I recently achieved my AWS Certified Solution Architect Associate certification and wanted to share my approach with those who might be interested. Though, I failed the exam in first attempt by only 10 marks and had to clear in second attempt with good grades.
- If you are new to AWS cloud then go through the AWS Essentials and Overview of AWS Services which will help you pass the foundational level i.e AWS Certified Cloud Practitioner.
- Start with the AWS Certified Solutions Architect Exam course via A Cloud Guru but you should go through the new 2019 course that is recently launched or you can also go through the trending course in Linux Academy.
- Go through the services one by one, do hands on lab, also read FAQ’s and documentation after you attend the lecture. e.g Go through EC2 lecture, do good hands on and then read its FAQ’s and documentation. This will help you perfectly understand each service deep dive.
- After you are done with the course go through the updated practice papers via whiz labs which will help you in gaining confidence to score good before exam.
- Key points to remember here is that you need to go through the blogs and feedbacks in the last few days of the exam to read about the latest questions and to access whether you are ready.
KEY TIPS FOR EXAM :
- I was able to go through all the questions in 80 minutes but had marked 30 off them for review. So I used the remaining minutes to read through them.
- Use the strategy of eliminating wrong answers as there are so many questions where 2 answers will be correct.
- HTTPS requests to go to correct instances ALB Host/Path based routing.
- SQS installed on EC2 fails standalone, how to make it fault tolerant with less code changes and cost effectively.
- API gateway and Lambda integrations.
- Remember Redis Auth for security questions ( This questions is for sure in exam)
- There are questions on EC2, ELB and autoscaling (Scheduled, Dynamic). Make sure you go through FAQs
- Understand the default termination policy used in AutoScaling Groups.link
- Remember that in Security Group you can choose source as a specific ip (/32) or CIDR or another Security group. How to secure HTTP access to EC2 instances – allow access based on security group of ELB
- Understand that Network Loadbalancer is the only type of load balancer which provides you a static IP. Check the differences between ALB and NLB Link
- Elasticbeanstalk instances access ( What all you can do with EB instances)
- Cloud front S3 Integration – Understand the key concepts related to Origin Access Identity (OAI), S3 presigned url & Cloud front Signed url. ( Majorly focused in this exam)
- Understand use cases for S3 Cross region replication ( Remember cloudfront caching is not the best option where data changes frequently
- RDS Multi AZ and Read Replicas..link
- Aurora replica and Aurora Global Database – read FAQ’s.
- Kinesis data stream and Firehose difference. ( Cloud Guru lectures are enough)
- SQS visibility timeouts and different types of queues ( Standard & FIFO). ( Cloud Guru lectures are enough)
- High level understanding of Code commit and Code deploy.
- Kinesis questions revolving around shards and Lambda integrations.
- AWS Cognito service conceptual understanding and authentication mechanism.
- AWS EFS and EBS basic questions ( EFS is file system based storage and EBS is block level storage)
- AWS Redshift questions related to cost and snapshots.
- Have understanding of Cloudfront OAI, EBS storage classes, EFS, Glacier , Encryption ( Simple questions)
- Deep understanding of Pilot Light, RTO, RPO – link
- Understand differences between Encryption at rest and SSL (for transit). Your application connect to RDS instance using its SSL endpoint and NOT using its encryption keys KMS/RDS
- Understand how other AWS interact with DynamoDB as this can be helpful in eliminating wrong answers.
- S3 storage classes and lifecycle management. Remember that you can move data from S3 standard to Glacier within 1 day itself but moving to S3 Standard1A and Onezone1A requires 30days . All these combinations are to be understood well as there were many questions on them to determine most cost effective solutions.
- EBS volume vs snapshot vs encryption options. Also understand AMIs are by default within the same region and can be COPIED to another region but this doesn’t copy permissions automatically.
- Understand Athena at high level. Read S3 FAQ of this section.
- S3 encryption. Remember that if you want full control of your keys and data should be encrypted before reaching AWS then choose client side encryption with your own master key. link
- Enable cross-region snapshot copy for an AWS KMS-encrypted cluster.
- IAM DB Authentication.
- ELB SSL certificates for multiple domains: create a wildcard cert vs SNI cert vs using third-party Certificate Manager.
SNS with HTTP(s), Email, Email Json, SMS, Lambda, MobilePush, SQS
S3 with SQS, SNS , Lambda
Cloudtrail with S3 bucket, Cloudwatch log groups, SNS
Cloudwatch Alarms with SNS, Auto Scaling policies, EC2 action , Lambda
CloudFront Origin = S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53 or on premise server
Kinesis Stream with EC2, S3, Redshift, EMR, DynamoDB, Elastic Search
Kinesis Firehose with Lambda, S3, Redshift, Elastic Search & Splunk
Route53 Alias is used with S3 static site, ELB, Cloudfront, ElasticBeanstalk
SQS with EC2, ECS (micro services),Elastic Beanstalk, Lambda, SNS, S3 & Dynamo DB
Please keep a few days for this activity.
Also, as much as possible, try things out on Free AWS Account. All questions now are scenario-based and mostly related to Scaling and Securing Static/Dynamic Web Applications. Specifically focus on Pure-AWS Cloud-based and Hybrid scenarios.
AWS Certified Cloud Practitioner 2018
AWS Certified Solutions Architect – Associate 2019