before they had the operational maturity to handle it. Nail your multi-AZ setup, nail your runbooks, then graduate to multi-region if the business case genuinely demands it. HOST_A: Fair. We'll disagree on that one. Let's talk cost optimisation — walk me through your approach. HOST_B: First rule: you can't optimise what you can't measure. Get visibility before you touch anything. AWS Cost Explorer, GCP Billing console, Azure Cost Management. Understand which workloads are costing what, broken down by service, region, and team. HOST_A: What are the quick wins? HOST_B: Right-sizing is almost always the first stop. Most compute instances in the wild are over-provisioned by two or three times. Engineers provision a large instance, it works, nobody ever looks at it again. AWS Compute Optimizer tells you that your m5.2xlarge is running at twelve percent CPU and you could save sixty percent by moving to an m5.large. HOST_A: What about commitments? HOST_B: Reserved Instances or Committed Use Discounts for stable baseline workloads. If you know you're going to run three app servers twenty-four-seven for the next year, buy a one-year reservation. You're looking at forty to sixty percent discounts. For spiky workloads, spot instances or preemptible VMs — sixty to ninety percent cheaper — but you must design for interruption. Checkpointing batch jobs, stateless workers with graceful shutdown handlers. HOST_A: What's the cost killer that people miss? HOST_B: Data transfer. It's invisible until it isn't. Cross-region data transfer gets billed by the gigabyte and it adds up fast. Even cross-AZ transfer within a region isn't free. Architects who don't think about data flow topology end up with enormous transfer bills. Using VPC endpoints instead of internet gateways for AWS service access can make a meaningful difference too. HOST_A: What about culture? HOST_B: FinOps. Tagging strategy — every resource tagged with team, environment, product — so you can do cost allocation. Budget alerts so teams know when their spending spikes. Making engineers feel the cost of the decisions they make. When developers never see their cloud bill, they over-provision, spin up things they forget to tear down, and leave dev environments running over weekends. Visibility changes behaviour. HOST_A: Cloud security architecture — give me your framework. HOST_B: Defence in depth. Multiple independent layers so that no single failure compromises the whole system. I think about it in layers. HOST_A: Start with identity. HOST_B: IAM is the foundation. Least-privilege everywhere — no wildcards, no star permissions. Use IAM roles for everything rather than user access keys sitting in config files. Enforce MFA. Roles for EC2 instances, Lambda, ECS tasks — the workload assumes the role, you don't hardcode credentials anywhere. HOST_A: Network layer? HOST_B: VPC segmentation. Public subnets only for load balancers — not app servers, not databases. Private subnets for the application tier, isolated subnets for databases with no internet route at all. Security groups are your micro-perimeters — each service only accepts traffic from the specific sources it needs. WAF in front of public APIs to handle injection attacks, bot traffic, rate limiting at the edge. HOST_A: Data security? HOST_B: Encryption at rest using KMS managed keys. Encryption in transit — TLS everywhere, internally too, not just at the perimeter. Secrets Management — AWS Secrets Manager or Parameter Store. No credentials in environment variables, no credentials in git history. HOST_A: Detection and response? HOST_B: CloudTrail for the API audit log — who called what API when. VPC Flow Logs for network-level visibility. GuardDuty for threat detection — it does ML-based anomaly detection on your CloudTrail and flow logs. Config for compliance — did somebody just open port twenty-two to the world? Config rules catch it. Security Hub aggregates findings from all of these. And critically: incident response runbooks prepared before you need them. The worst time to figure out your IR process is during an actual incident. HOST_A: Last advanced question — how would you migrate a large on-premise application to cloud? HOST_B: I'd start with the seven Rs framework. Retire — some workloads you don't actually need to migrate, just decommission. Retain — things that must stay on-prem for regulatory or technical reasons. Rehost, which is lift-and-shift — you pick up the virtual machine and put it on EC2 without changing anything. Replatform — small optimisations, like moving from a self-managed database to RDS. Repurchase — replace with a SaaS equivalent. Refactor — rearchitect for cloud-native. And Relocate, which is specific to VMware or moving between cloud providers. HOST_A: What's the process? HOST_B: Discovery first — full