Great success!!! I have recently made it official, I obtained the AWS Solutions Architect Associate Certification by passing the SAA-C01 exam!
Resources Used for Studying
Okay so how did I do it? Before my studying for this certification began, I have been using AWS professionally for roughly two years prior. However if I had gone and taken the exam with my two years of experience, I would have failed miserably. The SAA-C01 exam will test you on a wide range of AWS services such as Route 53, CloudFront, WAF, EC2, Elastic Load Balancers, S3, RDS, Lambda, VPC and SQS. I only used a small number of those services regularly; I knew nothing about WAF, Lambda and SQS...
I began my studies by watching Ryan Kroonenburg's videos on A Cloud Guru. A Cloud Guru has the best video series for the SAA-C01. Ryan kept his videos concise and models his lessons on the topics covered in the exam. After each chapter I took his mini quizzes which primed my mind in getting familiar with how AWS words their exams. You need to be adept in picking out keywords! On your exam, AWS may ask you "which solution allows you store files and videos with the least amount of cost?", all four options will allow you to store files, but only one will be ideal in terms cost. Keep in mind that A Cloud Guru's quizzes are very challenging. In my honest opinion their quizzes were more challenging than the actual certification exam. I only managed a 70% on A Cloud Guru, mock exam and this was after multiple attempts. So if you're getting 60-70% don't panic, you know more than you know.
The next resource I used to learn was a recommendation from Mike. It was the AWS Certified Solutions Architect Associate All-in-One Exam Guide by Joyjeet Banerjee. I didn't read this book cover to cover and you should not either! If you do you'll be wasting a lot of time. I used this book to supplement topics, I did poorly on A Cloud Guru's quizzes also this book comes with a large number of practice exams you can take. These quizzes are easier than A Cloud Guru's and are on the same level of difficulty as the actual exam. Use this book as a reference material on topics that are not covered in depth on A Cloud Guru's videos.
Lastly I went through AWS Well-Architected Framework Whitepaper. Make sure you are aware of the high level concepts and what AWS can offer to an organization by shifting to the cloud. Understand the five pillars:
- Operational Excellence
- Performance Efficiency
- Cost Optimization
That does not mean you have to memorize the entire whitepaper! I just skimmed through this but paid close attention to the first five pages.
• 65 questions
• 130 Minutes
The exam is scenario based which means they give you a scenario and you have to decide the best way to implement an AWS service. For example:
You're a solutions architect looking to implement the least expensive storage solution for files that are not accessed after 30 days but are needed for audit purposes. Which solution would you choose?
Notice how it doesn't ask you to pick and choose the correct definition of each service. Also the keywords in this question are least expensive and not accessed after 30 days. These are keywords because it's asking you for a specific AWS resource that is the least expensive and are not critical to have at a minute's notice. Looking at the available answers, EC2 can be crossed off the list since it is not a storage solution, S3 maybe correct since it is a storage solution, but let's looks at the other options before deciding. EFS is another storage solution but needs EC2 instances to be accessible since it is a network file share and the question never mentioned the that the storage solution needed to be shared among EC2 instances. Finally there is Glacier, it's a storage solution like S3 and does not need EC2 to be accessible. Also Glacier's whole premise is to be an inexpensive storage solution for data archiving. It's not as fast as S3, but ideal if your data is not critical to have at the very minute. That is how all of the questions will be structured.
Ideally you should only be spending two minutes per question. If you're stumped, flag the question and move on. Most of the answer choices will have two painfully obvious wrong answers, if you can narrow down your choices to two, you greatly increase your chances of picking the correct answer.
Domain 1: Design Resilient Architectures 34%
Domain 2: Define Performant Architectures 24%
Domain 3: Specify Secure Applications and Architectures 26%
Domain 4: Design Cost-Optimized Architectures 10%
Domain 5: Define Operationally Excellent Architectures 6%
AWS will test you on the five domains above. However this does not explain which services you will be tested on.
Here is my break down and what you should focus on your studies
I had numerous questions regarding EC2 instances and auto-scaling. Understand how security groups work. Elastic Load Balancing and auto-scaling, make sure you know when to use either or.
Databases have always been my weakness, but the exam doesn't go into too much detail with these. So you don't have to worry about creating a JOIN statement. Brush up on the available database engines and how multi-AZ functions.
S3 was referenced on my exam numerous times. What is important to know are the different types of S3 storage classes and when to use them. If a question ask for high durability, but is not accessed occasionally; choose S3 IA! If you want an EC2 instance to use a file in S3 securely, choose roles as a security measure.
D. IAM/Identity Management
I didn't get alot of these questions but there were some I did get that revolved around identity federation. AWS supports SAML and if users what to authenticate to access the AWS console they will have to authenticate on their organization's AD before being allowed to access the AWS console. If your organization has a web app that you want to users to authenticate with their AD credentials for access use Cognito.
Security is huge during the exam, a large number of my questions had security built into it. It is important to know the concept of role-based access to AWS resources. NACL vs Security Groups, know the differences well! NACL are on the VPC level and are stateless, security groups are on the instance level and are stateful.
Another big topic is VPC, specifically availability zones (subnets).Remember that one AZ is one subnet. If you need a host to grab updates from the web or external to your VPC, but don't want anyone initiating communication from the public internet – use a NAT gateway. You can technically use a NAT instance, but it's not AWS best practice to do so, always choose NAT gateway!
Of course AWS would put their very first service on the exam! Thankfully there were not a lot of questions on this service, I probably got one or two. The important item to know from this is that it allows you to decouple your application so that your fleet of EC2 instances can consume the messages as soon as one becomes available.
H. Route 53
I didn't have to many questions on these, but know at the high level what this service does (DNS). Remember the different types of routing options! Know the differences between geoproximity and geolocation.