AWS Solution Architect Associate exam & tips 2020 SAA02
My background: I am a software architect for google cloud platform, this was my first opportunity to do a cross-cloud certification and i wanted to try out on AWS, my AWS experience is very limited to mostly EC2. I don’t really work with storage and networking solutions. Most of the stuff I learned getting ready for the exam is new to me, also associating the products provided by AWS to the GCP counterpart, however due to the product catalog of AWS is much more massive quite amount of products are not available.
Courses and Preparation
Being an experienced cloud architect (GCP based) like myself i didn’t made too much preparation on this exam, however i felt i was lucky being able to pass after taking it once only as the questions were really quite challenging and the broad range or products makes you think twice when you are selecting the options available. My preparation were:-
- acloud guru
- Sample practice exams available
- AWS Certified Solutions Architect Official Study Guide
Exam Tips:
Look for keywords — Each question contains keywords and small details that are giveaways, and serves to help you identify incorrect choices. Associate keywords with services. For example, if the question asks you about utilising Chef and Puppet, the answer is always AWS OpsWork.
> Serverless: Know key services well — Understand how serverless architectures using API gateway, Lambda functions work. Know the usage SQS, SNS & SWF.
> VPC & networking components are very important — Questions around VPC mostly revolve around picking the right type of architecture. How many subnets to register, where to place the client facing application, what type of instance to use for a bastion host, how to allow two VPC’s to communicate, how to allow one way communication between the private subnet and the internet.
> private subnet, The bastion host & security group differences and how to only allows inbound SSH traffic over a specific ip range, and outbound SSH traffic to the security group of the primary/master database instance.
How would the client be able to communicate with the frontend application, if its behind the private subnet? The answer is: having a load balancer in the public subnet, that serves traffic to the frontend application. Don’t forget to set up the security groups appropriately
> Storage Solutions which one to use and each of it comes with very straightforward strengths and weaknesses:
- S3 is the most used AWS service, because it’s the most easiest, straightforward, and cost effective storage solution. It’s scalable, durable, and available, all out of the box.
- EBS can be thought of as a virtual hard drive that works in conjunction with EC2. This already adds an extra layer of complexity, compared to S3, as we require EC2 to use an EBS volume. Unlike S3, EBS is block level storage, able to store operating systems and complex web applications, and can be combined in RAID configurations.
- RAID 0 allows you to stack EBS volumes in a “rack,” that dramatically boosts performance by combining the throughput and IOP performance, but provides a single point of failure (if one volume goes down, the whole rack goes down).
- RAID 1 allows EBS volumes to mirror each other, increasing fault tolerance for the sake of performance.
- Storage Gateway allows on premise networks and applications to use AWS storage, without needing to migrate over to AWS. Storage Gateway comes in three different flavours: File Gateway (NFS) for file systems, Stored Volumes & Cached volumes for block storage. Each one is distinctly different.
Security Practices -
Never store credentials on an EC2 instance — This should be obvious. But what’s the alternative?
> Understand the shared responsibility model — What AWS is responsible for, and what the customer is responsible for.
> Protect S3 data with versioning and enabling MFA — best practice to avoid unwanted deletes of objects in S3.
> S3 encryption, at rest and transit — Understand the various encryption services and their differences. The exam will question you on which encryption method is best, if the user wants to maintain their own keys. If the user wants to maintain their own key, but wants to encrypt the data in transit, use SSE-C, which requires HTTPS to upload objects.
Conclusion
The solutions architect exam focuses on concepts and designs. In terms of cloud knowledge as a cross cert, I feel that you would always gain alot of new knowledge .You can start with any certificate you want. SAA is just my personal preference. Hope the picture below could help you to decide which certificate suit your level of knowledge.
Badge Link: https://www.youracclaim.com/earner/earned/badge/829c95ee-dd77-4312-8969-34e15fc7418b
