#2 How to clear AWS Solutions Architect Associate Associate Exam – SAA C02

This article will give you steps required to clear AWS Solution Architect Associate. It also includes some random notes I have taken during my study.

technology, information, digital

Tips for the course- AWS Solutions Architect Associate 

Take detailed notes and build an organized study guide.

  • Use a Online course and download the lectures for offline listening. Play lectures and summaries over again while doing things like driving or walking your dog. My prep strategy involved a lot of daily immersion, like this.
  • Do not skip the hands-on labs. In my opinion, using AWS is the best way to learn AWS and become AWS Solutions Architect. This will really help internalize the content from the lectures.
aws solutions architect
AWS Solutions Architect

Strategy and Important Links

  1. Complete Stephane Maarek course giving enough time to hands-on ( AWS Solutions Architect Associate )
  2. Give a practice test at end of the course and assess yourself on weak areas
  3. Identify weak areas and refer to the below link to clear your doubts ( AWS Solutions Architect Associate )
  4. Finally, give the below AWS Solutions Architect Associate practice test from Neal Davis and keep on giving until you start scoring more than 80%

Snapshots of Services – Required for quick revision before AWS Solutions Architect Associate exam

  1. Spot fleet instance help to launch mix of on demand & spot instances. If instance need to manage auto scaling fleet is a choice.
  2. Elastic Fabric Adapter ~ high level of inter instance communication.
  3. WAF ~ block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic
  4. NACL ~ NACLs are not associated with instances. NACL denies all traffic both inbound and outbound by default. NACLs are the preferred option for blocking specific IPs or ranges vs Security Group. However WAF can be preferred if in choice
  5. Amazon S3 Transfer Acceleration ~ Can speed to & from transfer upto 50-500% from S3 for long distance & large object transfer.
  6. AWS Shield ~for DDOS attack.
  7. AWS Secrets Manager ~the service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
  8. AWS Key Management Service (KMS) ~create and manage cryptographic keys and control their use across a wide range of AWS services (Encrypt data in your applications).
  9. AWS Systems Manager Parameter Store ~Parameter Store =storage for configuration data management. Can store password but you have to manage rotation.
  10. CloudHSM– AWS CloudHSM is a cloud-based hardware security module (HSM) – easily generate and use your encryption keys. also an encryption service, not a secrets store.
  11. Kinesis Data Firehose ~ reliably load streaming data into data lakes, data stores, and analytics tools.
  12. Kinesis Data Streams ~ massively scalable and durable real-time data streaming service,=scale without limits via increasing the number of shards within a data stream (Kinesis Data Streams Fanout).
  13. Kinesis Data Analytics– Is the easiest way to analyze streaming data in real-time
  14. Amazon EMR – big data platform uses Hadoop.
  15. Transit Gateway~ Interconnect your VPC and on-premises networks. star network.
  16. VPN Gateway & VPN Connection & site-to-site VPN ~endpoint on the VPC side of your VPN connection [This is very important topic for AWS Solutions Architect exam].
  17. Private Link ~ AWS Private Link provides private connectivity between VPCs, AWS services, and on-premises applications, securely on the Amazon network (cross account communication).
  18. Resource Access manager ~ enables you to easily and securely share AWS resources with any AWS account or within your AWS Organization.
  19. Elastic Fabric Adapter (EFA)– is a network device that you can attach to your Amazon EC2 instance to accelerate High Performance Computing (HPC).
  20. “Elastic Network Adapter” – Elastic Network Adapter (ENA) devices support enhanced networking via single root I/O virtualization (SR-IOV) to provide high-performance networking capabilities.
  21. AWS Managed Microsoft AD – provides multiple ways to use Amazon Cloud Directory and Microsoft Active Directory (AD) with other AWS services. You can also configure a trust relationship between AWS Managed Microsoft AD in the AWS Cloud and your existing on-premises Microsoft AD.
  22. Snowball – transfer greater than 10 TB of data between your on-premises data centers and Amazon S3.
    1. AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. Snowmobile to migrate large datasets of 10PB or more in a single location.
  23. VPC sharing (part of Resource Access Manager) allows multiple AWS accounts to create their application resources such as EC2 instances, RDS databases, Redshift clusters, and Lambda functions, into shared and centrally managed Amazon Virtual Private Clouds (VPCs)..
  24. AWS Cloud Formation Stack Set extends the functionality of stacks by enabling you to create, update, or delete stacks across multiple accounts and regions with a single operation.
  25. AWS Trusted Advisor is an online tool that draws upon best practices learned from AWS’s aggregated operational history of serving hundreds of thousands of AWS customers. ~ inspects your AWS environment and makes recommendations for saving money, improving system performance, or closing security gaps.
