A few months ago, on the 8th of March I decided to sit the new AWS Solutions Architect - Associate exam (SAA-C01). I didn’t need to take it, I have both of the professional exams and when I pass or re-certify in those the associates are automatically renewed too. I did it because I make courses in this space and because I wanted to give something back to the community and provide data that others could use to help prepare for their exam, either for the first time, or as a recertification.

Share this post!

I wanted to help the AWS community with this post - I paid for the exam, travel and a little time before and afterwards prepping for the information dump that allowed this article to exist.

You can help the community by:

  • Sharing the URL to the post on social media such as Twitter or LinkedIn. You can post the URL yourself, or retweet or share the post where you saw this article. If I’m not tagged, then please add me :)
  • Additionally you can post this article on any online communities you use such as reddit or internet forums such as hackernews, Quora, experts-exchange or medium.

But thats enough of that, lets dive into it!.

High Level Thoughts - What’s changed

AWS have done a great job on this exam. I remember taking my original SA Associate exam back in June of 2014 and that exam was a very different experience. It always felt like AWS wasn’t sure what the Solutions Architect exam was supposed to be. It had architecture components, but it also felt like there were development and implementation questions which were out of place for an exam which claims to focus on architecture.

That’s been fixed in the recent exam update (SAA-C01), you won’t be expected to know the details of implementing anything, nor will there be any creep of development concepts into the exam. It’s purely focussed on architecture.

Another area that AWS has been critiqued for, is the rate of change within their exams. Historically the time taken for new technologies to hit the exams has been pretty lengthy. This in my opinion, is a combination of a rapid pace of change in their products and a slower-than-ideal update rate of the exams.

The new exam has been extensively re-worked. You can expect to see new products and architectures feature heavily. If you aren’t comfortable with Managed API’s (API Gateway), Containers or Serverless architecture (Lambda & associated services) you may struggle.

Don’t be scared !

Don’t let the above frighten you, The new exam is much better than the old. If you are actually studying cloud and AWS architecture and/or have been working in that space, you will find this exam MUCH easier than the old one. The old associate exams had much fuzzier lines between them, it means studying for this exam is a much more focussed process–a change for the better.

Exam Content

I won’t be giving away actual exam questions, it’s not fair to AWS and students who’ve already taken the exam and not good for your long term development. I do have an ‘almost’ eidetic memory so I can provide some good hints and tips on the areas to focus on based on the questions, but i’m stopping short of revealing the actual wording :)

I’m going to split it up by major infrastructure area; apologies in advance for the wall-of-text.

Storage

  • Focus on understanding the different characteristics of the various storage products available within AWS - So EBS, Instance Store, EFS, S3. Concentrate on their capabilities and limitations. Understand when to use product X and when not to use it.
  • Understand latency, IOPS, Throughput and how they are all related.
  • Whats steady-state v’s burst performance.
  • How does EBS handle burst v’s steady-state?
  • Study the architectural concepts of using S3 as a static hosting platform. You might want to practice using it to host a static blog using Jekyll
  • Architecturally speaking, understand the features provided by Presigned URL’s - what are they used for? what limitations do they have?
  • For each type of storage product, know how they are used with other products. So which can be mounted to an EC2 instance as a file system. Which can be accessed via a web browser. What is the latency and limitations of each….
  • S3 and Glacier - learn their features. Cost, performance, storage classes. Know when to use S3 and its storage classes, v’s Glacier. What are storage lifecycle policies ?
  • S3 policies - IAM, Bucket Policies, what is CORS? Why is it important for S3?
  • Research Storage gateway … how does it work (iSCSI), what is iSCSI? Study the different types of Storage Gateway, and when you would use each.

Compute

  • As a baseline know EC2 inside and out. Size, Family, networking, Bootstrapping. Instance states, Security (restricting access, SSH).
  • Instance Reservations - learn how they work. Know the different types. Know their impacts, both on COSTS and on CAPACITY. Understand when and how you can convert between the reservation types.
  • Do you understand serverless architectures, and it’s benefits? If not, you should.
  • How does Lambda work, architecturally? Time limit, billing, runtimes available.
  • When would you select Lambda to use? short runtime? scaleable? low memory usage?
  • Traditional compute, v’s containers, v’s serverlesss - when to use each, when NOT too, know the benefits and restrictions of each of them.
  • Study event-driven architecture - as above, the benefits, the situations you WOULD use it, and when NOT too.
  • What is a microservice? are there any AWS Products which allow you to create micro services?
  • Learn the differences between EC2, OPSWorks, Elastic beanstalk. When would you use each & v’s each-other.
  • What about cloud formation? Whats a template? How is a template structured? Whats a stack? whats a changeset?

Networking

  • Create and delete 10 or 20 VPC’s from scratch. Don’t use the wizards. Understand the components of a VPC (VPC, CIDR, Subnets, Routes, Route Tables, Gateway, Endpoints & peering)
  • Understand there are different types of load balancers available within AWS Application load balancers, network load balancers and classic load balancers. Study the differences, know when and where to use each. What advantages are offered by ALB? what about using SSL certs?
  • Load balancer architecture - how do they work, where do you place when in a VPC, what are the minimum requirements. What about health checks?
  • You should understand NAT instances and NAT Gateways. Know how to implement them architecturally. You will be tested on your understand of how to use them, and what benefits they provide. Study how NAT works, both 1:1 (Internet Gateway) and M:1 (NAT).
  • Study how to implement high-availability for NAT Gateways, and how this compares to legacy NAT Instances.
  • Be comfortable with the different situations where Internet Gateways are used or are needed, v’s NAT Gateways - they are NOT the same thing.
  • IP Subnetting & Supernetting as it relates to VPC IP Design.
  • Study VPC endpoints - what endpoints are available. Why would you use them? As a bonus activity, learn how they REALLY work (hint DNS? Routing?)
  • VPC DNS.. can you use it from outside the VPC? if you needed to, how would you?
  • What is a bastion host? How could you utilise one? When would you?
  • What is a NACL? can a NACL restrict? Can a NACL Allow? What are NACL Defaults
  • What is a SG, Can a SG Restrict? Can a SG Allow? What are SG Defaults?
  • What is stateful? What is stateless? How does these relate to security and filtering?

