AWS Solutions Architect Preparation
Preparing for the AWS Solutions Architect Associate (SAA-C02) exam? Don’t know where to start? This post is the AWS Solutions Architect [Associate] Certificate Study Guide (with links to each objective in the exam domain).
I have curated a detailed list of articles from AWS documentation and other websites for each objective of the AWS Certified Solutions Architect [Associate] (SAA-C02) exam. Please share the post within your circles so it helps them to prepare for the exam.
Courses on AWS Solutions Architect Associate
| LinkedIn Learning (Free trial) | Learning Path for AWS Architect Prep |
| Pluralsight | Solutions Architect (with Practice Tests) |
| Udemy | AWS Cert. Architect by Stephane Maarek |
AWS Solutions Architect Associate Practice Test
| Whizlabs Exam Questions | [650 Questions + 42 Labs] for Architect Prep |
| Udemy Practice Test | Solutions Associate Test (260 Questions) |
Resources for AWS Solutions Architect Associate
| Udacity Nanodegree | Become an AWS Cloud Architect |
| Amazon e-book (PDF) | AWS Architect Associate Exam Notes |
AWS Certified Solutions Architect Exam Questions
Check out all the other AWS certificate study guides
Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.
Domain 1: Design Resilient Architectures – 30%
1.1 Design a Multi-tier Architecture Solution
Determine a solution design based on access patterns
Common AWS access patterns for your workforce
Architectural patterns for data lakes on AWS
Identify your data access patterns
Analyze access patterns in Amazon WorkSpaces
Determine a scaling strategy for components used in a design
Scale your web app: one step at a time
Scaling on AWS part I: A Primer
Select an appropriate database based on requirements
How do you select your database solution?
Select the right database for your application
Database architecture selection
Select an appropriate compute and storage service based on requirements
Compute service
Storage service
1.2 Design Highly Available and/or Fault-tolerant Architectures
Determine the amount of resources needed to provide a fault-tolerant architecture across Availability Zones
Building_fault-tolerant_applications
Achieving fault-tolerance & redundancy
Select a highly available configuration to mitigate single points of failure
Remove single points of failure by using a High-Availability partition group
Eliminate single points of failure with High Availability clustering
Apply AWS services to improve the reliability of legacy applications when application changes are not possible
Demystify legacy migration options to AWS
Optimize a lift-and-shift for performance
Select an appropriate disaster recovery strategy to meet business requirements
How do you plan for disaster recovery (DR)?
Disaster recovery options in the cloud
Disaster Recovery (DR) architecture on AWS
Identify key performance indicators to ensure the high availability of the solution
Example implementations for availability goals
Monitor your resources to ensure they are performing
AWS Monitoring: Metrics to watch out for
1.3 Design Decoupling Mechanisms Using AWS Services
Determine which AWS services can be leveraged to achieve loose coupling of components
Building loosely coupled, scalable apps with Amazon SQS & SNS
Decoupling with SQS, SimpleDB, & SNS
Determine when to leverage serverless technologies to enable decoupling
Decouple larger applications with EventBridge
Decoupled serverless scheduler to run HPC apps
1.4 Choose Appropriate Resilient Storage
Define a strategy to ensure the durability of data
Amazon S3 Reduced Redundancy Storage (RRS)
Backup and data protection solutions
Strategies to ensure data durability
Identify how data service consistency will affect the operation of the application
Architect data quality on the AWS Cloud
DAX and DynamoDB consistency models
Select data services that will meet the access requirements of the application
Data Lakes and analytics on AWS
Best practices for securing sensitive data in AWS data stores
Identify storage services that can be used with hybrid or non-cloud-native applications
Storage services for hybrid cloud
Amazon link (affiliate)
Domain 2: Design High-performing Architectures – 28%
2.1 Identify Elastic and Scalable Compute Solutions for a Workload
Select the appropriate instance(s) based on Compute, storage, and networking requirements
Choosing the right EC2 instance type for your application
Determine appropriate EC2 instance type for your workload
Get recommendations for an instance type
Choose the appropriate architecture and services that scale to meet performance requirements
How do you select the best-performing architecture?
