How to Crush the AWS Solutions Architect Associate Exam in 2024
On January 7th, 2024 I decided to sit the AWS Solutions Architect — Associate exam (SAA-C03). I wanted to take it because I believe that 1) Cloud providers such as AWS, Azure, and GCP aren’t going anywhere and 2) Having an in-depth knowledge of either of the 3 providers will transfer to the others with some slight variations on services and offerings. I chose AWS as the offering of choice because they have a larger market share than the other two. If you, like me, decide that you’re ready to tackle the exam I have here some thoughts and recommendations of study to prepare you for the journey.
High-Level Thoughts
I would start by recommending to study for this exam before you study for the CCP, Certified Cloud Practitioner exam. You really don’t even need to study directly for the CCP. The CCP is the most basic, entry-level exam that AWS offers, and if you study well enough for the Solutions Architect exam you will cover all of the information required to pass the CCP. Granted I would STILL recommend sitting for the CCP BEFORE taking the SAA. The reason I would is because you can sometimes find discounts for the Cloud Practitioner Exam. I had a promo for a 2–1 test which means if I failed the CCP exam I could take a retest for free. That would allow you to have two tries at receiving the certification, and upon receipt, you will get a 50% for the next exam, i.e. the SAA. So if you spent $100 on the CCP, then the SAA would be $75 with the 50% off coupon which would mean you would have 2 certifications for $175 (assuming you passed both of them) rather than 1 certification for $150 (the price of the associate level certifications are $150).
Before Exam Day
Get sleep, eat a meal that won’t make you drowsy, and relax. Drink water (but not so much that you’ll want to get up and use the restroom during the test). During the test look for any keywords and obviously incorrect answers. You can typically narrow down two answers that seem correct enough.
Exam Content
Security + Monitoring
IAM is foundational. Know what an IAM user as well as a IAM Group. Learn what an IAM Role is and why a service may use it. Learn about AWS’s policies and how to manipulate and create a policy. Think about security and the principle of least privilege.
Study the differences between Cloud Watch (logs), AWS Shield (think DDoS attacks as being arrows and they shield against it), AWS GuardDuty, AWS WAF (Web Application Firewall), and CloudTrail — what it does and how it’s different from CloudWatch. Global vs regional services.
Computing
Study EC2 religiously. Don’t get caught up in the weeds with names like ‘t2micro’ but keep in mind what prefixes are used since they are important. Security (restricting access, SSH).Instance Reservations- learn how they work and why you may use them but also how you may not want to rely on them. Learn about how Lambda and server-less architecture works. Understand how Billing works in AWS, some services are billed per minute, some per second, etc. Study what a micro-service is and what products will allow you to make one. Learn the differences between EC2 and Elastic Beanstalk. Learn what a managed vs unmanaged package is and then what AWS is responsible for rather than what you are responsible for. There is a neat shared responsibility model AWS provides. Learn it through and through (Very important if you take the CCP) (https://aws.amazon.com/compliance/shared-responsibility-model/).
Storage
Focus on comprehending the distinctive features of the varied storage services available within AWS (there are a lot), namely EBS, Instance Store, EFS, and S3. S3 is typically a good default for when you use AWS. It is an object storage service that stores data as objects {} within buckets. EFS is a Network File System for Linux-based devices. EBS is Block storage and persistent if an Instance is deleted, yet attached to a SINGLE instance (typically, for CCP its a single instance attachment). Understand what Latency, Throughput, IOPS, and Highly Available means. A good practice with S3 would be hosting a static website.
Networking
Coming from a Web Development background this was 100% not my territory but it is ESSENTIAL to learn about if you are doing real-world application of the concepts you will be learning. Learn what a VPC is and how Subnets work (as well as CIDR, Subnets, Routes, Route Tables, Gateway, Endpoints & VPC peering). Learn about availability zones (https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) and regional availability. Some services are global, some aren’t, learn these.
I cannot understate the importance of learning what makes the Application Load Balancer (ALB) different than the Network Load Balancer (NLB). If you see HTTP/HTTPS then default towards ALB (OSI-Layer 7). NLB is more-so OSI-Layer 4. Knowing this distinction is crucial. You should understand NAT instances and NAT Gateways, what they are, and when to use them. You should understand the Internet Gateway versus NAT Gateways and when to use them (THEY ARE DIFFERENT).
Learn about IP Subnetting a NACL is. Can a NACL be used to restrict or only give access? What are NACL Defaults and what is an SG?
How can Route 53 be used to achieve global highly available infrastructure? Learn the features of Route53 and DNS. How does it really work? What does a TTL do? (think James Bond).
Databases
Study the full suite of AWS Databases. DynamoDB, RDS, Aurora, Redshift, the different situations where they’re used. The SQL vs NOSQL ones.
RDS- Relational i.e. -> SQL, Think MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server.
Amazon Aurora -> MySQL/ PostgreSQL on steroids. Highly performant and used for mission-critical scenarios.
DynamoDB -> NoSQL
DocumentDB -> think MongoDB
Redshift -> Data Warehouse, fully managed by AWS
Neptune -> Graph database (like a social network)
ElastiCache -> Fully managed cache store
Understand IOPS as a concept — how are IOPS impacted at a DB level?
Educate yourself on the different use cases of these as well as everything to do with S3.
Encryption
Get to know the differences between Symmetric and Asymmetric Encryption. Understand how PKI (Public Key Infrastructure) works, including public/private keys.
Explore different encryption methods available in Amazon S3, such as SSE-C, SSE-S3, and SSE-KMS. Learn when to use each and why. Look out for the extra features that come with KMS.
Find out about Envelope Encryption and where it’s used across AWS services such as RDS, S3, and EBS. Figure out what a CMK (Customer Master Key) is and its role in encryption.
Learn about Key Rotation and why it’s important for security.
Content Delivery
What is a CDN? What is an edge location and what is Cloudfront and how does it work?
Architecture + Integrations
For regional high availability and self-healing, think about the load balancers: ELBs/ALBs. They distribute traffic across instances, ensuring continuity even if one fails.
Decoupling with SQS is crucial for scalability. FIFO vs. non-FIFO depends on your needs, while long and short polling will affect visibility.
DynamoDB streams trigger real-time actions, while Kinesis handles large data streams (such as video data), integrating well with other AWS products. Choose SQS for simple messaging(Literally named Simple Queue Service) and Kinesis (Think of kinetic energy being active and moving, like a video) for heavy data streams.
Final Words
AWS has over 200 different services. Some do wild things such as text-to-speech or parse through string data. There is also a palm reading service that can create a signature with your palm. Amazon Rekognition can even recognize a person on a video. Some of these quirky services will be featured on the SAA. This article was meant to be a teaser into what to expect and hopefully shed some light on certain keywords. The full exam guide is here.
For study, I personally used Adrian Cantrill’s course for the SAA. It sits in at a whopping 50+ hours but if you’re planning on actually UNDERSTANDING the concepts and using them, I cannot recommend him more. He is by far the best I’ve seen about truly imparting the information. I heard that Jon Bonso has several practice tests that are really good but I personally can’t vouch for them for I haven’t used them.
Other than those I also read the book AWS In Action in its entirety. This really helped with seeing it in action. Cantrill and the book offered tutorials that if you follow will give you practical hands-on experience while studying. I also completed the free portion of AWS Cloud Quest to get a discount code for the CCP.
