AWS Amazon File Cache Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Storage

Category

Storage

1. Introduction

Amazon File Cache is an AWS managed service that provides a high-performance, low-latency file cache in front of data stored in remote repositories (such as Amazon S3 and supported NFS/SMB data sources, depending on cache type). It is designed for workloads that need fast file access without fully copying large datasets into high-performance storage.

In simple terms: you place Amazon File Cache close to your compute (EC2, containers, or on-prem via private connectivity), point it at your data source, and then mount the cache like a file system. Your applications read and write through the cache. Frequently accessed (“hot”) data is served from the cache at much lower latency than repeatedly fetching it from the origin.

Technically, Amazon File Cache provisions a managed cache inside your VPC. You choose a cache type (for example, a Lustre-based cache for HPC-style throughput and parallel access, or an ONTAP-based cache for familiar enterprise file protocols—availability depends on the current AWS offering). You then create one or more data repository associations that define where the cache pulls data from and (optionally) where it writes back. Clients mount the cache using the protocol supported by the cache type and access data using standard file operations.

The core problem it solves is the “data gravity vs. performance” trade-off: teams often keep authoritative datasets in a durable, cost-effective storage system (like Amazon S3 or an on-prem NAS), but their compute needs fast POSIX-style file access with high throughput and low latency. Amazon File Cache addresses this by caching only what you use, close to where you compute.

Service status note: Amazon File Cache is an active AWS service as of the latest available documentation. Always verify the newest capabilities, cache types, and regional availability in the official docs before production adoption.

2. What is Amazon File Cache?

Official purpose (high level)
Amazon File Cache is a managed file caching service that accelerates access to data stored in remote data repositories by presenting a high-performance file interface to compute clients.

Core capabilities – Create a managed cache in your VPC. – Associate the cache with one or more data repositories (for example, Amazon S3 and/or supported external file systems, depending on cache type and configuration). – Expose cached data to clients through a file interface/protocol supported by the chosen cache type. – Automatically keep frequently accessed data in the cache; evict cold data when space is needed (cache behavior and policies are configurable to a degree; verify in official docs).

Major components – Cache: The primary resource you provision (capacity, networking, security). – Cache type: Determines protocol and performance characteristics (for example, Lustre-based vs. ONTAP-based; confirm current options in docs). – Data repository association (DRA): A configuration that links a cache to a repository (e.g., an S3 bucket/prefix). It defines how data is imported and (if enabled) exported/written back. – Mount endpoint / DNS name: The address and mount name/path used by clients to mount and access the cache. – VPC networking: Subnets, security groups, routing, DNS—controls client connectivity. – IAM / control plane permissions: Controls who can create/modify/delete caches and associations.

Service type – Managed AWS Storage service (caching layer) deployed into your VPC (similar in networking posture to other VPC-attached managed storage services).

Regional/global/zonal scope – Amazon File Cache is a regional service that provisions cache resources inside specific subnets/AZs in a chosen AWS Region. Exact multi-AZ characteristics depend on cache type and configuration—verify in official docs for your chosen cache type.

How it fits into the AWS ecosystem – Complements Amazon S3 (durable object storage) by providing a fast file interface close to compute. – Works alongside compute services like Amazon EC2, Amazon EKS, and AWS Batch (mount from worker nodes). – Integrates with AWS IAM, Amazon VPC, AWS KMS, Amazon CloudWatch, and AWS CloudTrail for security, observability, and governance (specific metrics/events vary—verify in docs).

3. Why use Amazon File Cache?

Business reasons

• Faster time-to-insight for analytics, simulation, and ML workloads without replatforming data storage.
• Avoid overprovisioning expensive high-performance storage for entire datasets when only a subset is “hot.”
• Reduce operational effort compared to managing self-hosted caching clusters.

Technical reasons

• Low-latency file access for repeated reads of the same data.
• High throughput for parallel workloads (especially with Lustre-style patterns).
• File semantics for applications that expect POSIX-like file operations rather than object APIs.
• Data locality: keep hot working sets in AWS near compute while leaving the system of record in S3 or external repositories.

Operational reasons

• Fully managed provisioning, scaling (within supported options), patching, and replacement of underlying components by AWS.
• Integration with AWS-native monitoring/auditing tools.
• Clear lifecycle controls: create, associate repositories, mount, validate, and tear down.

Security/compliance reasons

• VPC-scoped deployment with security groups and private IPs.
• Encryption at rest using AWS KMS keys (availability/configuration depends on cache type—verify).
• IAM-based control plane authorization and CloudTrail auditability for API activity.

Scalability/performance reasons

• Cache capacity and throughput are provisioned explicitly; you can size for your workload’s IOPS/throughput needs.
• Cache serves repeated reads from local high-performance storage rather than round-tripping to S3 or remote NAS.

When teams should choose Amazon File Cache

• You have large datasets in S3 (or supported repositories) and compute jobs repeatedly read subsets.
• You want a managed cache instead of building a caching tier with EC2 + NVMe + custom software.
• You need file access performance improvements without migrating authoritative data out of S3 or on-prem storage.

When teams should not choose it

• Your workload already performs well using S3-native access (e.g., analytics engines optimized for object storage) and does not need a file system interface.
• You need a general-purpose shared file system as the system of record (consider Amazon EFS, Amazon FSx offerings, or on-prem NAS).
• You require global, edge-distributed caching for HTTP content (consider Amazon CloudFront).
• Your access pattern is mostly one-time reads with little reuse—caching may not deliver value.

4. Where is Amazon File Cache used?

Industries

• Media & entertainment (rendering, transcoding, VFX pipelines)
• Life sciences (genomics, imaging)
• Financial services (risk simulations, backtesting)
• Manufacturing (CAE/CFD simulation)
• Research and academia (HPC workloads)
• Software and gaming (build farms, asset processing)

Team types

• Platform engineering teams providing shared compute + data platforms
• HPC engineering teams
• ML engineering / MLOps teams
• DevOps/SRE teams optimizing storage performance and costs
• Data engineering teams with file-centric tools

Workloads

• HPC simulations that repeatedly access reference datasets
• ML training/inference pipelines with repeated access to training shards or feature files
• Media processing pipelines reading the same source assets many times
• CI/CD build systems that repeatedly pull dependencies and artifacts (when file protocol fits)
• Hybrid workflows where authoritative data remains on-prem but compute bursts in AWS (connectivity required)

Architectures

• “S3 data lake + file cache + EC2/EKS compute”
• “Hybrid NAS + private link (VPN/Direct Connect) + file cache + EC2 compute”
• “Burst compute farm with autoscaling + shared cache layer”

Production vs dev/test usage

• Production: cache sized for predictable throughput and hot working set; strong monitoring; controlled eviction/import policies; multi-account governance; infrastructure as code.
• Dev/test: smaller caches for functional testing; validate mount, permissions, and dataset access patterns; cost controls with scheduled teardown.

