> Yep... I see. This is a problem. Any better idea?

I think that the production of slightly elaborate quorum rules to handle
specific failure modes isn't a reasonable thing.  What you need to do in
conjunction is to estimate likelihoods of classes of failure modes and
convince yourself that you have decreased the overall failure probability.

> As an alternative option we could probably consider running single ZK node
> on EC2 - only in order to handle this specific case. Does it make sense to
> you? Is it feasible? Would it result in considerable performance impact due
> to network latency? I hope that at least in theory since quorum can be
> reached without ack from EC2 node performance impact might be manageable.

What about just putting a UPS on one machine in each of the two power supply

You are probably correct, though, that this outlier machine would almost
never matter to speed except when half of your machines have failed.

