Preparing for the AWS Solutions Architect Associate (SAA-C02) exam? Don’t know where to start? This post is the AWS Solutions Architect [Associate] Certificate Study Guide (with links to each objective in the exam domain).
I have curated a detailed list of articles from AWS documentation and other websites for each objective of the AWS Certified Solutions Architect [Associate] (SAA-C02) exam. Please share the post within your circles so it helps them to prepare for the exam.
AWS Solutions Architect Associate Course [SAA-C02]
AWS Solutions Architect Associate Practice Test [SAA-C02]
AWS Solutions Architect Associate Other Material
AWS Solutions Architect Associate Practice Test
Design Resilient Architectures - 30%
Design a Multi-tier Architecture Solution
AWS Services needed to implement multi-tier design:
Design Highly Available and/or Fault-tolerant Architectures
AWS services that enable High Availability:
Design Decoupling Mechanisms Using AWS Services
Choose Appropriate Resilient Storage
Design High-performing Architectures - 28%
Identify Elastic and Scalable Compute Solutions for a Workload
Elastic compute solutions
Select High-performing and Scalable Storage Solutions for a Workload
File system storage
Other Storage solutions for high-performance
Select High-performing Networking Solutions for a Workload
Review the following videos:
AWS Services for high-performing networking solutions:
AWS Global Accelerator
It Creates accelerators to improve the performance of your app by directing traffic to the best-suited endpoints in the AWS network
AWS Direct Connect
Establishes a dedicated network connection from the on-premises network to the cloud
AWS Virtual Private Network
AWS VPN connections extend your on-premises networks to the cloud. Similar to Direct Connect. But VPNs use IPSec (with the help of the Internet) to connect your network with AWS. Whereas Direct Connect uses a dedicated private network to establish connections (does not use the Internet). Similar to Express Route if you come from the Azure world.
AWS Transit Gateway
A cloud router. It connects multiple VPCs in your account with the on-premises network (if needed) with a central hub. Replaces many 1-1 connections between the VPCs.
CloudFront is a Content Delivery Network (CDN). It stores a copy of your website assets in different edge locations around the world. When a user requests a resource, it is served from the nearest edge location, thereby reducing latency.
For running AWS infrastructure and other services in an on-premises environment. So you needn’t move your sensitive data to the cloud. You move the cloud to the location of your data.
AWS Local Zones
Moves AWS Compute, Storage, DBs closer to centers where no AWS regions exist.
Move AWS services to the edge of the 5G network, so traffic from 5G devices can reach servers in Wavelength Zones.
Choose High-performing Database Solutions for a Workload
Simple stuff, data tables related to each other via primary-foreign key relationships. A great fit for transactions (OLTP) in the financial world.
A type of NoSQL database (not only SQL). The unique identifier is the key. The value can be any data structure. It is widely used by web applications for storing user session details.
A database that’s housed in memory (RAM) instead of the disk. So it is volatile (you lose all data on failure) but gives you faster response times. Widely used in BI applications, so the user can drill-down/up or filter the report across dimensions with minimal latency.
Data is stored in JSON-like documents. Used when the data is not relational. For example, scanned images, PDF files, etc., In manufacturing aircraft, different parts have a different number of attributes. Storing the information in the Document database can accommodate for the potential increase in the attributes required.
A graph database is best used to describe relationships between entities. These databases consist of nodes (store data entities) and edges (store relationships between entities). They are mostly used in recommendation engines in e-commerce and social media applications.
Used for monitoring software/financial/physical systems like equipment & machinery where there is a heavy dependence on time.
Databases that are immutable (you cannot update a customer’s address, just add a new record) & with a cryptographically verifiable log. Used where an accurate description of history is required. For example, GDPR, tracking Credit/debit history in banking transactions.
Database caching for high performance
Design Secure Applications and Architectures - 24%
Design Secure Access to AWS Resources
AWS Identity & Access Management
Approaches for addressing Identity & Access Management:
a. Secure access credentials
AWS Security Token Service
Generates temporary security credentials that are limited in privileges and in duration. Enables you to provide access to users without creating AWS identities.
IAM Instance profiles
A way for EC2 instances to access AWS APIs.
b. Principle of least privileges
Organize several accounts into groups to create an organizational structure. Apply policies to individual organizational units or the entire organization.
Design Secure Application Tiers
Select Appropriate Data Security Options
Different approaches to consider for Data security in AWS are:
a. Data Classification
Analyzing and organizing data based on criticality and sensitivity so that appropriate data protection controls can be applied. For example, if you store sensitive data in your S3 buckets, then you can classify such objects with the help of object tagging.
Encryption transforms the sensitive content into a form that is unreadable to the hacker without the secret key (the reverse process is decryption).
Tokenization defines a token to represent a sensitive piece of information.
c. Secure data at rest
d. Secure data in transit
AWS Certificate Manager
e. Backup/replicate/recover your data
Design Cost-optimized Architectures - 18%
Identify Cost-effective Storage Solutions
Amazon Elastic Block Store
Monitor storage costs with AWS cost & reporting tools
Identify Cost-effective Compute and Database Services
Design Cost-optimized Network Architectures
Amazon Virtual Private Cloud & other network services
Elastic Load Balancer
This brings us to the end of the AWS Solutions Architect [Associate] (SOA-C02) Exam Preparation Study Guide
What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!
In case you are looking for other AWS certificate exams study guides, check out this page
Follow/Like ravikirans.com to Receive Updates
Sign up for Newsletter
Want to be notified as soon as I post? Subscribe to RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.
Share the Article in Your Social Media Networks
5 2 9