Compute architecture selection
Optimize performance for your AWS compute
Identify metrics to monitor the performance of the solution
Using Amazon CloudWatch metrics
Monitoring performance with CloudWatch dashboards
Monitor performance of Amazon ECS applications
2.2 Select High-performing and Scalable Storage Solutions for a Workload
Select a storage service and configuration that meets performance demands
Storage architecture selection
Performance Efficiency design principles
How do you select your storage solution?
Determine storage services that can scale to accommodate future needs
Object storage
Block storage
File system storage
Archival storage
Other Storage solutions for high-performance
2.3 Select High-performing Networking Solutions for a Workload
Select appropriate AWS connectivity options to meet performance demands
Network-to-Amazon VPC connectivity options
Amazon VPC-to-Amazon VPC connectivity options
Software remote access-to-Amazon VPC connectivity options
Select appropriate features to optimize connectivity to AWS public services
How do you configure your networking solution?
Network architecture selection
Optimizing latency and bandwidth for AWS Traffic
Achieve up to 60% better performance with Global Accelerator
Determine an edge caching strategy to provide performance benefits
How caching works with CloudFront edge locations?
Select appropriate data transfer service for migration and/or ingestion
Top 10 data migration best practices
Migrating data to AWS: understanding your options
Other AWS networking services for building high-performing networking solutions are:
AWS Global Accelerator
It creates accelerators to improve the performance of your app by directing traffic to the best-suited endpoints in the AWS network
Get started with AWS Global Accelerator
Achieve up to 60% better performance with Global Accelerator
Improve application performance for your traffic with Global Accelerator
AWS Direct Connect
Establishes a dedicated network connection from the on-premises network to the cloud
AWS Direct Connect (for connecting to the on-premises network)
AWS Virtual Private Network
AWS VPN connections extend your on-premises networks to the cloud. Similar to Direct Connect. But VPNs use IPSec (with the help of the Internet) to connect your network with AWS. Whereas Direct Connect uses a dedicated private network to establish connections (does not use the Internet). Similar to Express Route if you come from the Azure world.
Getting started – AWS Site-to-Site VPN
AWS Transit Gateway
A cloud router. It connects multiple VPCs in your account with the on-premises network (if needed) with a central hub. Replaces many 1-1 connections between the VPCs.
AWS CloudFront
CloudFront is a Content Delivery Network (CDN). It stores a copy of your website assets in different edge locations around the world. When a user requests a resource, it is served from the nearest edge location, thereby reducing latency.
AWS Outposts
For running AWS infrastructure and other services in an on-premises environment. So you needn’t move your sensitive data to the cloud. You move the cloud to the location of your data.
AWS Local Zones
Moves AWS Compute, Storage, DBs closer to centers where no AWS regions exist.
Low-latency computing with AWS Local Zones
Why Outposts, Local Zones, & Wavelength are game-changing for enterprises?
AWS Wavelength
Move AWS services to the edge of the 5G network, so traffic from 5G devices can reach servers in Wavelength Zones.
Introduction to AWS Wavelength
AWS Wavelength for delivering ultra-low latency apps for 5G
Use Wavelength to deliver apps that require ultra-low latency
2.4 Choose High-performing Database Solutions for a Workload
Select an appropriate database scaling strategy
Database scaling strategies for startups
Scaling your application with AWS Relational Databases
Auto-scaling a MySQL database to meet fluctuating demand
Managing scaling for Aurora DB clusters
Determine when database caching is required for performance improvement
Database caching strategies using Redis
Boost MySQL DB performance with ElastiCache for Redis
Caching for performance with ElastiCache
Choose a suitable database service to meet performance needs
How do you select your database solution?
How to choose the right database?