  26. File Gateway -> File gateway provides virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3. File gateway offers SMB or NFS-based access to data in Amazon S3.
  27. VOLUME GATEWAY ~block-based volumes, Block storage – iSCSI based, gateway-cached and gateway-stored modes [You will get 5-6 solid questions in AWS Solutions Architect exam on this topic].
  28. AWS Step Functions –-> AWS Step Functions lets you coordinate and orchestrate multiple AWS services such as AWS Lambda and AWS Glue into server less workflows.
  29. LightSail –> easy-to-use cloud platform that offers you everything needed to build an application or website, plus a cost-effective, monthly plan.
  30. VPN Cloud Hub –> Linked remote offices for backup. Need internet connection.
  31. Data Sync -> AWS Data Sync is an online data transfer service that simplifies, automates, and accelerates copying large amounts of data to and from AWS storage services over the internet or AWS Direct Connect.
  32. AWS CONFIG -> AWS resource inventory, configuration history, and configuration change notifications to enable security and governance.
  33. Pilot Light –> describe a DR scenario in which a minimal version of an environment is always running in the cloud.
  34. Service control policies (SCPs) –> are one type of policy that you can use to manage your organization. central control over the maximum available permissions for all accounts in your organization.
  35. IAM Permission Boundary--> Support for IAM entities (users or roles)..
  36. S3 Glacier Vault–> A vault is a container for storing archives.
  37. S3 Glacier Vault Lock –> allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy.
  38. AWS STORAGE GATEWAY –> hybrid storage between on-premises environments and the AWS Cloud. File Gateway :: NFS,SMB , Volume Gateway (Stored for asynchronous replication, cached for frequent access) ::iSCSI, Tape Gateway :: ISCSI( tape library existing backup).
  39. Amazon DynamoDB and Amazon S3 support –> gateway endpoints ~ usages prefix lists in the route table to redirect traffic (security) |  using VPC endpoint policies.
  40. All other interface endpoint (powered by Private Link – means a private IP) ~ use DNS entries to redirect traffic | Secure using security group.
  41. Task Role–>   To specify permissions for a specific task on Amazon ECS you should use IAM Roles for Tasks.
  42. Cool down period –->  Is a configurable setting for your Auto Scaling group that helps to ensure that it doesn’t launch or terminate additional instances before the previous scaling activity takes effect
  43. AWS Global Accelerator –-> uses the vast, congestion-free AWS global network to route TCP and UDP traffic to a healthy application endpoint in the closest AWS Region to the user.
  44. Virtual Private Gateway--> VPG is used to setup an AWS VPN which you can use in combination with Direct Connect to encrypt all data that traverses the Direct Connect link.
  45. Amazon Redshift Enhanced VPC Routing —> provides VPC resource access to Redshift.
  46. VPC Endpoints –> enable to privately connect your VPC to support AWS services & VPC endpoint services powered by Private Link (without IGW,NAT, VPN connection or Direct connection). Also, this configuration uses a NLB and can be fault-tolerant by configuring multiple subnets.
  47. Always assign IAM roles to the EC2 instance to ensure secure access to AWS resources from EC2 instance.
  48. Always need to keep NAT gateway on public subnet only because it needs to communicate the internet.
  49. Amazon Kinesis makes it easy to collect , process & analyze real time streaming data.. Can ingest Realtime data, video, audio , application log, website clickstream, IOT telemetry data for machine learning, analytics and other applications.
  50. Amazon ECS – use case Microservices & batch jobs.
  51. Beanstalk –> AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. Elastic beanstalk support the deployment of web application from docker container.
  52. Fargate Launch Type –> The Fargate launch type allows you to run your containerized applications without the need to provision and manage the backend infrastructure. Just register your task definition and Fargate launches the container for you.
  53. Cloud Formation – infrastructure as a code. Automate whole infrastructure.
  54. SSE-S3 –> Amazon S3 manages the data & master encryption key.
  55. SSE-C –> you manages the key.
  56. SSE-KMS –> AWS manages data key but you manage master key in AWS KMS.
  57. S3 select vs Athena.
  58. Amazon DynamoDB global tables provide a fully managed solution for deploying a multi-region, multi-master database and provides an active-active configuration .
  59. Amazon Aurora Global Database provides read access to a database in multiple regions – it does not provide active-active configuration with bi-directional synchronization

View acclaim for AWS Solution Architect Associate exam

Awadhesh Dwivedi and Ashish Singal

Conclusion

These are very simple steps but require your full and steady dedication to clear AWS Solutions Architect Associate exam. If you can follow regularly, you can clear AWS Solutions Architect Associate exam within couple of month’s time.

Learn more on AWS Solutions Architect at explore on Teknonauts.

Leave a Reply

Your email address will not be published. Required fields are marked *