Required Knowledge To Pass AWS Certified Solutions Architect — Professional Exam
AWS Certified Solutions Architect Professional Exam is one of the toughest exams in tech today. This article provides details on the knowledge required to pass the exam.
Join the DZone community and get the full member experience.Join For Free
Disclaimer: All the views and opinions expressed in the blog belong solely to the author and not necessarily to the author's employer or any other group or individual. This article is not a promotion for any course or training platform. The sole objective of this article is to help the AWS community to successfully pass this difficult exam. Also, this article is based on my exam experience, which may differ from any other individual's exam experience.
I am a certified AWS Professional Architect, and with this article, I would like to share my experience and the preparations I took to pass this certification exam. I don't want to share the details that you can get from the AWS Professional Architect Certification page; rather, I would share the topics that you would need to know to pass the exam and the type of questions that you can expect during the exam.
My Experience at the Exam
- All the questions in the exam were scenario based.
- This exam covers lots of services, and you can get the question on any of the services in AWS that is generally available for 6 months. So, there is a lot of ground to cover especially considering the number of services in the AWS platform. In my experience, the exam expects you to know a lot of services at a high level but doesn't go very deep except for a few core services like VPC, EC2, S3, DynamoDB, etc.
Most of the questions and answers were complex, verbose, and wordy. Roughly you get 2 minutes to answer each question. Time management is the biggest challenge for this exam. So have a clear strategy and complete at least a few practice exams before sitting on the exam.
I built a strategy for those questions that has a lot of words in both question and answer. I answered very big wordy questions at the end of my exam. Also, once I am confident about an answer, I skipped reading other choices.
- You must learn to pick the keywords (e.g., high availability/cost-effectiveness/ reliability/scalability/security, etc.) in a question and try to match that in an answer. If you are running out of time, just read the last few sentences of the question and try to understand what is the ask, and then go to the answers directly and try to find out which one is aligned with the ask in the question.
- I highly recommend requesting a 30-minute exam extension for non-native English speakers when taking an exam in English. Please see the Requesting Accommodations section on the page.
My Preparation for the Exam
- I went through the A Cloud Guru course for the exam.
- The course was good. It had 8 hrs of training videos, sample questions, and pro tips.
- The course was a little bit high level; it assumes that you already know a lot of things that are in the Associate level exams. If you just go through this training, then it might not be enough to pass the exam.
- A Cloud Guru also has Exam Simulator. The questions were extremely difficult in the simulator, but those were a good indication of the questions that you might get in the real exam. Although the exam questions I got were less hard than the ones in the A Cloud Guru Simulator.
- I have taken AWS Solutions Architect Professional Practice Test by Jon Bonso on Udemy the Practice Tests.
- It had 4 Practice exams.
- Questions in this course are good, and very detailed explanations are provided. Also, it helps you in terms of gaining knowledge & overall understanding of the AWS platform. But the questions that will come in the actual exam are a lot more complex and tougher.
- If you buy this practice test, then try to complete these exams between 2-2.5 hrs and try to get more than 90% marks.
- I sat in as many time-based practice tests as I could. There are many practice tests available over the internet for free.
- I have gone through all the AWS White papers suggested by A Cloud Guru trainer.
- I have watched many “This is my Architecture” videos on YouTube in the AWS channel on daily basis. It helped me in understanding how you can solve complex business problems using AWS services.
Required AWS Service Knowledge
You need to know the below topics in order to pass the exam.
Virtual Private Cloud (VPC)
VPC is basic for passing any AWS exam. You need to know all the components, routing, security, and inner workings of a VPC. Below are some of the key topics that you absolutely need to cover for the exam.
- Gateway and Interface endpoints, VPC Flow Logs, IPV4 vs. IPV6
- Internet Gateway vs. Egress Only Internet Gateway
- NAT Gateway vs. NAT instances
- NACL vs. Security Groups
- Private vs. Public Subnets
- Route Tables and how routes work in an AWS VPC. What is the default route? How different route configurations can impact network path.
- How to create cost-effective, highly available infrastructure using VPC and subnets.
Amazon Simple Storage Service (S3)
S3 will appear in most of the questions. So, you need to understand S3 and all the features
related to S3 very well.
- Understand the S3 storage use case and anti-patterns. Also, different storage classes and Lifecycle management.
- Different encryption levels (SSE-S3 vs. SSE-KMS vs. SSE-C vs. client-side encryption)
- IAM policy vs. Bucket Policy vs. Object ACL
- Other S3 features like Versioning, Replication, Static Website hosting, Transfer Acceleration,
S3 Events, Requester Pays, Cross-origin resource sharing (CORS).