AWS databases: How to choose the right one?
Other articles for understanding how to choose high-performing database solutions
Relational databases
Simple stuff, data tables related to each other via primary-foreign key relationships. A great fit for transactions (OLTP) in the financial world.
Key-value database
A type of NoSQL database (not only SQL). The unique identifier is the key. The value can be any data structure. It is widely used by web applications for storing user session details.
Best practices for designing and architecting with DynamoDB
Amazon DynamoDB: Performance & cost optimization at any scale
In-memory databases
A database that’s housed in memory (RAM) instead of the disk. So it is volatile (you lose all data on failure) but gives you faster response times. Widely used in BI applications, so the user can drill down/up or filter the report across dimensions with minimal latency.
Document database
Data is stored in JSON-like documents. Used when the data is not relational. For example, scanned images, PDF files, etc., In manufacturing aircraft, different parts have a different number of attributes. Storing the information in the Document database can accommodate for the potential increase in the attributes required.
Graph database
A graph database is best used to describe relationships between entities. These databases consist of nodes (store data entities) and edges (store relationships between entities). They are mostly used in recommendation engines in e-commerce and social media applications.
Time-series database
Used for monitoring software/financial/physical systems like equipment & machinery where there is a heavy dependence on time.
Ledger database
Databases that are immutable (you cannot update a customer’s address, just add a new record) & with a cryptographically verifiable log. Used where an accurate description of history is required. For example, GDPR, tracking Credit/debit history in banking transactions.
Database caching for high performance
Domain 3: Design Secure Applications and Architectures – 24%
3.1 Design Secure Access to AWS Resources
Determine when to choose between users, groups, and roles
IAM Identities (users, user groups, and roles)
When should you use AWS IAM roles vs. users?
Interpret the net effect of a given access policy
Understanding the IAM policy grammar
Policy summaries make understanding IAM policies easier
Select appropriate techniques to secure a root account
Best practices for securing AWS account
Determine ways to secure credentials using features of AWS IAM
AWS Identity & Access Management (IAM) features
Best practices for managing AWS access keys
Determine the secure method for an application to access AWS APIs
Control & manage access to a REST API
Evaluate access control methods to secure APIs
Control access to an API with IAM permissions
Select appropriate services to create traceability for access to AWS resources
Tracing S3 requests using AWS X-Ray
Track which users are accessing your S3 buckets
Security Pillar: AWS well-architected framework
AWS security design principles
Other approaches for securing access to AWS resources
a. Secure access credentials
AWS Security Token Service
Generates temporary security credentials that are limited in privileges and in duration. Enables you to provide access to users without creating AWS identities.
IAM Instance profiles
A way for EC2 instances to access AWS APIs.
b. Principle of least privileges
Granting least privileges in AWS
Defining least-privileged permissions for actions by AWS services
Remove unnecessary credentials
AWS Organizations
Organize several accounts into groups to create an organizational structure. Apply policies to individual organizational units or the entire organization.
3.2 Design Secure Application Tiers
Given traffic control requirements, determine when and how to use security groups and network ACLs
Security group rules for different use cases
Control network traffic with security groups
Determine a network segmentation strategy using public and private subnets
Improving security in the cloud with micro-segmentation
Making a case for network segmentation in AWS
Build a modular & scalable virtual network architecture
Select the appropriate routing mechanism to securely access AWS service endpoints or internet-based resources from Amazon VPC
Internet routing & traffic engineering
Select appropriate AWS services to protect applications from external threats
Protecting from external threats
How do you protect your network resources?
Other important articles for securing application tiers
Building three-tier architectures with security groups
Three Tier Architecture for Web Applications in AWS
Secure an AWS Three-tier Web Architecture
3.3 Select Appropriate Data Security Options
Determine the policies that need to be applied to objects based on access patterns
Select appropriate encryption options for data at rest and in transit for AWS services
Encrypting data-at-rest and -in-transit
How do you protect your data in transit?