5. Top Use Cases and Scenarios

Below are realistic scenarios where Amazon File Cache is commonly a good fit. Exact feasibility depends on cache type and repository support—validate in official docs for your configuration.

1) Accelerate HPC jobs over S3 datasets
– Problem: Jobs repeatedly read the same reference data from S3; object access adds latency and overhead.
– Why it fits: Cache keeps hot files local and serves POSIX-style reads quickly.
– Example: A CFD solver reads mesh and boundary condition files across thousands of timesteps.

2) ML training with repeated epoch reads
– Problem: Training reads the same dataset for many epochs; repeated S3 GETs increase latency and cost.
– Why it fits: Cache warms on first epoch; subsequent epochs hit local cache.
– Example: PyTorch training reading images stored in S3 via a file interface.

3) Media rendering pipeline with shared assets
– Problem: Render nodes repeatedly read textures/assets from central storage.
– Why it fits: Shared cache reduces repeated origin reads and speeds frame rendering.
– Example: 200 EC2 workers read the same texture library for a render sequence.

4) Burst compute against on-prem NAS (hybrid)
– Problem: On-prem NAS is authoritative but remote; cloud burst jobs are slow over WAN.
– Why it fits: Cache in AWS reduces WAN reads after initial fetch (requires repository support and private connectivity).
– Example: Nightly risk simulation bursts to AWS but uses on-prem market data files.

5) Interactive analytics on file-based datasets
– Problem: Analysts need fast repeated access to parquet/csv files that are “file-oriented.”
– Why it fits: Cache reduces latency for iterative exploration.
– Example: Jupyter notebooks on EC2 repeatedly scan a subset of data.

6) Build and dependency cache for large monorepos
– Problem: CI workers repeatedly fetch the same toolchains and artifacts.
– Why it fits: File cache can act as a shared read cache near the build fleet.
– Example: A C++ build farm repeatedly reads the same SDKs and dependencies.

7) Geospatial processing with tiled datasets
– Problem: Repeated reads of the same tiles during processing.
– Why it fits: Cache keeps frequently accessed tiles local.
– Example: Raster processing jobs use the same base layers across many runs.

8) Genomics pipelines with shared reference genomes
– Problem: Reference genomes are large and reused across samples.
– Why it fits: Cache warms once; many pipelines reuse local copies.
– Example: BWA/GATK pipelines reuse the same reference across a batch.

9) Software testing with large fixture datasets
– Problem: Test suites repeatedly read large fixture files.
– Why it fits: Cache reduces time spent reading fixture data.
– Example: Integration tests reading the same fixture archive repeatedly.

10) Centralize “hot dataset” caching for multiple teams
– Problem: Many teams separately copy data into ephemeral disks or EBS, causing duplication and drift.
– Why it fits: Shared cache reduces duplicate copies and standardizes access patterns.
– Example: A platform team provides a mounted cache to multiple compute groups.

6. Core Features

Note: Feature availability depends on cache type and AWS updates. Confirm details for your selected cache type in the official documentation: https://docs.aws.amazon.com/filecache/

6.1 Managed file cache in a VPC

• What it does: Provisions a managed caching layer accessible via file protocol(s) supported by the cache type.
• Why it matters: Avoids building and operating your own caching cluster.
• Practical benefit: Faster setup, fewer operational tasks, consistent security posture (VPC + SG).
• Caveats: You must design subnets, security groups, routing, and client placement for performance.

6.2 Cache types (performance + protocol options)

• What it does: Lets you choose an implementation optimized for specific workloads (e.g., Lustre for HPC-style workloads; ONTAP-based cache for enterprise file protocols—verify current options).
• Why it matters: Protocol and performance characteristics drive application compatibility.
• Practical benefit: Match caching layer to workload and client OS support.
• Caveats: Client requirements differ (e.g., Lustre client modules vs. NFS/SMB mounts).

6.3 Data repository associations (DRAs)

• What it does: Connects the cache to an origin repository (for example, S3 bucket/prefix).
• Why it matters: Defines how data is brought into cache (lazy-load on access and/or prefetch/import) and whether writes are exported.
• Practical benefit: Keep S3 as the system of record but accelerate file reads.
• Caveats: Export/write-back semantics vary; confirm consistency expectations and supported operations.

6.4 Lazy loading and cache warming

• What it does: Loads data into cache when first accessed; some configurations allow importing a set of files ahead of time.
• Why it matters: You don’t need to preload entire datasets to see benefits.
• Practical benefit: Fast start with incremental warm-up.
• Caveats: First access still pays origin latency; plan warm-up jobs for predictable performance.

6.5 High-throughput access for parallel workloads

• What it does: Serves hot data locally with high throughput, optimized for many clients.
• Why it matters: Shared datasets are common in HPC/ML/media pipelines.
• Practical benefit: Reduced job time and improved cluster utilization.
• Caveats: You must size throughput and client networking (ENA, instance types) accordingly.

6.6 Encryption at rest (KMS)

• What it does: Encrypts cache storage using AWS Key Management Service (KMS) keys.
• Why it matters: Helps meet security/compliance requirements.
• Practical benefit: Encryption without managing keys on hosts.
• Caveats: Key policies and grants must allow the service; key rotation and deletion policies matter.

6.7 VPC security controls (SGs, subnets)

• What it does: Limits who can connect to the cache using security groups and network placement.
• Why it matters: File services are high-value targets; network isolation is essential.
• Practical benefit: Private-only endpoints; no public exposure required.
• Caveats: Misconfigured SG/NACL/DNS is the most common cause of mount failures.

6.8 Observability (CloudWatch / events)

• What it does: Exposes operational metrics (cache hits/misses, throughput, utilization—exact metrics vary) and API activity in CloudTrail.
• Why it matters: Caches are performance components; you must measure effectiveness.
• Practical benefit: Track hit ratio, capacity pressure, and client errors.
• Caveats: Not all file-level operations are logged (file access is data plane); rely on metrics and client-side instrumentation.

