In this post, I’ll discuss the subject areas and common questions types that you should know for AWS Certified Solutions-Associate exam. I’ve tried to curate a list of the most useful resources from my preparation of the test. I’ll also try to provide key points to remember for some of the less common AWS services. Please note that in each section, I’m listing the most important service components and question types; please do not consider them to be exam dumps.
AWS Services
For AWS exam, there are a few key services that you’d need to be completely comfortable with. For the test, the most important services are EC2, S3, VPC, RDS, DynamoDB, route 53, KMS and IAM. If you have a good understanding of these services, you should be confident to take the examination. I’d suggest to either puruse the official documents for each, or if you prefer video lectures, follow the Linux Academy course. I prefer the former, as you can study at a faster pace, and it is easier to eye ball the important information via text. In my experience, I’ve found the videos to be somewhat rambling and at times, focus is given on topics that were not important for the exam.
EC2:
This is the most important AWS service in the context of the examination. The question types will be around:
- Selecting instance family based on a use case.
- Designing a highly-available and/or fault tolerant system via EC2 instances.
- SSH/RDP requirements for EC2 (key files, permissions).
- When to use instance storage, EBS, EFS with EC2 and limitations of each service.
- Advantages and when to use Spot instances, reserved instances, on-demand instances, scheduled reserved instances.
- Access on instance metadata (remember the address: http://169.254.169.254/latest/meta-data/ )
- EC2 placement groups.
- Billing cycle: what is the cheapest option given a requirement?; what to do if you want to terminate reserved instances?; When should you use Spot instances?
- In ASG, how are instances terminated?
- Bootstrapping instances (user’s data).
- What is the use of EFS? (multiple EC2 instances need access to POSIX compliant storage concurrently)
- EBS types, limitations and usage (SSD-gp2, SSD-io1, HDD-st1, HDD-sc1).
I’d highly recommend you to go through these FAQs: EC2 FAQs and this EC2 cheatsheet for preparation. Also, go through the EBS FAQs and EBS cheatsheets. .
S3:
After EC2, S3 is a service which requires serious study and is heavily questioned in the exam. Broadly, you’ll be asked questions around:
- The difference, usage and advantages of S3 standard vs S3 standard-IA vs S3 one zone-IA vs Glacier vs Glacier Archive. You’d definitely have a question or two asking which service you’ll use based on the provided access pattern.
- Lifecycle management of data in S3.
- Methods of uploading data on S3.
- Encryption methods (extremely important to know the different types and differences in encryption: SSE-S3, SSE-C, SSE-KMS and client side encryption).
- Use of transfer acceleration.
- How to host a static website on S3 with cloudFront and secure the access?
- S3 public access, bucket policies, signed URLs, ACLs.
- Zonal and cross-region replication of data.
- Protection against deletes (MFA+versioning).
- Reasons of why you might be getting stale objects from S3.
For preparations, go through the S3 FAQs and the S3 cheatsheet.
VPC:
You’ll run in to VPC questions in combination with other services. Therefore, while you’ll not encounter only VPC specific questions, you’d have to know it quite well to pass the examination. Here are some of the watch points and features that you should be mindful about:
- Private and public subnets; how to carve a VPC; secure connections to on-premise data centers (VPN, Direct Connect).
- Know about CIDR and the five reserved IPs in AWS VPCs.
- Know when to use security groups over NACL and the ‘only’ use case you might encounter of using NACLs (blocking access to a specific IP/IP range).
- Use of security groups and common ports/protocols for SSH, RDP, HTTP and HTTPS.
- Bastion host and how to use it.
- Allowing SSH, RDP access.
- Use of NAT gateways vs NAT instances vs Internet Gateways and in which subnet (private or public) they are used with.
- Routing tables and routes required to provide Internet access.
- VPC peering and its limitations.
- Privatelink and VPC gateway endpoints (for private access of S3 and DynamoDB).
For VPC, read through the VPC FAQs.
RDS
For RDS, know the common use cases, go through the cheatsheet and FAQs. Also, be mindful about the following question types:
- Benefits and limitations of multi-AZ RDS instances.