inventory of every workload, its dependencies, data volumes, performance requirements. Most organisations discover things they'd forgotten existed. Then classify — which workloads do you migrate first? You want low risk, low interdependency, and ideally some business value to demonstrate early wins. HOST_A: Then what? HOST_B: Foundation. Stand up your landing zone — the accounts structure, networking with VPN or Direct Connect back to on-prem during the migration, security baseline, monitoring. Then run a pilot migration — pick one non-critical workload and take it all the way through to production in the cloud. Learn all the things you didn't know you'd need to learn. HOST_A: And then scale it. HOST_B: Migration waves — group workloads by dependency, migrate them together. For each wave: migrate, test, cutover. DNS-based cutover with low TTL so you can roll back quickly if something goes wrong. Then optimise — right-size once you're in the cloud, because on-prem instincts about instance sizes are usually wrong in the cloud. HOST_A: What's the biggest mistake teams make? HOST_B: Trying to refactor and migrate simultaneously. You're doubling the scope of every workload migration. Lift-and-shift first. Yes, you end up with a VM running on EC2 that's technically cloud but not cloud-native. That's fine. It's now in the cloud. It benefits from cloud billing, snapshots, monitoring. Then you modernise it on the next pass with much less risk. HOST_A: Alright — system design time. I want you to design a rate limiter for an API. The requirement is one thousand requests per user per minute. Go. HOST_B: Great. Clarifying questions first. Is this for a single server or distributed across multiple API servers? Is it a hard limit — drop the request at exactly a thousand — or a soft limit with some burst tolerance? And are we returning a 429 Too Many Requests when someone hits the limit? HOST_A: Distributed, across ten API servers. Hard limit. Yes, 429. HOST_B: Okay. Let me walk through the algorithms first, then the architecture. The simplest approach is a fixed window counter — for each user, you keep a count per minute window. Request comes in, you increment the counter, if it's over a thousand you reject. But there's a classic edge case: someone sends nine hundred ninety-nine requests in the last second of one minute window and nine hundred ninety-nine in the first second of the next window — that's nearly two thousand requests in two seconds, and both windows look fine. HOST_A: How do you fix that? HOST_B: Sliding window approaches. The sliding window log stores the timestamp of every request. When a new request comes in, you count how many timestamps fall within the past sixty seconds. Accurate, but memory-intensive — you're storing every single request timestamp per user. The sliding window counter is a middle ground — you keep two fixed windows, the current and the previous, and use a weighted average based on how far through the current window you are. Good balance of accuracy and memory efficiency. HOST_A: What about token bucket? HOST_B: Token bucket is probably the most commonly used in practice. You give each user a bucket with a maximum of a thousand tokens. Tokens refill at a rate of roughly sixteen per second — a thousand per minute. Each request consumes one token. If the bucket is empty, reject. The nice property is that it allows short bursts — if a user has been quiet for a few seconds, they've accumulated tokens and can make several requests quickly. HOST_A: Leaky bucket? HOST_B: Leaky bucket is the inverse. Instead of allowing bursts, it smooths them. Requests go into a queue and are processed at a constant rate. Good for scenarios where you want to protect downstream services from spikes. HOST_A: Architecture? HOST_B: Redis is the central counter store. It's fast — sub-millisecond operations — supports atomic operations, and TTL on keys handles window expiry automatically. The key is something like rate-limit colon user ID colon current window timestamp. I use a Lua script to do the check-and-increment atomically — you don't want a race condition where two servers both read a count of 999 and both decide to allow the request. HOST_A: What do you return to the client? HOST_B: Three response headers: X-RateLimit-Limit with the total limit, X-RateLimit-Remaining with how many requests they have left, and X-RateLimit-Reset with the Unix timestamp when the window resets. Good clients use these to self-throttle rather than hammering until they get 429s. HOST_A: How does it work distributed across ten servers? HOST_B: All ten API servers point at the same Redis instance. Every request, regardless of which server it lands on, atomically increments the same counter in Redis. Rate limiting is consistent across the fleet. If Redis