Select appropriate key management options based on requirements
Different approaches to consider for data security in AWS
a. Data Classification
Analyzing and organizing data based on criticality and sensitivity so that appropriate data protection controls can be applied. For example, if you store sensitive data in your S3 buckets, then you can classify such objects with the help of object tagging.
b. Encryption/Tokenization
Encryption transforms the sensitive content into a form that is unreadable to the hacker without the secret key (the reverse process is decryption).
Tokenization defines a token to represent a sensitive piece of information.
A Deep Dive into AWS Encryption Services
c. Secure data at rest
Amazon EBS
Amazon Glacier:
Data encryption at rest for Amazon Glacier
d. Secure data in transit
How do you protect your data in transit?
Protecting data in transit with encryption
AWS Certificate Manager
e. Backup/replicate/recover your data
Amazon S3
Domain 4: Design Cost-optimized Architectures – 18%
4.1 Identify Cost-effective Storage Solutions
Determine the most cost-effective data storage options based on requirements
Cost-effective data management
Manage, analyze, & reduce storage costs
Optimizing storage costs using Amazon S3
5 Ways to reduce data storage costs using S3 Storage Lens
Apply automated processes to ensure that data over time is stored on storage tiers that minimize costs
S3 intelligent-tiering storage class
Amazon S3 intelligent-tiering automates storage cost savings
Intelligent-tiering adds automatic archiving
Cost optimization with S3 intelligent tiering
Cost-effective techniques for other AWS services
AWS storage optimization whitepaper
Amazon S3
Amazon Elastic Block Store
4.2 Identify Cost-effective Compute and Database Services
Determine the most cost-effective Amazon EC2 billing options for each aspect of the workload
Understand Amazon EC2 instance-hours billing
Per-second billing for EC2 instances & EBS volumes
Billing management and cost control
Determine the most cost-effective database options based on requirements
Reduce database cost when you migrate to the cloud
Amazon RDS
Amazon Aurora
Amazon Redshift
Amazon DynamoDB
Select appropriate scaling strategies from a cost perspective
Optimizing costs as you scale on AWS
Optimize costs with Auto Scaling
Performance and cost optimization at any scale
Select and size compute resources that are optimally suited for the workload
Provisioning instances to match workloads
Determine options to minimize total cost of ownership (TCO) through managed services and serverless architectures
TCO & cost optimization: Best practices for managing usage on AWS
Reduce TCO for your Linux file-based apps
Modernization your apps, and reduce TCO
Determine the TCO of serverless technologies
4.3 Design Cost-optimized Network Architectures
Identify when content delivery can be used to reduce costs
How to reduce Amazon Cloudfront costs?
Reduce data transfer costs with CloudFront
Reduce Amazon Cloudfront costs
Determine strategies to reduce data transfer costs within AWS
Use Cost Explorer to analyze data transfer costs
Reduce unexpected data transfer costs
Solving hidden network transfer costs
Determine the most cost-effective connectivity options between AWS and on-premises environments
How to connect your data center to AWS?
Connect On-premises to AWS cloud
This brings us to the end of the AWS Solutions Architect [Associate] (SOA-C02) Exam Preparation Study Guide
What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!
In case you are preparing for other AWS certification exams, check out the AWS study guides for those exams.
Get Updates on AWS Certified Solutions Architect
Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.
7 Comments
Hi Ravi, Thanks for the big collection
Great
Regards,
Srihari
Welcome Srihari
sir can you provide latest update 2021 aws solution architect associate saa-c02 exam topics with links please
your list of all aws solution architect exam topics content is
good only one query this complete syllabus of aws in 2021 also
this only
Not sure I understood your question well.
But this is all topics related to AWS Certified SAA
Awesome! Very well captured data! I was searching for one such curated lists and found this very useful. Kudos to your efforts! Very helpful for all the people who want to learn and prepare for AWS Exams.
Thanks Vikram