Amazon Elastic Compute Cloud (EC2)
Same as S3, EC2 will appear in many questions. Understanding EC2 is key to passing the exam.
- Different Instance types and their use cases(On-demand vs. Reserve Instances(RI) vs. Spot Instances). Dedicated Host vs. Dedicated Instance
- Spot fleet and Spot diversified allocation strategy
- Regional RI vs. Zonal RI. Standard vs. Convertible vs. Scheduled RI
- EC2 authentication and regenerating a new key pair and associating with an existing instance.
- How can you guarantee the capacity reservation in DR or scale-out scenarios
- What is Elastic IP, and what purpose it solves?
- How EC2 instance can serve multiple domains on Secure Sockets Layer (SSL)
- Different Load balancer types, their differences, and their use cases. How Elastic Load Balancer(ELB) supports Server Name Indication (SNI), SSL termination, and cross-zone load balancing.
- How to build a highly available, scalable, and resilient architecture using Autoscaling Groups. Different scaling policies and their use cases. Cool Down period vs. Warm-up period vs. Health check grace period.
- Launch Configuration vs. Launch Template
AWS Identity and Access Management (IAM)
- Difference between resource-based policy and identity-based policy
- Secure way to perform cross-account access and understand the IAM role usage both in the context of human or service interactions.
- STS (AssumeRole vs. AssumeRoleWithWebIdentity vs. GetFederationToken)
- IAM vs. Amazon Cognito and IAM SAML Identity Provider
Amazon Relational Database Service (RDS)
- Different RDS options are supported.
- Difference between multi-AZ vs. read replica.
- You need to know Aurora in great detail and how Aurora is different than other RDS offerings
- How and why to use database snapshots and database migration using snapshots
- Why use Reserve Instances for RDS
- RDS integration with Secrets Manager
The key exam topics are below
- Primary key and sort key, partitioning, and hotkey issue, GSI vs. LSI, scan vs. query performance
- Auto-scaling vs. on-demand scaling
- DynamoDB Streams and Dynamo DB Global Database
The key exam topics are below:
- VPC to VPC connectivity, VPC to on-prem connectivity
- VPN vs. Direct Connect(including Direct Connect Gateway) vs. Transit VPC vs. Cloudhub VPN vs. Software VPN vs. Transit Gateway
- How to build redundant and performance architecture using AWS networking components
- BGP vs. Static route
- What is AWS Organization, and how AWS organization can help in consolidated Billing and RI credit sharing
- Service Control Policy (SCP Allow Policy vs. SCP Deny Policy) vs. IAM policy
- Supported runtimes, Lambda triggers
- Lambda basic and VPC settings
- Concurrency limits and Provision Concurrency
- SAM in the context of Lambda
- Lambda logging and troubleshooting using X-Ray (any serverless app)
- What is CloudTrail? What details can be logged by CloudTrail, and where can the logs be stored?
- What are the Digest files? What purpose it is solving?
- CloudTrail vs. CloudWatch vs. Config
You need to know CloudWatch in detail, which includes Logs, Events (triggers, actions), Metric, and Alarms.
- How does config work? What are the use cases and triggers?
- How can config be used with other AWS services to identify, notify and rectify any non-
compliant AWS resources?
- How AWS config can track changes in all the resources in AWS cloud?
- Different types of Kinesis services and their use cases
- Kinesis Data Stream vs. Delivery Stream (buffer, storage, ingestion, delivery)
- Kinesis Analytics and its source and target. How Lambda can be used with Kinesis Analytics?
AWS Migration Services
You need to know different migration services with little depth, understand their use cases, and how you can use them to perform a cloud migration in a secure, reliable, cost-effective way without impacting business.
- Storage migration (Snowball, Snowball edge, Storage Gateways, S3 sync, Data sync)
- Server migration (Server Migration Service, Application Discovery Service, VMWare & Hyper-V VM migration to AWS Cloud)
- Network Migration
- Database Migration (Database Migration Service and Schema Conversion Tool vs. Native utilities, e.g., mysqldump) considering all different scenarios (heterogeneous vs. homogeneous and on-prem to RDS, on-prem to DB on EC2, RDS to Aurora, EC2 DB to Aurora, etc.)
- You need to know about the Cloud Adoption Framework and how it can help to formulate a successful cloud migration strategy.
- Also, know there is a service named AWS Migration Hub where you can discover, assess, plan & track your cloud migration initiatives centrally.
- Understand different deployment methods and list of platforms supported by the service
- Suitable scenarios to use Elastic Beanstalk compared to other deployment services (code deploy, Cloudformation, etc.)
