Writing about my experience especially when it has to do with exams is not what I’d normally do. However, following the various feedback I got following my success at the ‘AWS Solutions Architect – Associate’ exam (“SAA-C02”, “CSAA”, or “the Exam”), I am, therefore, compelled to share this article to assist future test-takers in preparation for the Exam.
The AWS Solutions Architect – Associate exam, is one of the most popular certification exams in the suite of proficiency tests offered by AWS - the biggest public cloud service provider in the world. The exam tests for proficiency in and understanding of how the different services of AWS can be architected to build scalable and resilient infrastructure.
Of the associate level Cloud architecture exams I have taken, (Azure, Google Cloud & Alibaba), I found AWS’s – at the time of writing the exam, the most difficult of the four. With better preparation than I did, - 30 days of study in total, I reckon my judgment of the AWS-SAA-C02 would be better.
Why 30 days? Well, I had less time due to work and other life events. Therefore, I had to leverage my wealth of knowledge and experience of the other Cloud computing services to run through my study within the short period.
It is highly recommended that test-takers have at least one year of working or designing applications within the Public Cloud services – most preferably, AWS, prior to sitting for the AWS-CSAA exam. For noobs who are just making their foray into the AWS and Cloud Computing space in general, I’d recommend at least 6 months of study, or taking the AWS Cloud Practitioner exam first, as it is better suited as an introductory exam. It is the perfect foundational exam to test for knowledge of key AWS services before dipping two feet in service architecture.
The AWS-CSAA tests for knowledge across (4) major domains namely;
- Designing Resilient Architecture
- Designing High Performing Architectures
- Designing Secure Applications & Architectures
- Designing Cost Optimized Architectures
These pillars sum the core of what the AWS- SAA-C02 exam is built on.
For study purposes, however, I shall not bore you with the standardized nomenclatures, and would rather reclassify these domains into core reading areas – made up of services the test is built on.
A popular reference in the Developer (Technology) community is how professionals rely less on official documentation (maybe because they are considered too abstract), but more on shared practical knowledge from seniors and colleagues in the industry. This is what has necessitated the popularity of developer blogs and the greatest of all, Stackoverflow.
My reclassification of the four domains, and concepts to masters are into these 10 areas respectively;
- IAM Users, Roles, Group & Policy, Securing Root User Account, Role Assignment - STS & metadata, Certificate Manager, Parameter store, Secrets Manager, KMS and encryption, CloudHSM, Macie for PII, Presigned S3 URLs, AWS WAF, GuardDuty & Shield for DDOS. The network layers at which these services operate.
- VPC provisioning – how subnets come to play, differences between Security Group & NACL, NAT Gateway and how private subnets connect to it, PrivateLink, Peering, DirectConnect, CloudHub and TransitGateway Connection options for connections between AWS Services and how to connect Onprem resources.
- Routing with Route53 – the different routing policies and when to use them.
- Load Balancers – how they work in sync with other AWS services, and external traffic routing.
- Launching EC2, AMI– types and selection, how to save cost with Reserved instances and differentiate from Spot instances. Leveraging Spot Fleets, EC2 Roles, and Placement Groups. Difference between Metadata and UserData.
- What Lambda functions are and how to trigger it, differentiating between what EKS and ECS are, and what Fargate does.
- The storage types and lifecycle method – one-way traffic to Glacier Storage. Object versioning, backup and its rules. How to host static websites with S3 and integrate Cloudfront. Object lock and different modes to meet regulations.
- Volume Storage: Differences between Block Storage and File System. The different types of the Elastic File System. How to encrypt and unencrypt attached volumes.
- Categorize DB’s between OLTP and OLAP; SQLs and NoSQLs. Understand the various DB engines available, and Amazon’s proprietary DB, Aurora and the edge it has over other DBs, DB Caching, Difference between Read-Replicas and Secondary Tables, Failover in a Multi-regional setup. How to build highly-available and highly-performant DB that can either scale vertically or horizontally.
- How to setup Elastic Cache, the role of DAX on DynamoDBs and the advantage Global Accelerator affords service architecture.
- The roles of Redshift, Athena, ElasticSearch, and Kinesis in Data processing and streaming. Be able to differentiate between the streaming options in Kinesis – near real-time, and real-time, and the list of AWS services Firehouse streams to.
- SNS, SQS. How DLQ is setup and its purpose to message processing.
- Identify the various types of Message ordering, its size, limits per second per category, and the role of SNS in the Pub-Sub message delivery model.
- What is CloudFormation, Stacks and its lifecycle. Knowledge of Elastic Beanstalk will come in handy as well.
- How to migrate data with the SNOW options – size, and realistic migration timelines. Storage Gateway & DataSync.
- Understand how to optimize data transfers from on-prem to the Cloud.
- Cloud watch events, Cloud Watch Logs and storage options. Differentiation between default, and custom metrics.
- What AWS Organizations is, and the role is managing sub-accounts, AWS Tags and Resource Groups.
- Auditing with Trusted Advisor, Budget Management with Budgets & Costs explorer, AWS Config and AWS Systems Manager in managing compliance across instances,
While the above isn’t exhaustive, the questions I encountered during the exam required a clear understanding of the aforementioned services.
In addition, note that AWS is heavy on 3 core components that serves as the base for most of the questions, and without which, your journey towards being a Cloud Solutions architect is considered half-baked.
i. High Availability: The system lifecycle must not have a single point of failure, and should continue to function, even in a degraded state.
ii. Fault Tolerance: The system must operationally function, despite some or complete component failure, that may include a zone/regional blackout.
iii. Cost Optimization: AWS is highly keen on cost-efficient service architectures. Thus, as you architect solutions that are considered highly available and performant, they must be at the lowest price point possible.
I primarily used 3 resources for the exam. Kindly note that this isn’t an exhaustive list, as I flickered through many resources randomly to find the best fit for my study style.
Acloud Guru – Kudos to the ACG team for the course compilation. Both the content, exam tips, and practice tests were helpful to grasping the needed knowledge for the exam.
AWS re:Invent Sessions on YouTube – This was my audio through my daily commute. So I simply made a playlist of re:invent sessions and listened while in transit.
AWS Certified Solutions Architect Study Guide – this book was written by Ben Piper, David Clinton, and was a game-changer for me in understanding some concepts beyond the surface level. One out of many concepts was understanding the Read and Write throughput capacity for DynamoDB. Also noteworthy are the tests at the end of each chapter to check the understanding of each concept.
Last but not least is hands-on experience in the AWS Management console – I urge all test takers to take advantage of the 12 months (1 Year) free tier offering from AWS. With this personal free tier account, you can access most AWS services at no cost, if you stay within the limits of the offering. AWS offers as much as 750 FREE monthly hours for EC2.
You can see the full details of the services covered here
Never discount Practice tests – take them as though it was the real exam to see what area you need to brush up knowledge on.
Finally, finishing the certification is just the beginning of the AWS journey for me. AWS services are intriguing, and I’m studying further to deepen my knowledge for DevOps and shortly, the Solutions Architect Professional exam. Therefore, the journey to Cloud Infrastructure mastery, particularly, how to help businesses leverage cloud service offerings to improve agility and ultimately gain a business advantage is a life-long learning journey for me.
In a future blog post, I shall write in more detail on the key knowledge to acquire on each of the pillars that make up the exam. In the interim, I am happy to connect and answer any additional questions you may have about the SAA-C02 exam and/or speak at community sessions - sharing knowledge about Public Cloud Infrastructure. You may also leave your questions and comments below, and I’ll get back to answering them as soon as possible.
Best of luck, and keep building!