June 27, 2022

TheCyberThrone

Thinking Security ! Always

AWS Certified Solution Architect Associate Study Guide

Recently, I passed my Amazon Web Services (AWS) Certified Solutions Architect Associate exam. While the information was fresh in my mind, I wanted to put together a post on my experience to help anybody else thinking of going for a similar certification.

Introduction

An AWS Solutions Architect helps an organization deploy complex applications on the AWS platform. Ever since Cloud computing gained popularity, companies worldwide have started to migrate their physical infrastructure onto the Cloud. The global level organizations always work on a budget, and AWS Solutions Architects will help them design a Cloud infrastructure based on the organization’s budget. These professionals are responsible for creating a detailed and intricate design of the Cloud Infrastructure they plan to set up. They are also required to focus on the non-functional needs of an organization like reliability, usability, scalability, and performance of the Cloud Infrastructure. Minimizing the risk an organization can face on the Cloud computing platform, such as security breaches, calculation mistakes, and application downtimes. To become an AWS Solutions Architect, you need to clear the AWS Certified Solutions Architect Associate Exam.

Advertisements

Advantages of  holding an AWS Solution Architect Certificate

  • AWS a dominating certification in the cloud provider market
  • Provides efficient professional expertise in designing a solution in the cloud
  • Attractive towards employer organization
  • Substantial credentials in a growing market
  • Provide attractive salaries

Exam prerequisite

  • Hands-on experience using compute, networking, storage, management, and database AWS services
  • The ability to identify and define technical requirements for a solution that involves AWS technology
  • The ability to identify which AWS services meet a given technical requirement
  • An understanding of best practices for building well-architected solutions on AWS
  • An understanding of the AWS global infrastructure
  • An understanding of AWS security services and features in relation to traditional services
Advertisements

Exam Details

Exam PatternMultiple Choice and Multiple Response
Exam Duration130-140 minutes
No. of Questions65
Current Version ExpiryAugust 29th, 2022
Exam providerPearson Vue & PSI Exams
Certification CostNearly 171 $ including tax
Certification Validity3 Years
Exam TypeOnline Remote Proctoring or Exam Centre

Solution Architect Certification Domains

Sl.NoDomainWeightage
1Design Resilient Architectures30%
2Design High-Performing Architectures28%
3Design Secure Applications and Architectures24%
4Design Cost-Optimized Architectures18%

Course Modules

Domain 1: Design Resilient Architectures

1.1 Design a multi-tier architecture solution

  • Determine a solution design based on access patterns.
  • Determine a scaling strategy for components used in a design.
  • Select an appropriate database based on requirements.
  • Select an appropriate compute and storage service based on requirements.

1.2 Design highly available and/or fault-tolerant architectures

  • Determine the number of resources needed to provide a fault-tolerant architecture across
  • Availability Zones.
  • Select a highly available configuration to mitigate single points of failure.
  • Apply AWS services to improve the reliability of legacy applications when application changes are not possible.
  • Select an appropriate disaster recovery strategy to meet business requirements.
  • Identify key performance indicators to ensure the high availability of the solution.

1.3 Design decoupling mechanisms using AWS services

  • Determine which AWS services can be leveraged to achieve loose coupling of components.
  • Determine when to leverage serverless technologies to enable decoupling.

1.4 Choose appropriate resilient storage

  • Define a strategy to ensure the durability of data.
  • Identify how data service consistency will affect the operation of the application.
  • Select data services that will meet the access requirements of the application.
  • Identify storage services that can be used with hybrid or non-cloud-native applications.
Advertisements

Domain 2: Design High-Performing Architectures

2.1 Identify elastic and scalable compute solutions for a workload

  • Select the appropriate instance(s) based on computing, storage, and networking requirements.
  • Choose the appropriate architecture and services that scale to meet performance requirements.
  • Identify metrics to monitor the performance of the solution.

2.2 Select high-performing and scalable storage solutions for a workload

  • Select a storage service and configuration that meets performance demands.
  • Determine storage services that can scale to accommodate future needs.

2.3 Select high-performing networking solutions for a workload

  • Select appropriate AWS connectivity options to meet performance demands.
  • Select appropriate features to optimize connectivity to AWS public services.
  • Determine an edge caching strategy to provide performance benefits.
  • Select appropriate data transfer service for migration and/or ingestion.