6.9 API/CLI/IaC-friendly

• What it does: Supports AWS APIs and AWS CLI for repeatable provisioning; can be managed via infrastructure-as-code tools (CloudFormation/Terraform support varies by release—verify).
• Why it matters: Production deployments should be reproducible.
• Practical benefit: Automated environments, consistent tagging, easier teardown.
• Caveats: Ensure your IaC provider supports the latest resource types and properties.

6.10 Tagging for cost allocation and governance

• What it does: Apply tags to caches and related resources.
• Why it matters: Enables cost allocation, ownership, and policy enforcement.
• Practical benefit: Chargeback/showback; automated lifecycle rules.
• Caveats: Enforce tags with SCPs or tag policies if needed.

7. Architecture and How It Works

7.1 High-level architecture

At a high level: 1. You create an Amazon File Cache in a VPC subnet. 2. You associate it with a data repository (commonly Amazon S3). 3. Clients in the VPC (or connected networks) mount the cache using the cache’s protocol. 4. On first access, data is fetched from the repository into cache; subsequent access is served from the cache until eviction.

7.2 Request/data/control flow

• Control plane (AWS APIs):
• Create cache, configure capacity/throughput and networking.
• Create data repository association(s).
• Updates and deletes.
• Audited via CloudTrail.
• Data plane (client I/O):
• Client mounts cache endpoint.
• File reads:
  • Cache hit: serve from local cache.
  • Cache miss: fetch from repository and store locally, then serve.
• File writes:
  • Behavior depends on cache type and export policies—verify in official docs.

7.3 Integrations and related services

Common integrations include: – Amazon S3 as a data repository/system of record. – Amazon EC2 compute clients mounting the cache. – Amazon VPC for network placement, routing, and security groups. – AWS IAM for provisioning permissions. – AWS KMS for encryption keys. – Amazon CloudWatch for metrics and alarms. – AWS CloudTrail for API auditing. – AWS Direct Connect / AWS Site-to-Site VPN for hybrid access scenarios (if supported/needed).

7.4 Dependency services

• VPC/Subnets/Security Groups (mandatory)
• Data repository service (often S3)
• Compute clients (EC2/EKS nodes)
• IAM permissions for creation and repository access (e.g., S3 access policies)

7.5 Security/authentication model

• API authorization: IAM (users/roles/policies) controls who can manage File Cache resources.
• Repository authorization: Typically IAM permissions to read from/write to S3 (exact mechanisms depend on association configuration; verify).
• Client access authorization: Usually controlled via network security (SG/NACL) plus file permissions/ACLs at the protocol level (POSIX permissions for some cache types; NFS/SMB auth for others).

7.6 Networking model

• Deployed inside your VPC with private IP addresses in chosen subnet(s).
• Clients must have:
• IP routing to the cache ENIs
• DNS resolution (if using DNS names)
• Security group rules allowing the protocol ports
• Hybrid clients require VPN/Direct Connect connectivity and appropriate routing/SG rules.

7.7 Monitoring/logging/governance considerations

• Create CloudWatch alarms for:
• Cache utilization (capacity pressure)
• Throughput saturation
• Error metrics (if provided)
• Use CloudTrail to audit:
• Cache creation/deletion
• Data repository association changes
• Tag resources for:
• Owner/team
• Environment (dev/test/prod)
• Cost center

7.8 Simple architecture diagram (Mermaid)

flowchart LR
  EC2[EC2 Compute Client(s)] -->|Mount + file I/O| AFC[Amazon File Cache\n(in VPC)]
  AFC -->|Fetch on miss / optional export| S3[Amazon S3\nData Repository]

7.9 Production-style architecture diagram (Mermaid)

flowchart TB
  subgraph OnPrem[On-Prem / Corp Network]
    Users[Engineers / Pipelines]
    NAS[Optional: On-prem NAS/NFS/SMB\n(Origin repository if supported)]
  end

  subgraph AWS[AWS Region]
    subgraph VPC[Customer VPC]
      ASG[Auto Scaling Group / EKS Node Group\nCompute Fleet]
      AFC[Amazon File Cache\n(Private Subnets)]
      CW[Amazon CloudWatch\nMetrics/Alarms]
      CT[AWS CloudTrail\nAPI Audit]
      KMS[AWS KMS Key]
    end
    S3[Amazon S3\nData Lake / Origin]
    DX[Direct Connect or Site-to-Site VPN]
  end

  Users --> DX --> ASG
  NAS -.if used as repository.-> DX --> AFC
  ASG -->|Mount + Read/Write| AFC
  AFC -->|Miss fetch / export (config-dependent)| S3
  AFC --> KMS
  AFC --> CW
  AFC --> CT

8. Prerequisites

Account and billing

• An active AWS account with billing enabled.
• Ability to create and pay for:
• Amazon File Cache resources
• EC2 instances
• S3 storage and requests
• Data transfer (if applicable)

Permissions / IAM

You need IAM permissions to: – Create/describe/update/delete Amazon File Cache caches and data repository associations. – Create/manage dependent resources: – VPC, subnets, security groups (or use existing ones) – EC2 instances and IAM instance profiles – S3 bucket/object operations for the dataset

If you’re in an enterprise environment: – Ensure Service Control Policies (SCPs) allow filecache:* actions as needed. – Ensure KMS key policies allow Amazon File Cache to use the selected key (if using customer-managed keys).

Tools

• AWS Management Console (for the guided lab)
• AWS CLI v2 (optional but recommended)
• SSH client (to access EC2)
• A Linux EC2 instance to mount the cache (recommended for most cache types)

Region availability

• Amazon File Cache is not available in every region. Verify region support in official docs and the AWS console service drop-down:
• Docs landing page: https://docs.aws.amazon.com/filecache/

Quotas / limits

• Service quotas apply (number of caches, maximum storage/throughput per cache, associations per cache, etc.).
  Check Service Quotas in the AWS console and the docs. If you hit a limit, request an increase where supported.

Prerequisite services

• Amazon VPC with:
• At least one subnet where the cache will be deployed
• Security groups allowing client connections
• Amazon S3 bucket with sample data (for the lab)

9. Pricing / Cost

Amazon File Cache pricing is usage-based and varies by: – Cache type (different performance characteristics and underlying implementation) – Region – Provisioned cache capacity (typically billed per GiB/TiB-month) – Provisioned throughput or performance tier (often billed per MB/s-month or similar dimension; exact model depends on cache type—verify) – Data repository access costs (e.g., S3 request charges) – Data transfer costs (especially cross-AZ or cross-region, and hybrid connectivity egress/ingress where applicable)

Official pricing: – Amazon File Cache pricing page: https://aws.amazon.com/filecache/pricing/ (verify URL availability in your region/partition) – AWS Pricing Calculator: https://calculator.aws/#/

Pricing dimensions (typical categories to expect)

• Cache storage capacity: You provision a size; billed for the time it exists.
• Performance/throughput: You may select a throughput capacity or tier; billed for the time it exists.
• S3 costs (if S3 is the repository):
• Storage (for your dataset)
• PUT/GET/LIST requests (cache misses, metadata operations, imports)
• Data retrieval charges for certain S3 storage classes (e.g., Glacier retrieval) if used—be careful.
• Data transfer:
• Data transfer between services may be charged depending on AZ boundaries and routing.
• Hybrid: Direct Connect port-hours and data transfer, VPN charges, on-prem egress, etc.

Free tier

• As of the latest known model, there is no general free tier for provisioning Amazon File Cache. Always confirm on the pricing page.

Cost drivers to watch

• Overprovisioned throughput: paying for performance you don’t use.
• Oversized cache capacity: paying for large cache disks even if hot set is small.
• High cache miss rates: more origin reads and S3 request costs; cache delivers less value.
• Expensive S3 storage class retrieval: avoid caching from archive classes without planning.
• Data transfer from hybrid origins: repeated misses can amplify WAN costs.

Hidden or indirect costs

• EC2 clients: instances used to mount and test; production fleets can be large.
• CloudWatch: custom metrics, detailed monitoring, and log ingestion.
• KMS: API calls for encryption can add cost (typically small but not zero).
• Operational overhead: staffing time to tune cache warming/eviction and client configuration.

How to optimize cost

• Right-size cache:
• Start with a smaller cache, measure hit ratio, then scale.
• Engineer cache warming:
• Preload only the working set if your workflow supports it.
• Reduce unnecessary misses:
• Avoid scanning entire buckets/prefixes repeatedly.
• Place compute close to cache:
• Keep clients in the same VPC and (where possible) in the same AZ to reduce latency and potential data transfer.
• Use tags and budgets:
• Enforce environment tags and set AWS Budgets alerts.

Example low-cost starter estimate (conceptual)

A minimal lab environment typically includes: – A small Amazon File Cache (smallest supported capacity/throughput for your cache type) – One small EC2 instance for mounting and validation – A small S3 bucket with a few GB of data

Because exact prices vary by region and cache type, calculate with: – AWS Pricing Calculator: https://calculator.aws/#/ – Amazon File Cache pricing page: https://aws.amazon.com/filecache/pricing/

Example production cost considerations (conceptual)

In production you should budget for: – Multiple caches per environment (dev/stage/prod) – Higher throughput tiers and larger cache capacity – Larger S3 request volume (especially during warm-up) – Networking (Direct Connect/VPN) if hybrid – Observability and support tooling

10. Step-by-Step Hands-On Tutorial

This lab creates an Amazon File Cache associated with an Amazon S3 bucket, mounts it from an EC2 Linux instance, and verifies that files can be accessed through the cache.

Important: The exact mount commands and client requirements depend on the cache type you create. This lab is written for a common pattern: a Lustre-based Amazon File Cache associated with S3. If your region/account offers a different default cache type or requires different client tooling, adapt using the official “Getting started” documentation for Amazon File Cache: https://docs.aws.amazon.com/filecache/

Objective

• Provision Amazon File Cache in a VPC.
• Associate it with an S3 bucket/prefix.
• Mount the cache from an EC2 instance.
• Read a file through the cache and validate access.
• Clean up all resources to avoid ongoing charges.

Lab Overview

You will create: – 1 S3 bucket with sample data – 1 Amazon File Cache – 1 Data repository association (cache ↔ S3) – 1 EC2 instance in the same VPC/subnet – Security group rules to allow the mount protocol

Estimated time: 45–90 minutes (first-time setup often takes longer).

---

Step 1: Choose a Region and prepare a VPC/subnet

1. In the AWS Console, select a region where Amazon File Cache is available.
2. Ensure you have a VPC with: – At least one private subnet (recommended) – DNS resolution enabled in the VPC
3. Decide where to place your EC2 instance: – Same VPC – Ideally same subnet/AZ for best performance

Expected outcome: You have a VPC/subnet ready for the cache and the client instance.

---

Step 2: Create an S3 bucket and upload sample data

1. Go to Amazon S3 → Buckets → Create bucket.
2. Create a globally unique bucket name, for example: – my-filecache-lab-<accountid>-<region>
3. Keep default settings unless your organization requires encryption/block public access policies (recommended: block all public access).
4. Upload a test file. Use something meaningfully sized (e.g., 100MB–1GB) to see caching effects.

You can generate a file locally and upload it:

# On your local machine (Linux/macOS):
dd if=/dev/urandom of=sample-512m.bin bs=1M count=512
aws s3 cp sample-512m.bin s3://my-filecache-lab-ACCOUNT-REGION/data/sample-512m.bin

If you don’t have AWS CLI locally, upload a smaller file via the console.

Expected outcome: You have s3://<bucket>/data/sample-512m.bin available.

---

Step 3: Create security groups for the cache and the client

You need a security group that allows your EC2 client to connect to the cache.

1. Go to VPC → Security Groups → Create security group: – Name: sg-filecache-lab – VPC: select your lab VPC
2. Add inbound rules appropriate for your cache type: – If using a Lustre-based cache, you must allow the Lustre network ports used by the client. Port requirements can vary by implementation and AWS guidance.
   Verify the required ports in the Amazon File Cache documentation for your cache type. – For NFS-based access (if using an ONTAP/NFS cache), you typically need TCP/UDP 2049, plus any required RPC services depending on NFS version and configuration—again, verify.

For a safe lab pattern, you can restrict inbound to the client’s security group rather than a CIDR.

3. Create another security group for EC2 SSH access (or reuse an existing one): – Name: sg-ec2-ssh – Inbound: TCP 22 from your IP (e.g., x.x.x.x/32)

Expected outcome: You have SGs ready, with protocol rules to be finalized based on the cache type’s documentation.

