AWS Solutions Architect Preparation
Preparing for the AWS Solutions Architect Associate (SAA-C02) exam? Don’t know where to start? This post is the AWS Solutions Architect [Associate] Certificate Study Guide (with links to each objective in the exam domain).
I have curated a detailed list of articles from AWS documentation and other websites for each objective of the AWS Certified Solutions Architect [Associate] (SAA-C02) exam. Please share the post within your circles so it helps them to prepare for the exam.
Courses on AWS Solutions Architect Associate
|LinkedIn Learning (Free trial)||Learning Path for AWS Architect Prep|
|Pluralsight||Solutions Architect (with Practice Tests)|
|Udemy||AWS Cert. Architect by Stephane Maarek|
AWS Solutions Architect Associate Practice Test
|Whizlabs Exam Questions||[650 Questions + 42 Labs] for Architect Prep|
|Udemy Practice Test||Solutions Associate Test (260 Questions)|
Resources for AWS Solutions Architect Associate
|Udacity Nanodegree||Become an AWS Cloud Architect|
|Amazon e-book (PDF)||AWS Architect Associate Exam Notes|
AWS Certified Solutions Architect Exam Questions
Check out all the other AWS certificate study guides
Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.
Domain 1: Design Resilient Architectures – 30%
1.1 Design a Multi-tier Architecture Solution
Determine a solution design based on access patterns
Determine a scaling strategy for components used in a design
Select an appropriate database based on requirements
Select an appropriate compute and storage service based on requirements
1.2 Design Highly Available and/or Fault-tolerant Architectures
Determine the amount of resources needed to provide a fault-tolerant architecture across Availability Zones
Select a highly available configuration to mitigate single points of failure
Apply AWS services to improve the reliability of legacy applications when application changes are not possible
Select an appropriate disaster recovery strategy to meet business requirements
Identify key performance indicators to ensure the high availability of the solution
1.3 Design Decoupling Mechanisms Using AWS Services
Determine which AWS services can be leveraged to achieve loose coupling of components
Determine when to leverage serverless technologies to enable decoupling
1.4 Choose Appropriate Resilient Storage
Define a strategy to ensure the durability of data
Identify how data service consistency will affect the operation of the application
Select data services that will meet the access requirements of the application
Identify storage services that can be used with hybrid or non-cloud-native applications
Amazon link (affiliate)
Domain 2: Design High-performing Architectures – 28%
2.1 Identify Elastic and Scalable Compute Solutions for a Workload
Select the appropriate instance(s) based on Compute, storage, and networking requirements
Choose the appropriate architecture and services that scale to meet performance requirements
Identify metrics to monitor the performance of the solution
2.2 Select High-performing and Scalable Storage Solutions for a Workload
Select a storage service and configuration that meets performance demands
Determine storage services that can scale to accommodate future needs
File system storage
Other Storage solutions for high-performance
2.3 Select High-performing Networking Solutions for a Workload
Select appropriate AWS connectivity options to meet performance demands
Select appropriate features to optimize connectivity to AWS public services
Determine an edge caching strategy to provide performance benefits
Select appropriate data transfer service for migration and/or ingestion
Other AWS networking services for building high-performing networking solutions are:
AWS Global Accelerator
It creates accelerators to improve the performance of your app by directing traffic to the best-suited endpoints in the AWS network
AWS Direct Connect
Establishes a dedicated network connection from the on-premises network to the cloud
AWS Virtual Private Network
AWS VPN connections extend your on-premises networks to the cloud. Similar to Direct Connect. But VPNs use IPSec (with the help of the Internet) to connect your network with AWS. Whereas Direct Connect uses a dedicated private network to establish connections (does not use the Internet). Similar to Express Route if you come from the Azure world.
AWS Transit Gateway
A cloud router. It connects multiple VPCs in your account with the on-premises network (if needed) with a central hub. Replaces many 1-1 connections between the VPCs.
CloudFront is a Content Delivery Network (CDN). It stores a copy of your website assets in different edge locations around the world. When a user requests a resource, it is served from the nearest edge location, thereby reducing latency.
AWS Local Zones
Moves AWS Compute, Storage, DBs closer to centers where no AWS regions exist.
Move AWS services to the edge of the 5G network, so traffic from 5G devices can reach servers in Wavelength Zones.