- How Blue/Green deployment can be achieved using Elastic Beanstalk
- Different sections of a CloudFormation template and their purpose
- Change Set (what and why), Stack Set (what and why)
- What is DeletePolicy, and what possible values
You need to know the below topics for CloudFront
- Use case and anti-pattern
- SNI on CloudFront, SSL and custom certificate on CloudFront
- Lambda@Edge (what and why)
- Origin policy and origin access identity (OAI)
- Field-level encryption
- CloudFront signed cookies vs. signed URLs
- Invalidation and origin Cache-Control max-age or Cache-Control s-max-age directive
- Match Viewer policy
- Different types of Route53 records(e.g., alias vs. CNAME and their usage)
- Different types of Routing policies and Route53 health checks
- Difference between private hosted zone and private hosted zone
- What is DNSSEC?
- How a domain transfer works and auto-renewal using Route53
Different Types of Storage Solutions on AWS, Their Usage, High Availability, Durability, and Anti-Patterns
The exam will test you on different storage services on AWS, such as Glacier, Amazon Elastic File System (Amazon EFS), FSx, Amazon Elastic Block Store (Amazon EBS), Instance Store, and In-memory cache (Redis vs. Memcached)
AWS Service Catalog
- Use case of AWS Service Catalog service, how it is used. What are Portfolios and products?
- Different types of constraints can be applied in the service catalog
- How Service Catalog can be used in AWS Organization having a Publishing Account model
- Difference between Cost Explorer and Budget. How to set automatic notifications using Budget
- What are the Cost allocation tags? Usage of tags and Resource Groups in terms of cost and resource management
- AWS Cost Management tools and strategy
You need to know different offerings under the Systems Manager umbrella at a high level, such as the Parameter Store(how it’s different from Secrets Manager), Session Manager, Automation, Run Command, and State Manager. Also, know Patch Manager in conjunction with Maintenance Window
AWS Directory Services
- SAML-based Single Sign-On (SSO) using AWS SSO for corporate accounts using on-prem AD
- Difference between AD Connector and Simple AD and AWS Managed Microsoft AD
AWS Developer Services(at a high level)
You need to understand the different DevOps services available in the AWS platform and their use cases. Services include Code Build, Code Deploy (differences with Elastic Beanstalk, OpsWorks and CloudFormation), Code Pipeline, Code Commit, and Code Star
Amazon Elastic Container Service (ECS)
- You need to know both of the ECS offerings for EC2 and Fargate
- Understand what is Task role, Task definition, network modes, and container definition
- Understand scenarios on when to use ECS vs. EC2 with Auto Scaling vs. Lambda
Amazon Simple Queue Service (SQS) and Amazon Simple Notification Service (SNS)
You need to know SQS with a little more depth than SNS for the exam.
- For SQS, know the difference between the standard queue and the FIFO queue. Also, how SQS helps decouple application components, buffer-based integration, smooth application spikes, and how you can build a cost-effective, fault-tolerant architecture using SQS.
- For SNS, understand what it is and the different types of notification channels available in SNS
Other AWS Services
You need to have some idea about the below services(use cases, what they do etc.) so that if they appear in a question/answer, you have an idea about them.
- High availability in the context of Storage, Compute, Database & Network
- DDoS attack mitigation techniques, common network and application layer attacks, and mitigation techniques
- Difference between AWS Shield Advance vs. Macie vs. Guard Duty vs. Inspector vs. Trusted advisor (understand all different Trusted advisor notifications) in the context of security
- Different IDS and IPS techniques available in AWS
- How to implement in-transit and at-rest encryption in AWS. Have an overview of AWS KMS and Certificate Manager
- API Gateway and its integration/timeout in context with Lambda
- OpsWorks (focus on OpsWorks Stacks)
- Difference between Step Function vs. Simple Workflow service vs. AWS Batch
- AWS IOT landscape (especially AWS Greengrass, IOT Core, and its integration with Kinesis and
other durable storage and analytics solutions)
- Data & Analytics services
- Have an overview and understanding of the use cases for Amazon EMR, AWS Glue, Athena, Redshift and QuickSight
- AWS AI and ML services (specially Rekognition, Lex, Poly, and SageMaker at a high level)
- Other Enterprise Apps on AWS at a high-level
- Alexa for Business
- AWS AppStream
- AWS Workspace
- Amazon Worklink
- AWS Pinpoint
- Amazon Connect
- Amazon Mechanical Turk (MTurk)
Opinions expressed by DZone contributors are their own.