---

Step 4: Create an Amazon File Cache

1. Go to Amazon File Cache in the AWS Console.
2. Choose Create cache.
3. Select: – Cache type: Choose the cache type that supports S3 as a data repository (commonly a Lustre-based cache).
   If multiple types exist, pick the one aligned with your workload and supported in your region.
4. Configure: – Cache name: filecache-lab – Storage capacity: choose the smallest allowed for the lab (to reduce cost) – Throughput/performance: choose the smallest allowed for the lab – VPC: your lab VPC – Subnet: the subnet where your EC2 client will run (recommended) – Security groups: sg-filecache-lab – Encryption: enable at rest encryption; choose AWS-managed key or customer-managed key per policy
5. Create the cache.

Provisioning can take time.

Expected outcome: Cache status becomes Available (or equivalent) and you can see: – Cache DNS name / endpoint – Mount name or mount path (depends on cache type)

---

Step 5: Create a Data Repository Association (cache ↔ S3)

1. Inside the cache details, find Data repository associations → Create association.
2. Select repository type: Amazon S3.
3. Enter: – S3 bucket: your lab bucket – S3 prefix: data/ (optional but recommended to scope)
4. Choose the import/export behavior: – For a read-focused lab, it’s common to import on access and avoid exporting writes unless you need it. – Export/write-back semantics vary; choose a conservative option and verify what it does in the docs.
5. Create association.

Expected outcome: Association state becomes Available (or equivalent). The cache is now connected to your S3 prefix.

---

Step 6: Launch an EC2 instance to mount the cache

1. Go to Amazon EC2 → Instances → Launch instances.
2. Choose a Linux AMI compatible with your cache client requirements: – For Lustre client mounting, AWS often documents supported OS versions and packages.
   Verify supported OS/client instructions in Amazon File Cache docs.
3. Instance type: small (e.g., t3.small) is fine for functional validation (performance testing needs bigger).
4. Networking: – VPC: lab VPC – Subnet: same as cache (recommended) – Security groups: attach both sg-ec2-ssh and a group that allows it to reach the cache (often sg-filecache-lab is enough if rules reference SG-to-SG)
5. IAM role (recommended): – Attach an instance profile with permission to read S3 objects in your lab bucket (optional for the mount itself, but useful for troubleshooting).
6. Launch and connect via SSH:

ssh -i /path/to/key.pem ec2-user@EC2_PUBLIC_IP

Expected outcome: You have shell access to the EC2 instance.

---

Step 7: Install the required client packages (depends on cache type)

If your cache is Lustre-based

You must install a Lustre client matching your kernel/OS.

Because exact packages and commands change over time and by OS, use the official Amazon File Cache documentation for the correct install steps.

General validation points (not a substitute for docs): – You need the mount.lustre helper and kernel modules. – Your security group and NACL must allow the required Lustre ports.

Expected outcome: You can run a command like:

which mount.lustre || true

and see it installed (path printed), or otherwise confirm via package manager output.

---

Step 8: Mount Amazon File Cache on the EC2 instance

1. Create a mount point:

sudo mkdir -p /mnt/filecache

2. Get the cache mount information from the Amazon File Cache console: – DNS name (example format varies) – Mount name (for Lustre-style mounts)

3. Mount (example pattern for Lustre; replace values with your cache’s values):

# Example only - verify exact mount syntax in the console and docs
sudo mount -t lustre -o noatime,flock CACHE_DNS_NAME@tcp:/MOUNT_NAME /mnt/filecache

4. Verify mount:

mount | grep -i filecache || true
df -h /mnt/filecache

Expected outcome: df -h shows a mounted file system at /mnt/filecache.

---

Step 9: Access data via the cache and observe behavior

List the directory corresponding to your association:

ls -lah /mnt/filecache

If your association maps S3 prefix content into the cache namespace, navigate accordingly (mapping differs by cache type and association settings—verify).

Try reading the file:

time head -c 1048576 /mnt/filecache/path/to/data/sample-512m.bin > /dev/null

Then read again:

time head -c 1048576 /mnt/filecache/path/to/data/sample-512m.bin > /dev/null

If caching is working, repeated reads are typically faster (exact results depend on many factors).

Expected outcome: You can read the S3-originated file via the mounted cache path.

---

Validation

Use this checklist:

• Cache status: Available
• DRA status: Available
• EC2 can resolve DNS for cache endpoint (if using DNS name)
• Mount succeeds and appears in mount output
• File reads succeed via mounted path
• Optionally confirm cache metrics in CloudWatch (hit/miss, throughput, utilization—if provided for your cache type)

---

Troubleshooting

Common issues and fixes:

1. Mount command fails: “No route to host” / timeout – Check VPC routing (subnet route tables). – Check security group inbound rules for the cache and outbound rules for the client. – Check NACLs. – Ensure EC2 and cache are in reachable subnets.

2. Mount fails: “unknown filesystem type ‘lustre’” – Lustre client not installed or kernel module missing. – Use the OS/client instructions from the official docs for Amazon File Cache.

3. DNS resolution fails – Ensure VPC has DNS resolution and DNS hostnames enabled. – Ensure EC2 uses VPC DNS or correct resolver.

4. You can mount, but directory is empty / file not found – Confirm your data repository association maps to the prefix you used. – Confirm the S3 prefix and object keys. – Confirm association import policy and whether metadata is visible before first access (varies).

5. Permission denied – For POSIX-style access, check UID/GID mapping and file permissions. – For NFS/SMB-based cache types, verify identity/auth configuration.

6. Unexpected S3 costs – High misses or repeated scans cause many GET/LIST requests. – Avoid repeatedly listing huge prefixes; narrow scope.

---

Cleanup

To avoid ongoing charges, delete resources in this order:

1. On EC2:

sudo umount /mnt/filecache || true

2. Delete the Data Repository Association from Amazon File Cache console (or CLI).
3. Delete the Amazon File Cache.
4. Terminate the EC2 instance.
5. Delete S3 objects and the S3 bucket:

aws s3 rm s3://my-filecache-lab-ACCOUNT-REGION --recursive
aws s3 rb s3://my-filecache-lab-ACCOUNT-REGION

6. Remove security groups if not needed.

Expected outcome: No Amazon File Cache resources remain; ongoing charges stop.