2.4 Choose high-performing database solutions for a workload

  • Select an appropriate database scaling strategy.
  • Determine when database caching is required for performance improvement.
  • Choose a suitable database service to meet performance needs.

Domain 3: Design Secure Applications and Architectures

3.1 Design secure access to AWS resources

  • Determine when to choose between users, groups, and roles.
  • Interpret the net effect of a given access policy.
  • Select appropriate techniques to secure a root account.
  • Determine ways to secure credentials using features of AWS IAM.
  • Determine the secure method for an application to access AWS APIs.
  • Select appropriate services to create traceability for access to AWS resources.

3.2 Design secure application tiers

  • Given traffic control requirements, determine when and how to use security groups and network ACLs.
  • Determine a network segmentation strategy using public and private subnets.
  • Select the appropriate routing mechanism to securely access AWS service endpoints or internet-based resources from Amazon VPC.
  • Select appropriate AWS services to protect applications from external threats.

3.3 Select appropriate data security options

  • Determine the policies that need to be applied to objects based on access patterns.
  • Select appropriate encryption options for data at rest and in transit for AWS services.
  • Select appropriate key management options based on requirements.
Advertisements

Domain 4: Design Cost-Optimized Architectures

4.1 Identify cost-effective storage solutions

  • Determine the most cost-effective data storage options based on requirements.
  • Apply automated processes to ensure that data over time is stored on storage tiers that minimize costs.

4.2 Identify cost-effective compute and database services

  • Determine the most cost-effective Amazon EC2 billing options for each aspect of the workload.
  • Determine the most cost-effective database options based on requirements.
  • Select appropriate scaling strategies from a cost perspective.
  • Select and size compute resources that are optimally suited for the workload.
  • Determine options to minimize the total cost of ownership (TCO) through managed services and serverless architectures.

4.3 Design cost-optimized network architectures

  • Identify when content delivery can be used to reduce costs.
  • Determine strategies to reduce data transfer costs within AWS.
  • Determine the most cost-effective connectivity options between AWS and on-premises environments.