Databases

  • Study the full suite of AWS DB Products - DynamoDB, RDS, Aurora, Redshift
  • Understand the different situations where each is used.
  • SQL v’s NOSQL - when and where, pros and cons.
  • How does each product implement high-availability? Active/Active replication.
  • How do read replicas work… when are they used, can they add performance? what are their limitations. What about global replicas? Whats the proceed architecturally for failover.
  • if applicable - how does CPU and Memory allocation impact DB performance ..? How would you improve access time/latency/performance. How does memory work for a DB server, caching? What impact does SSD disks have?
  • DB High Availability - how does that work for DynamoDB, Normal RDS, Aurora? Are all AZs used or only a limited set? Can this be adjusted?
  • Understand IOPS as a concept - how are IOPS impacted at a DB level based on Disks, CPU memory.
  • Study the different RDS DB Engines - MySQL, PostgreSQL, MSSQL - know the differences when would you pick one over the other. Know their high level features and limitations.
  • What is session state in terms of an App? How can sessions be stored using AWS products? Would you use DynamoDB, RDS or Elasticache? Why is separating session from application servers a good thing?
  • DB Architecture - controlling if a DB is public or private, which DB’s are public by design. How can access to all of the DB products be controlled.
  • Can S3 be used as a database? Can it be queried? if so, how. What AWS Product can do this? (if there is one)
  • Understand global replication of tables in DynamoDB - how it works, limitations.
  • Whats a DynamoDB partition? What is a WCU and a RCU?
  • Study how DynamoDB DAX works … what it’s function is, how it improves DynamoDB’s ability to handle load.

Encryption

  • Learn about Symmetric and Asymmetric Encryption. Are you comfortable with how PKI works? public/private keys? Pros and Cons (speed/flexibility) of symmetric v’s asymmetric
  • Learn all the different methods of encryption available in S3 such as SSE-C, SSE-S3, SSE-KMS - when would you each? why? What features does KMS add?
  • Whats envelope encryption? is it used for any WAWS products? RDS? S3? EBS?
  • Whats a CMK
  • What is key rotation?

Security

  • Review IAM users, Groups - know their place.
  • Understand IAM roles - what they are? where they are used. What is a TRUST policy?
  • Using MFA for IAM users.
  • Know the limits of IAM … mac users, max groups, number of KEYS for users
  • IAM policies - learn their architecture. Implicit v’s Explicit DENY, ALLOWS and which takes priority.

Content Delivery

  • What is a CDN? How does it work? Whats an edge-location?
  • Specifically, what is cloudfront?
  • Can cloudfront be used to cache static content? What about Dynamic Content?
  • What is an Origin? Whats an Origin-fetch? Can S3 be restricted so ONLY cloudfront can access it? if so how? why would you want this? would you?
  • What is a cache invalidation?
  • Can cloudfront be used to cache AWS services? which ones?
  • Can cloudfront be used to cache on-premises systems? if so, are there cost implications?
  • Whats a Query String? how does this relate to dynamic content, can CloudFront handle this?

Monitoring

  • Study cloud watch, really understand how it can be used. Specifically look at what can be monitored with it, EC2? What stats? Can cloud-watch be extended to monitor other things EC2 memory?
  • Cloudtrail - what it does and how it’s different from Cloudwatch. Global v’s regional.

Architecture

  • Understand how SQS can be used to mitigate spiky writes to AWS products.
  • Understand how S3 Offloading can be used to move load away from expensive AWS Products.
  • Offloading reads to S3. What about Writes?
  • Which AWS products fail if an AZ fails, which products live in ONE AZ, which are region resilient, meaning they have multiple entities in a region, and continue running if one AZ dies in a region.
  • How can ELB/ALB’s be used to achieve regional high-availability and self-healing.
  • How can Route 53 be used to achieve global high-availability?
  • Learn the features of Route53 - health checks, routing/resolution methods.
  • Do you REALLY understand DNS? how it really works? whats a TTL? a SOA?
  • Whats an N-Tier architecture?
  • Could you design a 3-Tier, 3-AZ VPC without using Wizards?
  • Using AWS for Disaster Recovery. Whats a pilot light in DR terms? Whats cold standby? whats warm standby? whats hot standby? Active/Passive, Active/Active? How can CloudFormation improve DR recovery? Re-hydration.

Integration Tools

  • Learn all about SQS an Message Queueing from an architectural level.
  • Know why de-coupling is a amazing thing, how it allows performance to scale.
  • SQS FIFO vs NON FIFO. Cost, Performance, Scalability.
  • Visibility … long poll & short poll - differences and suitability.
  • What function do DynamoDB streams serve ?
  • What function does Kinesis provide? what other AWS products does Kinesis integrate with ?
  • When is SQS appropriate, v’s Kinesis?

Parting Thoughts

Overall, I’m a super-fan of the new exam structure. It’s a massive improvement across the board. I’ll be doing a series of articles on how to effectively study for, and pass the exams - but equally I’m a strong advocate for formal training.

If you want any more exam related information, then keep an eye on my blog, better-still subscribe to the RSS feed or follow @adriancantrill on twitter for new article announcements.

/Adrian