11. Best Practices

Architecture best practices

• Place cache close to compute: same VPC, ideally same AZ where feasible.
• Design for warm-up: run a controlled warm-up job for predictable performance before critical runs.
• Separate caches by workload when access patterns differ significantly (prevents cache thrash).
• Use S3 prefixes per dataset/team to keep associations clean and limit accidental scans.

IAM/security best practices

• Apply least privilege IAM policies for:
• filecache:* actions (control plane)
• S3 bucket access used by DRAs
• Prefer customer-managed KMS keys if you need key policy control and audit requirements.
• Use SCPs and permission boundaries in enterprise orgs to enforce guardrails.

Cost best practices

• Start small, measure, then scale.
• Track cache effectiveness with:
• Hit/miss ratios
• Throughput
• Origin request counts (S3)
• Turn off or delete dev/test caches when not in use.
• Implement tagging + AWS Budgets by environment/team.

Performance best practices

• Choose the cache type that matches your access pattern (HPC vs. enterprise file sharing).
• Use EC2 instances with sufficient network bandwidth (ENA-enabled, appropriate size).
• Avoid “cache stampede” during warm-up—coordinate job start times or prefetch.

Reliability best practices

• Treat the cache as ephemeral acceleration, not the only copy of data.
• Keep the system of record in S3 (or your authoritative repository).
• Validate export/write-back semantics before relying on the cache for writes.

Operations best practices

• Use Infrastructure as Code for reproducibility.
• Create CloudWatch alarms for utilization and error indicators.
• Document mount procedures and client requirements for your OS fleet.

Governance/tagging/naming best practices

• Standard tags: Owner, Team, Environment, CostCenter, DataClassification.
• Naming: include env + region + dataset, e.g., afc-prod-usw2-genomics-cache.

12. Security Considerations

Identity and access model

• IAM controls management of caches and associations.
• Client access is primarily governed by:
• Network-level controls (SG/NACL/routing)
• Protocol-level access controls (POSIX permissions, NFS exports, SMB authentication), depending on cache type

Encryption

• At rest: Use KMS encryption for cache storage (supported options depend on cache type—verify).
• In transit: Depends on protocol:
• SMB can support encryption in transit (SMB3).
• NFS encryption depends on version and configuration (Kerberos options).
• Lustre in-transit security depends on client/server setup and AWS offering—verify in docs.

Network exposure

• Do not expose cache endpoints publicly.
• Use private subnets; access via bastion/SSM for admin.
• Restrict SG rules to only the compute security groups that require access.

Secrets handling

• If SMB/AD integration is used (cache type dependent), store credentials in AWS Secrets Manager and rotate where possible.
• Avoid embedding secrets in user data scripts or AMIs.

Audit/logging

• Enable and retain CloudTrail logs for File Cache API actions.
• Monitor with CloudWatch metrics; consider EventBridge rules for lifecycle events (if supported).

Compliance considerations

• Confirm service compliance programs (HIPAA, PCI, SOC, ISO, etc.) for your region on:
• AWS Services in Scope: https://aws.amazon.com/compliance/services-in-scope/
• Ensure encryption and access controls meet your internal standards.

Common security mistakes

• Overly broad security group rules (e.g., allowing mount ports from 0.0.0.0/0)
• Using buckets without least-privilege access for DRAs
• Treating cache as the only copy of sensitive data without governance
• Not restricting who can create or modify repository associations

Secure deployment recommendations

• Use private-only networking and restrictive SGs.
• Enforce least privilege with IAM and KMS key policies.
• Use AWS Config (where applicable) to detect noncompliant configurations (resource support varies—verify).

13. Limitations and Gotchas

Because Amazon File Cache capabilities differ by cache type and evolve, treat the following as common areas to verify:

• Regional availability: not all regions support the service or all cache types.
• Client OS compatibility: some cache types require specific Linux kernels/modules or Windows SMB support.
• Protocol-specific behavior: NFS vs SMB vs Lustre semantics differ.
• Consistency expectations: understand how the cache reflects origin updates and how write-back/export behaves.
• Warm-up time: first access may be slow; plan for prefetch/import if supported.
• Cache thrashing: a working set larger than cache capacity will reduce effectiveness.
• S3 request costs: high miss rates and directory listings can drive request charges.
• Service quotas: limits on number of caches, throughput, storage, or associations per account/region.
• Networking pitfalls: SG/NACL/DNS issues are common.
• Migration complexity: moving workloads from EFS/FSx to cache-backed workflows may require path/protocol changes.

Always confirm: – Supported cache types – Supported repositories – Required ports – Supported OS and client instructions
in the official docs: https://docs.aws.amazon.com/filecache/

14. Comparison with Alternatives

Amazon File Cache is a cache, not a universal replacement for file systems. Here’s how it compares to common alternatives.

Option	Best For	Strengths	Weaknesses	When to Choose
Amazon File Cache	Accelerating repeated file access to data in S3 or supported repositories	High performance for hot data; managed; VPC-scoped; reduces repeated origin reads	Requires client compatibility; cache sizing/tuning; not the authoritative store	You have large origin data and repeated reads; need fast file access near compute
Amazon S3 (direct)	Object-native apps, analytics engines built for S3	Cheapest durable storage; massive scale; broad ecosystem	Not a POSIX file system; per-request overhead; latency for small reads	Apps can use S3 APIs and don’t need file semantics
Amazon EFS	Shared Linux file system for general purpose workloads	Fully managed; NFS; elastic; multi-AZ (EFS is regional)	Not a cache; can be costly at scale for high throughput; different perf characteristics	You need a shared file system as the system of record
Amazon FSx (family)	Managed high-performance file systems (Lustre/ONTAP/Windows/OpenZFS)	Purpose-built file systems; feature-rich; can integrate with S3 (for some types)	Typically system-of-record file systems; may cost more than caching-only approach	You need a full managed file system with features/semantics beyond caching
AWS Storage Gateway (File Gateway)	Hybrid: on-prem apps need file access backed by S3	Familiar on-prem deployment; S3-backed; caching	Runs as a gateway VM/appliance; different performance envelope	You need on-prem file shares backed by S3
Self-managed cache on EC2 (e.g., NVMe + software)	Highly custom caching needs	Full control	High ops burden; failure handling; scaling complexity	You have specialized requirements not met by managed services
Azure HPC Cache	Azure-native HPC caching	Managed cache in Azure	Different cloud	You’re on Azure and need HPC-style caching
Google Cloud Filestore + caching patterns	GCP file workloads	Managed file service	Not a direct managed cache equivalent in all cases	You’re on GCP and want managed file workloads