- Parameter groups and their use in RDS.
- Instance failure protocol and switch over in multi-AZ RDS instances.
- Use, benefits and limitations of RDS read replicas.
- Use of IAM DB authentication.
DynamoDB:
For this exam, you should know when to use DynamoDB over RDS and Redshift. Look out for keywords like changes in schema, low latency response the patterns where it is the most suitable DB. In addition to that, go through the DynamoDB cheatsheet. In my test, I had a lot of questions about this service. Go through the following list and make sure that you know about the following key features:
- Use of DynamoDB stream and triggers based on it.
- When to use DynamoDB for user’s session data.
- Knowledge on partition keys, sort keys, local indexing, global indexing and DynamoDB best practices.
- When to use DynamoDB Accelerator (DAX).
- RCU, WCU and auto-scaling in DynamoDB.
IAM:
For IAM, start with this cheatsheet. Here are some of the service features that you should have knowledge of:
- The principle of least privilege.
- How to use IAM roles for temporary access and allowing AWS services to access each other.
- Methods of Web identity federation and limitations on the number of IAM users/groups.
- Creation and usage of access keys and when not to use them.
- Using IAM groups.
- Use of AWS STS (just what the temporary tokens are used for).
- Basics of linking accounts and consolidated billing.
- Use of SAML federation with Active directory.
Route 53 and autoscaling groups:
Route 53 and ASG are also quite important as a service and for preparation for examination. Here is the FAQ document for route 53 and the cheatsheet for Route 53. For autoscaling groups, refer to Autoscaling cheatsheet.
The service features to be mindful about are:
- Difference in latency based routing, geolocation routing, weighted routing and other routing policies in Route 53.
- Different record types in route 53 (A, AAAA, MX, CNAME,…).
- Knowledge of failover options.
- How to route traffic using Amazon Route 53 to a website that is hosted in an Amazon S3 Bucket?
- Scaling policies for Autoscaling groups (step scaling, scheduled scaling, simple scaling, target tracking scaling).
- When to use classic, network or application load balancer.
- Method used by ASG when scaling in (which instances are terminated).
- Use of cooldown period.
- When will you need a new launch configuration?
Additional documents, relevant cheatsheets and question types
Go through the SQS FAQ. Know how it decouple systems and be mindful about when a message is deleted from the queue. If you are familiar with cloud services, you can directly jump onto these cheatsheets to know about the exam specific information that you’ll need. If you find following any of these cheetsheats difficult, you can always revert to the AWS documents for the relevant services.
Services comparison
Please go through all of these selected articles that compare similar AWS services. You’ll encounter quite a few questions that can be tackled with the information provided in these comparisons.
- S3 vs EBS vs EFS
- S3 vs Glacier
- S3 standard vs standard-ia vs standard-one-zone-ia
- Security groups vs NACL
- SSD vs HDD
- Securely hosting S3 website through CloudFront
- SWF vs step functions vs SQS
- Cloudformation vs opsworks vs codedeploy
- Routing methods via Route 53
Online learning material
I cannot stress enough to prepare through these practice examinations: Jon Bonso’s practice tests. It provides excellent practice tests and detailed answers. My first attempt on test 1 was 49% without any preparation whatsoever(but of course), after which I quickly went through the Linux Academy course. With this, I re-attempted and got a dismal . So, I moved on to the documents that I’ve referred in this document and looked through the detailed answers provided in these exams. With that, I attempted Test 2 and repeated the same process for all the remaining tests with the following scores:
- Test 2(attempt one): 78%
- Test 3(attempt one): 75%
- Test 4(attempt one): 80%
- Test 5(attempt one): 78%
- Test 6(attempt one): 81%
After each test, I studied the explanations and links provided for all the questions. In the last two days, I re-attempted test1 to test 5 and got around 95%+ in all. Once you’ve taken these tests, take the extremely useful free Exam Readiness: AWS Certified Solutions Architect – Associate test. It will be sufficient to go through this instead of reading the whitepapers on the Well-Architected framework. With this preparation in place, I was able to score 978 out of 1000.