becomes a bottleneck at extreme scale, you use a local in-memory counter on each server and sync to Redis every hundred milliseconds — you trade a small amount of accuracy for dramatically lower latency. HOST_A: What if Redis goes down? HOST_B: You have a choice. Fail open — if you can't check the rate limit, allow the request. Or fail closed — if you can't check, reject. Depends on your threat model. For an internal API where you trust clients, fail open. For a public API with potential abuse, fail closed. HOST_A: Perfect. Let's switch gears — what should candidates ask the interviewer? HOST_B: The questions you ask signal as much as the answers you give. My favourite to open with: "What does your multi-region strategy look like today? Is it aspirational or actually implemented?" You learn a lot from the answer. Teams that say "we're planning to do multi-region next year" every year for three years have a different culture than teams that did it and talk about what they learned. HOST_A: What else? HOST_B: "What's the biggest scaling challenge you've hit in the last year?" This is great because it's specific. You get real war stories. And you can have an actual technical conversation rather than a rehearsed pitch. HOST_A: I like asking candidates what they'd ask about costs. HOST_B: Right — "How do you handle cloud cost governance? Is there a FinOps function or is it per-team responsibility?" A company where nobody owns cost is either very early-stage or accumulating technical debt in the form of cloud spend. HOST_A: What about reliability culture? HOST_B: "What's your incident response process? How long was your last major outage, and what did you learn from it?" Companies that have never had a serious outage haven't been running long enough, or they're not honest. What you really want is a team that had an outage, handled it well, did a blameless post-mortem, and shipped improvements. That's the culture you want to be part of. HOST_A: And the question about architecture maturity? HOST_B: "What's the ratio of cloud-native workloads to lift-and-shifted ones?" This tells you whether you'd be doing greenfield cloud-native development or wrestling with legacy infrastructure. Neither is necessarily bad — but you want to know what you're signing up for. HOST_A: Okay. Synthesis time. What separates the good candidates from the great ones? HOST_B: The great ones think about failure first. Before they tell me how the happy path works, they're already asking about what happens when the database goes down, when the queue backs up, when the third-party API is unavailable. That instinct — designing for failure from the start — is what makes the difference between an architecture that holds up at three AM and one that doesn't. HOST_A: I agree completely. I'd add: the best candidates have strong opinions and hold them loosely. They'll push back on me if they think I'm wrong, but they'll genuinely update their view when I present a compelling counter-argument. The candidates who just agree with everything I say concern me. The candidates who dig their heels in regardless also concern me. The sweet spot is someone who's thought deeply enough to have a perspective but is intellectually honest enough to change it. HOST_B: Cost awareness is massively underrated. I'm not exaggerating when I say a significant portion of engineers have never actually looked at their team's cloud bill. They've made architectural decisions that cost tens of thousands of dollars a month and have no idea. The candidates who talk fluently about cost trade-offs — spot versus on-demand, reserved capacity, data transfer costs — they stand out immediately. HOST_A: We disagreed earlier — I think multi-region should be a baseline for anything genuinely business-critical. Ryan's view is that most teams aren't ready for it. HOST_B: I'll stand by it. The prerequisite for multi-region is single-region excellence. If you can't keep one region reliable, two regions won't save you — you'll just have twice as many places where things can go wrong, and the failure modes will be subtler and harder to debug. HOST_A: And I'll stand by mine — for a certain class of systems, the business case is clear and you shouldn't let the operational complexity excuse you from building it. The complexity is the job. HOST_B: Fair. The answer is probably "it depends on the team's maturity and the actual uptime requirements of the business." HOST_A: Which is the answer to most architecture questions. HOST_B: It genuinely is. HOST_A: Ryan, you passed. Just barely. HOST_B: I'll take it. That's all for Clawd Talks today. If you found this useful, share it with someone who's got an interview coming up. And go look at your cloud bill. HOST_A: Go look at your cloud bill. That's the real homework. See you next time.