15. Real-World Example

Enterprise example: Media rendering on a shared asset library in S3

• Problem: A studio keeps a multi-terabyte asset library in S3. Rendering jobs on EC2 repeatedly read textures and scene assets. Repeated S3 reads add latency, and copying the entire library to high-performance storage is expensive and slow.
• Proposed architecture:
• S3 bucket/prefix holds authoritative assets
• Amazon File Cache deployed in the same VPC as the render farm
• Render nodes mount the cache and read assets via file paths
• Warm-up job preloads the top N assets before the main render window (if supported)
• CloudWatch monitors cache utilization and throughput
• Why Amazon File Cache was chosen:
• Provides fast file-style access with a smaller “hot set” footprint
• Keeps S3 as the authoritative store
• Simplifies operations vs. self-managed caching cluster
• Expected outcomes:
• Reduced render time per frame due to faster repeated reads
• Lower S3 request volume after warm-up
• Better compute utilization and predictable job runtimes

Startup/small-team example: ML training acceleration for repeated epoch reads

• Problem: A small ML team trains models nightly on EC2 using image datasets stored in S3. Each training run reads the dataset for many epochs; the first epoch is slow, and the job cost is dominated by read time.
• Proposed architecture:
• S3 stores training data and labels
• Amazon File Cache associated with S3 dataset prefix
• Training instances mount the cache and read data like a file tree
• Simple warm-up step reads a manifest list to populate cache
• Why Amazon File Cache was chosen:
• Minimal operational overhead
• Works well when datasets are repeatedly read
• Lets the team avoid maintaining a full managed file system for all data
• Expected outcomes:
• Faster subsequent epochs after warm-up
• Less engineering effort than bespoke caching
• Ability to right-size cache capacity as datasets evolve

16. FAQ

1) Is Amazon File Cache a file system or a cache?
It is primarily a cache that presents file access to clients, backed by a data repository (often S3). Treat the repository as the system of record unless your configuration explicitly supports safe write-back and you have validated semantics.

2) What repositories can Amazon File Cache use?
Commonly Amazon S3; some cache types may support other repositories (e.g., NFS/SMB origins). Verify supported repositories for your cache type in the docs: https://docs.aws.amazon.com/filecache/

3) Which protocol does Amazon File Cache use?
It depends on the cache type. Some configurations use Lustre clients; others may support NFS/SMB (ONTAP-based). Always confirm before designing clients.

4) Does it work with Kubernetes (EKS)?
Yes, if your worker nodes can mount the cache and you model it appropriately (DaemonSets/privileged mounts/CSI patterns). Implementation details depend on protocol and client requirements.

5) Is Amazon File Cache multi-AZ?
Cache deployment characteristics depend on cache type and configuration. Verify availability and failure behavior in official docs for the cache type you select.

6) How do I measure whether the cache is helping?
Use CloudWatch metrics (hit/miss, throughput, utilization—if available) plus application timings. Also monitor S3 request rates and job duration before/after.

7) Can I pre-warm the cache?
Many caching systems support some form of import/prefetch. Whether and how depends on your DRA settings and cache type—verify in docs.

8) What happens when the cache fills up?
Caches evict cold data to make room for hot data. Eviction policy details depend on cache type/configuration.

9) Do I still pay for S3 requests?
Yes. Cache misses and metadata operations may generate S3 requests (GET/LIST). Repeated reads of cached content can reduce requests over time.

10) Can I write through the cache back to S3?
Some configurations support exporting writes. Semantics differ by cache type; confirm what is supported and how consistency is handled.

11) Is data encrypted?
Encryption at rest is typically supported via KMS. In-transit encryption depends on the protocol and configuration—verify.

12) How is access controlled?
Provisioning is controlled via IAM. Client access is controlled via VPC networking and file protocol permissions/authentication.

13) Can I use it from on-premises clients?
Potentially, if you have private connectivity (VPN/Direct Connect), routing, and the cache type supports your client protocol and latency constraints. Verify supported hybrid patterns.

14) How does Amazon File Cache differ from Amazon FSx for Lustre linked to S3?
Both can be used in S3-adjacent high-performance patterns. Amazon File Cache is positioned as a caching layer. FSx for Lustre is a managed file system service with its own features and lifecycle. Choose based on whether you need a cache vs. a file system and on required features.

15) What are the most common setup problems?
Security group ports, missing client packages (especially for Lustre), DNS/routing issues, and misunderstandings about how S3 prefixes map into the mounted namespace.

16) Can I use IAM to control file-level access?
Typically no; file-level access is governed by the file protocol permissions and network access. IAM governs the AWS API control plane and repository access.

17) Is Amazon File Cache suitable for latency-sensitive transactional workloads?
Usually it’s aimed at throughput-oriented file workloads with repeated reads (HPC/ML/media). For transactional workloads, evaluate carefully and benchmark; also consider database-appropriate storage solutions.

17. Top Online Resources to Learn Amazon File Cache

Resource Type	Name	Why It Is Useful
Official Documentation	Amazon File Cache Docs — https://docs.aws.amazon.com/filecache/	Canonical reference for cache types, setup, mounting, quotas, and APIs
Official Pricing	Amazon File Cache Pricing — https://aws.amazon.com/filecache/pricing/	Explains pricing dimensions by cache type and region
Pricing Tool	AWS Pricing Calculator — https://calculator.aws/#/	Build scenario-based estimates without guessing
AWS Storage Overview	AWS Storage — https://aws.amazon.com/products/storage/	Helps position File Cache among AWS Storage services
Monitoring	Amazon CloudWatch — https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html	How to set up metrics, dashboards, and alarms
Auditing	AWS CloudTrail — https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html	Audit provisioning and configuration changes
Security Keys	AWS KMS — https://docs.aws.amazon.com/kms/latest/developerguide/overview.html	Understand KMS keys, policies, and encryption controls
Networking	Amazon VPC — https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html	Essential for correct subnet/SG/routing design
Community (Careful)	AWS re:Post — https://repost.aws/	Practical troubleshooting from AWS community and AWS engineers (validate against docs)
Videos	AWS YouTube Channel — https://www.youtube.com/@AmazonWebServices	Search for “Amazon File Cache” sessions, demos, and deep dives (availability varies)

