Cloudreach have been working with Amazon Web Services (AWS) for 9 years, and during this time we’ve grown to over 600 people and have more than 500 AWS certs between us.
“Promote personal growth” is one of Cloudreach’s core values and as such we strongly encourage everyone in the business, from Project Managers to Sales, to take certifications and courses to improve themselves. As such, I recently took the AWS Solutions Architect Professional Exam to attempt to fill a few gaps in my AWS knowledge.
Whilst studying for the exam I found a number of useful online resources and received some valuable advice from fellow Cloudreachers that I thought might be worth sharing – hence writing this blog post.
What does the exam cover?
Where the SA Associate exam gives you a basic understanding of AWS and ensures you have the prerequisite knowledge to use AWS on a daily basis, the Professional exam assumes you are architecting large enterprise scale solutions on AWS.
For the Solutions Architect Professional exam, experience delivering projects on AWS is a must. It is not possible to just memorise lots of AWS specific facts as you could for the Associate exam – a true, deep understanding of good practices on the platform is required.
- A Cloud Guru – no blog post about the SA Pro exam would be complete without a reference to the course from A Cloud Guru – it gives a high level understanding of the exam. It covers about 80% of the topics you need, to 50% of the depth you need to know – it misses in depth sections on Elasticache, DynamoDB, Redshift and SQS.
- AWS Sample Questions – AWS provide 6 example questions which are useful to review once you’ve covered all the base material, these questions will give you a good feel for how well you know the topics.
- AWS Practice Exam – There is a $40 AWS practice exam (though if you’ve passed any other AWS exam you’ll have a voucher for a free exam in the certification portal). This practice exam is harder than the actual exam – many colleagues get about 10% less on this than the actual exam despite taking it the night before the real thing. The practice exam is useful to get used to how the questions are structured and how much time you have per question in the exam.
- AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availability (GPST401) – useful for understanding networking on AWS.
- AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402) – to get a true understanding of Direct Connect.
- A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013– a deep dive on how VPCs and networking in AWS works.
- AWS re:Invent 2016: Another Day, Another Billion Packets (NET401) – another deep dive on VPCs and networking in AWS.
- Whiz Labs – Solution Architect Professional Practice tests – useful to target your study on the topics you don’t understand and to hone your exam technique.
- Linux Academy – covers similar topics to the A Cloud Guru course – but in much more depth, the material helps you to understand the topics rather than just memorise them.
Read the Security Whitepaper to understand security best practices on AWS.
- Topics worth reviewing for “easy marks”:
- Elastic Beanstalk (always 2 or three questions on the exam)
- Opsworks (rarely used it in production but gets you some easy marks)
- Cloudfront (there are always 4+ questions relating to Cloudfront).
- Useful Things to remember in the exam:
- For IAM –
- Always pick an IAM Role to assign rights over creating multiple users (think about the scalability to hundreds or thousands of accounts)
- Mobile app IAM – always use Web Federation to make your application assume a role
- On premise use your SAML compliant LDAP/AD.
- SQS to reduce write throughput on database or decouple application services.
- Learn what IDS/IPS do and how these functionalities can be implemented in AWS.
- Think about DDOS mitigation – how would you reduce the attack surface area or build your own WAF?
- Datastores: understand which is the right service to use to store and access data from multiple point of view: performance, cost, availability – cheap doesn’t necessarily mean wrong.
- Cost efficient workloads: when can SPOT instances be used to deliver a cost efficient infrastructure – think about EC2 Autoscaling Groups and EMR clusters.
- In the current exam – post-2014 AWS technologies aren’t included. Bear this in mind when answering questions and revising.
- For IAM –
- Remove incorrect answers first: All questions are multiple choice, some with multiple answers, often it is easier to discount a couple of answers first – and the pick from the ones left.
- Draw an answer grid – In a similar vein, a fellow Cloudreacher recommends “draw up an answer grid to help you cross off bad answers. This helps rule out obviously wrong answers, and makes reviewing questions quicker at the end. Some questions don’t need this, so just use it when it’s helpful.”
My key was:
✓ This is the (an) answer
X This is definitely wrong
L Seems legit – need to read the rest
? Not sure
- Marking questions for review – only mark items for review if you’re stuck on picking between two possible answers – if you’re pretty certain, certain or just guessing it’s highly unlikely that a review will help.
- Break down the question: If it’s a pick 2 or 3 answers type question there’ll probably be 2 or 3 requirement statements in the question – so break them down and it’ll be much easier and less overwhelming.
Are you ready?
- Can you describe how to migrate applications to AWS from on premise?
- Can you design IAM access for on premise or Web Federated user access?
- How would you mitigate a DDOS attack against your AWS environment?
- In an enterprise environment – when and how would Direct connect be used?
- How would you design a new application to be used at scale on AWS?
I hope this helps you prepare for your AWS Solutions Architect Professional Exam, if you found this guide useful you might like to take a look at our other exam resources on the cloudreach blog.