The number of courses and content that is available to study for one of the most popular exams: AWS Certified Solutions Architect Associate (SAA) can be overwhelming.
For this AWS Solutions Architect Associate certification exam guide, I’ve reviewed all the information that’s relevant to this course and curated the content for you so you can focus on learning instead of finding the right study materials.
By following this guide you should get prepared to successfully pass the exam on the first attempt!
So let’s get started! Here are the detailed steps to help you pass the AWS Solutions Architect Associate exam [SAA-C02].
Table of Contents
Who should take the AWS Certified Solutions Architect Associate exam?
This AWS solutions architect certification exam is intended for people who want to become an AWS Solutions Architect and have one or more years of hands-on experience designing highly available, cost-efficient, fault-tolerant, and scalable distributed systems on AWS.
You’re required to be familiar with the AWS terminology and with the most commonly used AWS Services.
AWS recommends you have the following experience and knowledge before attending the SAA exam:
- Hands-on experience using compute, networking, storage, and database AWS services
- Hands-on experience with AWS deployment and management services
- Ability to identify and define technical requirements for an AWS-based application
- Ability to identify which AWS services meet a given technical requirement
- Knowledge of recommended best practices for building secure and reliable applications on the AWS platform
- Understand the basic architectural principles of building on the AWS Cloud
- Knowledge of security features and tools that AWS provides and how they relate to traditional on-premise services
How to prepare for your exam
In order to prepare for the SAA-C02 exam, I’ve written technical notes that I made when I studied for the exam. These contain key takeaways which highlight important details from AWS services that are covered on the exam.
At last, I’ll be sharing my favorite AWS Solutions Architect study material list which only contains high-quality resources to help you study efficiently.
If you’re looking to prepare even more, then have a look at the guide that I wrote for the AWS Cloud Practitioner exam. This guide contains the AWS Cloud fundamentals and is definitely worth reading as it can boost you a bit more for the preparation for the SAA exam.
Exam overview
This is what you can expect when you schedule the AWS Certified Solutions Architect Associate exam:
- 65 multiple-choice questions
- You have 130 minutes to complete the exam (Note: follow this advice to permanently receive 30 minutes extra time for your AWS exams)
- The exam costs $150,-
- The official practice exam costs $20
- The minimum passing score for this exam is 720 points
- The exam is available in English, Japanese, Korean, and Simplified Chinese.
Content outline
The content outline of the AWS Certified Solutions Architect Associate exam consists of 4 separate domains, each with its own weighting.
The table below lists the domains with their weightings:
Domain | % of exam |
---|---|
Domain 1: Design Resilient Architectures | 30% |
Domain 2: Design High-Performing Architectures | 28% |
Domain 3: Design Secure Applications and Architectures | 24% |
Domain 4: Design Cost-Optimized Architectures | 18% |
Total | 100% |
Further on in the guide, a more detailed explanation is added to each domain to give a better idea of what you should know.
Technical Preparation notes
The technical notes are a bundled package of dense information that helps you get insight into what technical services and details are being treated at the exams.
I’ve divided it into the domains that you’ll see at the exam.
Domain 1: Design Resilient Architectures
The first domain requires you to understand how to build effective architectures using fundamental AWS services like EC2, VPC, RDS, S3, etc. Best practices are important to know when building these architectures.
So it’s really important that you understand the AWS Well-Architected Framework.
EC2 Storage types
- Amazon Elastic Block Store (Amazon EBS) provides block-level storage volumes for use with Amazon EC2 instances. Three flavors: Magnetic, General purpose SSD, and provisioned IOPS SSD. Snapshots can be created and saved in S3.
- Ephemeral storage (legacy) is temporary storage for your EC2 instance. Good to use as a scratch disk, not storing data! Data will be removed after the instance shuts down.
- Elastic File System (EFS) is highly durable storage that can be shared with an EC2 instance (NFS protocol). A good use case for former stateful applications that need block storage but aren’t scalable yet. This provides a good solution to make your application scalable whilst keeping the data intact.
Amazon Simple Storage Service (S3)
S3 is object storage which is highly durable 99.999999999% with virtually unlimited capacity. It contains different storage classes:
- S3 standard
- S3 Intelligent-Tiering
- S3 Standard-Infrequent Access
- S3 One Zone-Infrequent Access
- S3 Glacier
- S3 Glacier Deep Archive
Design decoupling systems using AWS services
Decoupling components becomes important when you’re architecting in the cloud. Loose coupling isolates the layers and components of your application so that each component interacts asynchronously with the others.