18. Training and Certification Providers

Institute	Suitable Audience	Likely Learning Focus	Mode	Website URL
DevOpsSchool.com	DevOps engineers, SREs, platform teams	AWS fundamentals, DevOps tooling, cloud operations	Check website	https://www.devopsschool.com/
ScmGalaxy.com	Developers, DevOps beginners	SCM/DevOps practices, CI/CD foundations	Check website	https://www.scmgalaxy.com/
CLoudOpsNow.in	Cloud operations teams	Cloud operations, monitoring, reliability practices	Check website	https://www.cloudopsnow.in/
SreSchool.com	SREs, platform engineers	SRE principles, observability, reliability	Check website	https://www.sreschool.com/
AiOpsSchool.com	Ops, SRE, IT analysts	AIOps concepts, monitoring automation	Check website	https://www.aiopsschool.com/

19. Top Trainers

Platform/Site	Likely Specialization	Suitable Audience	Website URL
RajeshKumar.xyz	DevOps/cloud training content (verify offerings)	Beginners to intermediate engineers	https://rajeshkumar.xyz/
devopstrainer.in	DevOps and CI/CD training (verify offerings)	DevOps engineers and teams	https://www.devopstrainer.in/
devopsfreelancer.com	Freelance DevOps guidance/services (verify offerings)	Small teams needing practical help	https://www.devopsfreelancer.com/
devopssupport.in	DevOps support and training resources (verify offerings)	Ops/DevOps teams	https://www.devopssupport.in/

20. Top Consulting Companies

Company Name	Likely Service Area	Where They May Help	Consulting Use Case Examples	Website URL
cotocus.com	Cloud/DevOps consulting (verify exact scope)	Architecture, implementations, migrations	Designing storage + caching architectures; setting up IaC and monitoring	https://cotocus.com/
DevOpsSchool.com	DevOps consulting/training (verify exact scope)	DevOps transformations, platform engineering	Building standardized AWS environments; operational readiness for storage services	https://www.devopsschool.com/
DEVOPSCONSULTING.IN	DevOps consulting (verify exact scope)	CI/CD, automation, cloud operations	Automating provisioning; cost governance; observability setup	https://www.devopsconsulting.in/

21. Career and Learning Roadmap

What to learn before Amazon File Cache

• AWS core fundamentals: IAM, VPC, EC2, S3
• Linux basics: mounting file systems, permissions, networking troubleshooting
• Storage fundamentals: throughput vs IOPS vs latency, caching concepts, working set sizing
• Security basics: security groups, KMS concepts, CloudTrail

What to learn after Amazon File Cache

• Advanced storage services:
• Amazon EFS (general shared file storage)
• Amazon FSx offerings for specific file system needs
• Observability:
• CloudWatch dashboards/alarms, log strategy
• Infrastructure as Code:
• AWS CloudFormation or Terraform (verify resource coverage for File Cache)
• Performance engineering:
• Benchmarking and tuning for HPC/ML pipelines

Job roles that use it

• Cloud Solutions Architect
• Storage/Platform Engineer
• HPC Engineer
• DevOps Engineer / SRE
• ML Platform Engineer
• Data Engineer (file-centric pipelines)

Certification path (AWS)

Amazon File Cache is typically covered as part of broader AWS architecture and storage knowledge rather than a dedicated certification topic. Relevant AWS certifications: – AWS Certified Solutions Architect – Associate/Professional – AWS Certified SysOps Administrator – Associate – AWS Certified DevOps Engineer – Professional – Specialty certifications depending on your domain (e.g., Security)

Project ideas for practice

• Build a reproducible “S3 dataset + File Cache + EC2 benchmark” lab with IaC.
• Implement cache warming for a known dataset and compare job runtimes.
• Create CloudWatch alarms for utilization and throughput saturation and document operational runbooks.
• Design a hybrid burst architecture with VPN/Direct Connect (paper design if you can’t deploy).

22. Glossary

• Cache: A fast storage layer that keeps copies of frequently accessed data to reduce latency and origin load.
• Working set: The subset of data accessed frequently enough to benefit from caching.
• Data repository association (DRA): A configuration linking Amazon File Cache to an origin repository (e.g., S3 bucket/prefix).
• Origin / System of record: The authoritative data source (commonly S3) that remains durable and complete.
• Cache hit / miss: A hit means data is served from cache; a miss means it must be fetched from the origin.
• Eviction: The process of removing cold data from cache to make room for new data.
• Throughput: Amount of data transferred per second (e.g., MB/s, GB/s).
• IOPS: Input/output operations per second; often matters for small random reads/writes.
• POSIX: A set of operating system interface standards often associated with Unix-like file semantics.
• NFS: Network File System protocol commonly used in Linux/Unix.
• SMB: Server Message Block protocol commonly used for Windows file sharing.
• Lustre: A high-performance parallel file system often used in HPC environments.
• VPC: Virtual Private Cloud, the networking boundary for AWS resources.
• Security Group (SG): Stateful virtual firewall controlling inbound/outbound traffic for AWS resources.
• AWS KMS: Key Management Service for creating and controlling encryption keys.
• CloudTrail: AWS service that logs API actions for audit and security investigations.
• CloudWatch: AWS monitoring service for metrics, logs, and alarms.

23. Summary

Amazon File Cache is an AWS Storage service that provides a managed, high-performance file cache in your VPC to speed up access to data stored in Amazon S3 (and other supported repositories, depending on cache type). It matters because many compute-heavy workloads repeatedly read the same datasets, and caching hot data close to compute can significantly reduce latency and improve throughput without migrating the system of record.

Architecturally, it fits between your compute fleet (EC2/EKS/Batch) and your durable storage (often S3). Cost is driven mainly by provisioned cache capacity and throughput, plus indirect costs like S3 requests on cache misses and data transfer. Security hinges on least-privilege IAM for provisioning, strong VPC isolation, encryption with KMS, and correct protocol-level permissions.

Use Amazon File Cache when you have repeated file-based access patterns and want a managed acceleration layer. Skip it when object-native access is sufficient or when you need a full-featured file system as the primary store. Next step: build a small benchmark lab in your target region, measure hit ratio and job runtime improvements, then right-size cache capacity and throughput using the AWS Pricing Calculator and CloudWatch metrics.