2.4 Choose High-performing Database Solutions for a Workload
Select an appropriate database scaling strategy
Determine when database caching is required for performance improvement
Choose a suitable database service to meet performance needs
Other articles for understanding how to choose high-performing database solutions
Simple stuff, data tables related to each other via primary-foreign key relationships. A great fit for transactions (OLTP) in the financial world.
A type of NoSQL database (not only SQL). The unique identifier is the key. The value can be any data structure. It is widely used by web applications for storing user session details.
A database that’s housed in memory (RAM) instead of the disk. So it is volatile (you lose all data on failure) but gives you faster response times. Widely used in BI applications, so the user can drill down/up or filter the report across dimensions with minimal latency.
Data is stored in JSON-like documents. Used when the data is not relational. For example, scanned images, PDF files, etc., In manufacturing aircraft, different parts have a different number of attributes. Storing the information in the Document database can accommodate for the potential increase in the attributes required.
A graph database is best used to describe relationships between entities. These databases consist of nodes (store data entities) and edges (store relationships between entities). They are mostly used in recommendation engines in e-commerce and social media applications.
Databases that are immutable (you cannot update a customer’s address, just add a new record) & with a cryptographically verifiable log. Used where an accurate description of history is required. For example, GDPR, tracking Credit/debit history in banking transactions.
Database caching for high performance
Domain 3: Design Secure Applications and Architectures – 24%
3.1 Design Secure Access to AWS Resources
Determine when to choose between users, groups, and roles
Interpret the net effect of a given access policy
Select appropriate techniques to secure a root account
Determine ways to secure credentials using features of AWS IAM
Determine the secure method for an application to access AWS APIs
Select appropriate services to create traceability for access to AWS resources
Other approaches for securing access to AWS resources
a. Secure access credentials
AWS Security Token Service
Generates temporary security credentials that are limited in privileges and in duration. Enables you to provide access to users without creating AWS identities.
IAM Instance profiles
A way for EC2 instances to access AWS APIs.
b. Principle of least privileges
Organize several accounts into groups to create an organizational structure. Apply policies to individual organizational units or the entire organization.
3.2 Design Secure Application Tiers
Given traffic control requirements, determine when and how to use security groups and network ACLs
Determine a network segmentation strategy using public and private subnets
Select the appropriate routing mechanism to securely access AWS service endpoints or internet-based resources from Amazon VPC
Select appropriate AWS services to protect applications from external threats
Other important articles for securing application tiers
3.3 Select Appropriate Data Security Options
Determine the policies that need to be applied to objects based on access patterns
Select appropriate encryption options for data at rest and in transit for AWS services
Select appropriate key management options based on requirements
Different approaches to consider for data security in AWS
a. Data Classification
Analyzing and organizing data based on criticality and sensitivity so that appropriate data protection controls can be applied. For example, if you store sensitive data in your S3 buckets, then you can classify such objects with the help of object tagging.
Encryption transforms the sensitive content into a form that is unreadable to the hacker without the secret key (the reverse process is decryption).
Tokenization defines a token to represent a sensitive piece of information.
c. Secure data at rest
d. Secure data in transit
e. Backup/replicate/recover your data
Domain 4: Design Cost-optimized Architectures – 18%
4.1 Identify Cost-effective Storage Solutions
Determine the most cost-effective data storage options based on requirements
Apply automated processes to ensure that data over time is stored on storage tiers that minimize costs
Cost-effective techniques for other AWS services
Amazon Elastic Block Store
4.2 Identify Cost-effective Compute and Database Services
Determine the most cost-effective Amazon EC2 billing options for each aspect of the workload
Determine the most cost-effective database options based on requirements
Select appropriate scaling strategies from a cost perspective
Select and size compute resources that are optimally suited for the workload
Determine options to minimize total cost of ownership (TCO) through managed services and serverless architectures
4.3 Design Cost-optimized Network Architectures
Identify when content delivery can be used to reduce costs
Determine strategies to reduce data transfer costs within AWS
Determine the most cost-effective connectivity options between AWS and on-premises environments
This brings us to the end of the AWS Solutions Architect [Associate] (SOA-C02) Exam Preparation Study Guide
What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!
In case you are preparing for other AWS certification exams, check out the AWS study guides for those exams.
Get Updates on AWS Certified Solutions Architect
Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.