This is necessary if you want to enable scalability and want your system to become stateless.
Elastic Load Balancer (ELB)
ELBs are a trivial part of high availability and scalability. It comes in 3 flavors:
Sources
Amazon EBS FAQs
EFS FAQs
S3 FAQs
AWS Storage Services whitepaper
Domain 2: Design High-Performing Architectures
The focus in the second domain lies in building resilient architectures that make use of Scalability and Elasticity.
You need to be able to understand the purpose of implementing Multi-AZ and Auto-Scaling to drive costs down and improve fault tolerance.
Amazon RDS
For relational databases, Amazon RDS is the appropriate fit. The perks of RDS is that it can scale vertically (larger instance type + increased storage). Use RDS if you need complex queries or complex transactions.
RDS database engines:
- Aurora
- PostgreSQL
- MySQL
- MariaDB
- Oracle
- MsSQL
RDS backup features:
- You can have up to 5 read replicas for MySQL and PostgreSQL
- You can have read replicas in different regions for MySQL only
- Replication is asynchronous only
- Read replicas can be built off multi-az databases
- You can have read replicas of read replicas but only for MySQL and will further increase latency
- DB snapshots and automated backups cannot be taken off read replicas
- Synchronous replication is used for multi-az
DynamoDB
DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with scalability.
Use DynamoDB if you have applications that need consistent, single-digit millisecond latency at any scale, such as mobile, web, gaming, ad tech, IoT, and many other applications
DynamoDB provisioned throughput
- Eventual consistent reads (default)
- Consistency across all copies of data is usually reached within a second. Repeating a read after a short time should return the updated data (best read performance)
- Strongly consistent reads
- A strongly consistent read returns a result that reflects all writes that received a successful response prior to the read.
Elasticache
Amazon ElastiCache is a web service that makes it easy to set up, manage, and scale distributed in-memory cache environments in the cloud.
It allows you to improve the performance of applications and databases by offloading read-intensive requests to the in-memory stored cache of Elasticache. This improves the latency and throughput of your workloads.
Elasticache supports two engines: Redis & Memcached, here is a screenshot of the differences between both:
CloudFront
CloudFront is a global Content Delivery Network (CDN) that’s good for serving static content to the end-user through its global edge locations.
You can deliver videos, images, etc.. with the lowest latency and high transfer speeds.
Some of the key features of CloudFront:
- Caching content
- Compatible origins: S3, EC2 + on-prem servers, and ELB.
- DDOS mitigation (AWS Shield Standard and Advanced)
- Lambda@edge
The following example shows how you can cache WordPress static content that originates from an S3 bucket. Depending on the request header, in this example /wp-admin, CloudFront is able to send your request to the ELB.
Sources
- RDS FAQs
- DynamoDB FAQS
- DynamoDB core components
- Elasticache Redis vs. Memcached
- Cloudfront Developer Guide
Domain 3: Design Secure Applications and Architectures
For the third domain, you’re required to understand how to add security measures on four different levels: AWS resources, network-, application- and data layer.
The data layer can be distinguished into two parts, data in transit and data at rest.
For data, security encryption plays a primary role, and for networking it’s important to know access controls like Security groups, ACLs, etc.
Shared responsibility model
You should be familiar with the shared responsibility model, the diagram can be found in the security domain of the AWS Cloud Practitioner guide, Domain 2: Security
AWS Identity and Access Management (IAM)
IAM Identities:
- Users: That’s an entity you create in AWS that you can use to login to the AWS console or access APIs through the AWS CLI using Access keys.
- groups: That’s a collection of IAM users.
- Roles: This is an entity that can be assumed by another task, role, or person. It doesn’t need a password or access key. The policy assigned to it can decide who or what services get permission to do the actions which you described. Roles are always better to manage than IAM users.
- Policies: This is where you set the permission which gets assigned to a role or user, for example:
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": [
"s3:List*",
"s3:Get*"
],
"Resource": [
"arn:aws:s3:eu-west-1:123456789012:my_bucket",
"arn:aws:s3:eu-west-1:123456789012:my_bucket/*",
]
}
}
AWS Key Management Service
AWS KMS Allows you to encrypt data within your own application using keys you create and control. There are three types of keys:
- AWS Managed
- Customer Managed
- Customer Managed, imported key material
Key rotation for AWS managed keys:
- Rotates automatically every 3 years
- you cannot manage rotation yourself
- managed keys cannot be deleted
Key rotation for Customer Managed Keys (CMK):
- Once a year automatically (disabled by default)
- on-demand manually
- Create a new CMK and manually change your applications or aliases to use the new CMK
- You control the rotation frequency
- Keys can be deleted
Key rotation for imported key material:
- No automatic rotation
- You need to handle the rotation yourself
- Create a new CMK and update your applications to use the new CMK or key Alias
AWS CloudHSM
The AWS CloudHSM service is using dedicated Hardware Security Module (HSM) instances within the AWS cloud to encrypt and protect your data.
AWS VPC
This video gives a great walkthrough of the fundamentals of Amazon VPC. I highly recommend you watch it.
Sources
- AWS IAM Identities
- AWS IAM Permissions and Policies
- AWS Security Best Practices whitepaper
- AWS KMS best practices
- AWS CloudHSM
Domain 4: Design Cost-Optimized Architectures
In the last domain, you need to know how to build cost-efficient architectures with scalability and resiliency taken into consideration.
You also need to know how to select the right type of resource to effectively do the task at hand. And at last, it’s important to know how to optimize your network design to transfer data the most efficiently from on-premise to the Cloud.
Key takeaways summed up:
- Pricing is calculated based on Compute, Storage, and Data transfer.
- Know the EC2 pricing model for instances including types e.g. Compute-optimized, Memory-optimized, Storage-optimized, etc.
- You should know when to use reserved instances over on-demand or spot instances.
- Workloads that don’t need constant uptime can be changed to AWS Lambda for example
- Know which data storage service (EBS, S3, RDS) and class to use.
- Have a look at the pricing overview whitepaper below to see how prices are being calculated for the most used AWS services.
Source:
AWS Pricing overview whitepaper
AWS Certified Solutions Architect Associate Study material
I’ve divided this section into two parts. The first part contains reading material for people who like to study while reading. In the second part, I’ll provide the best videos that’ll help you prepare for the exam for visual learners.
AWS study guides
For reading enthusiasts, I definitely recommend the official AWS Certified Solutions Architect Study Guide: AWS Certified Solutions Architect Study Guide: Associate SAA-CO2 Exam.
Every topic in the exam is covered in this book and explained thoroughly. It contains hands-on exercises to get you practical experience in the AWS console + there are over hundreds of mock exam questions to help you prepare for the exam.
If you feel that you need some extra exam practice I suggest you get this book as well: AWS Certified Solutions Architect Practice Tests: Associate SAA-C01 Exam.
It contains over 1000 sample questions that give a good indication of what to expect on the real exam. The concepts that were added in the updated SAA-C02 exam are also added to the practice questions.
AWS courses
For the visual learner, I recommend the following free online course:
This course is developed by Andrew Brown and contains an information-dense course that’ll guide you through all the AWS services that will pop up at the exam and gives great explanations using slide decks, architecture diagrams, and AWS console walkthroughs.
The AWS Certified Solutions Architect Associate SAA-C02 course from a Cloud Guru is also great, but you have to purchase a monthly subscription if you want to access the content.
You’re now prepared to successfully pass the exam!
So if you’ve followed up with this guide, you should be fully prepared to pass this exam in one go.
To summarize what you’ve gone through; You know which topics and domains are covered in the exam. Studied the notes including the sources to get familiar with the AWS services that are covered in the exam.
Tested yourself with the example questions and went over the provided study material (split into reading and visual material).
If you enjoyed this AWS Solutions Architect Associate guide please consider sharing it!
AWS Certified Solutions Architect Associate exam – FAQ
Is the AWS Certified Solutions Architect Associate exam easy?
No, this AWS exam is not easy and is targeted toward technical people who are familiar and have at least 1 year of experience using AWS Cloud.
If you find that you’re relatively new to AWS and the technical side of it. I would recommend having a look at the free AWS learning resources blog post that will help you learn both Cloud and AWS fundamental knowledge.How long does it take to prepare for the AWS Certified Solutions Architect Associate certification?
This depends heavily on your learning style and your technical background.
It can take at least 40 to 50 hours to get fully prepared, this includes watching the videos, doing mock exams, reading the documentation, and whitepapers.I’m ready to do the AWS Certified Solutions Architect Associate exam, how do I schedule it?
I wrote a walkthrough on how to schedule the AWS Certification exam that covers the steps in detail. It also shows you how you can permanently request 30 minutes extra for every AWS certification exam.