Quick Solution Architecting Scenarios

Use CaseOptimal Solution
Domain 1Design Resilient Architectures
Set up asynchronous data replication to another RDS DB instance hosted in another AWS RegionCreate a Read Replica
A parallel file system for “hot” (frequently accessed) dataAmazon FSx For Lustre
Implement synchronous data replication across Availability Zones with automatic failover in Amazon RDS.Enable Multi-AZ deployment in Amazon RDS.
Needs a storage service to host “cold” (infrequently accessed) dataAmazon S3 Glacier
Set up a relational database and a disaster recovery plan with an RPO of 1 second and RTO of less than 1 minute.Use Amazon Aurora Global Database.
Monitor database metrics and send email notifications if a specific threshold has been breached.Create an SNS topic and add the topic to the CloudWatch alarm.
Set up a DNS failover to a static website.Use Route 53 with the failover option to a static S3 website bucket or CloudFront distribution.
Implement an automated backup for all the EBS Volumes.Use Amazon Data Lifecycle Manager to automate the creation of EBS snapshots.
Monitor the available swap space of your EC2 instancesInstall the CloudWatch agent and monitor the SwapUtilizationmetric.
Implement a 90-day backup retention policy on Amazon Aurora.Use AWS Backup
Domain 2Design High-Performing Architectures
Implement a fanout messaging.Create an SNS topic with a message filtering policy and configure multiple SQS queues to subscribe to the topic.
A database that has a read replication latency of less than 1 second.Use Amazon Aurora with cross-region replicas.
A specific type of Elastic Load Balancer that uses UDP as the protocol for communication between clients and thousands of game servers around the world.Use Network Load Balancer for TCP/UDP protocols.
Monitor the memory and disk space utilization of an EC2 instance.Install the Amazon CloudWatch agent on the instance.
Retrieve a subset of data from a large CSV file stored in the S3 bucket.Perform an S3 Select operation based on the bucket’s name and object’s key.
Upload 1 TB file to an S3 bucket.Use Amazon S3 multipart upload API to upload large objects in parts.
Improve the performance of the application by reducing the response times from milliseconds to microseconds.Use Amazon DynamoDB Accelerator (DAX)
Retrieve the instance ID, public keys, and public IP address of an EC2 instance.Access the URL: http://169.254.169.254/latest/meta-data/ using the EC2 instance.
Route the internet traffic to the resources based on the location of the user.Use Route 53 Geolocation Routing policy.
Domain 3Design Secure Applications and Architectures
Encrypt EBS volumes restored from the unencrypted EBS snapshotsCopy the snapshot and enable encryption with a new symmetric CMK while creating an EBS volume using the snapshot.
Limit the maximum number of requests from a single IP address.Create a rate-based rule in AWS WAF and set the rate limit.
Grant the bucket owner full access to all uploaded objects in the S3 bucket.Create a bucket policy that requires users to set the object’s ACL to bucket-owner-full-control.
Protect objects in the S3 bucket from accidental deletion or overwrite.Enable versioning and MFA delete.
Access resources on both on-premises and AWS using on-premises credentials that are stored in Active Directory.Set up SAML 2.0-Based Federation by using a Microsoft Active Directory Federation Service.
Secure the sensitive data stored in EBS volumesEnable EBS Encryption
Ensure that the data-in-transit and data-at-rest of the Amazon S3 bucket are always encryptedEnable Amazon S3 Server-Side or use Client-Side Encryption
Secure the web application by allowing multiple domains to serve SSL traffic over the same IP address.Use AWS Certificate Manager to generate an SSL certificate. Associate the certificate to the CloudFront distribution and enable Server Name Indication (SNI).
Control the access for several S3 buckets by using a gateway endpoint to allow access to trusted buckets.Create an endpoint policy for trusted S3 buckets.
Enforce strict compliance by tracking all the configuration changes made to any AWS services.Set up a rule in AWS Config to identify compliant and non-compliant services.
Provide short-lived access tokens that act as temporary security credentials to allow access to AWS resources.Use AWS Security Token Service
Encrypt and rotate all the database credentials, API keys, and other secrets on a regular basis.Use AWS Secrets Manager and enable automatic rotation of credentials.
Domain 4Design Cost-Optimized Architectures
A cost-effective solution for over-provisioning of resources.Configure a target tracking scaling in ASG.
The application data is stored in a tape backup solution. The backup data must be preserved for up to 10 years.Use AWS Storage Gateway to backup the data directly to Amazon S3 Glacier Deep Archive.
Accelerate the transfer of historical records from on-premises to AWS over the Internet in a cost-effective manner.Use AWS DataSync and select Amazon S3 Glacier Deep Archive as the destination.
Globally deliver the static contents and media files to customers around the world with low latency.Store the files in Amazon S3 and create a CloudFront distribution. Select the S3 bucket as the origin.
An application must be hosted to two EC2 instances and should continuously run for three years. The CPU utilization of the EC2 instances is expected to be stable and predictable.Deploy the application to a Reserved Instance.
Implement a cost-effective solution for S3 objects that are accessed less frequently.Create an Amazon S3 lifecycle policy to move the objects to Amazon S3 Standard-IA.
Minimize the data transfer costs between two EC2 instances.Deploy the EC2 instances in the same Region.
Import the SSL/TLS certificate of the application.Import the certificate into AWS Certificate Manager or upload it to AWS IAM.
Self-studied and refereed the scenarios from the tutorial dojo site
Advertisements

Important Links to study

AWS Study Notes

Video Courses

  • Udemy – Stephen Maarek – 27 Hours Course explaining in and out of AWS -Watch Twice one @ Normal speed and one @ 1.5X Speed
  • Udemy – Neal Davis – 22 Hours Course explaining in and out of AWS – Watch Twice one @ Normal speed and one @ 1.5X Speed
  • ACloudGuru – Training
  • Whizlabs – HandsonTraining – A must before taking the exam or create a free account in AWS to try it out
  • AWS LABS

Practice Test

Exam preparation time

  1. It took me about 2 months to study
  2. I spent more time as I got closer to the exam date (approximately 3-4 hours on weekdays and longer on the weekends)
  3. Read untill concepts are very clear

Exam Tips

  • During the exam, I marked the unsure questions for review.
  • Read the questions twice before answering
  • I rarely changed the answers during the review mode quite change 1 or 2 answers
  • I made sure that I didn’t leave any questions unanswered as there is no negative marking.
  • I utilized the full 130-140 minutes to answer and review the questions

This brings to the end of the study guide. Please make ensure you have the concepts are well known. All the best for your preparation and exams

%d bloggers like this: