Amazon Web Services (AWS) are powering ahead of the competition and easily maintaining their lead and status as the premier provider of cloud computing services. Demand for skilled resources who can build applications in the cloud is increasing every day with a growing skills shortage that needs to be filled. With this growth in jobs, AWS Certification Training is becoming increasingly popular with certifications among the most valued in the industry.
Training and certification are a great way to get started in the cloud world and with typical salaries exceeding $100k p/a there has been a huge uptake in training in recent years. To get a job in a competitive market you need to be able to differentiate yourself and gaining several AWS certifications is a sensible way to get started.
Many aspiring cloud engineers will start their learning path by taking the AWS Certified Solutions Architect – Associate exam. Others will take the AWS Certified Cloud Practitioner exam first and then progress to this exam.
In this article, I want to explore the AWS Solutions Architect Associate Training path in more detail so you can get an idea of what to expect in the exam. I will discuss the recommended training, experience and practice that you should undertake before sitting the exam.
Ready to try out some practice questions? Try our free AWS Practice Test!
The AWS Exam Blueprint
This exam is within the Associate level in the AWS training program, and is recommended for individuals with a least one year of hands-on experience. The exam is intended for Solutions Architects and requires you to demonstrate knowledge of how to define a solution using architectural design principles based on customer requirements and provide implementation guidance based on best practices to the organization throughout the lifecycle of the project.
In the “AWS Certified Solutions Architect – Associate (Released February 2018) SAA-C01 Exam Guide”, the following AWS knowledge is recommended:
- One year of hands-on experience designing available, cost-efficient, fault-tolerant, and scalable distributed systems on AWS
- Hands-on experience using compute, networking, storage, and database AWS services
- Hands-on experience with AWS deployment and management services
- Ability to identify and define technical requirements for an AWS-based application
- Ability to identify which AWS services meet a given technical requirement
- Knowledge of recommended best practices for building secure and reliable applications on the AWS platform
- An understanding of the basic architectural principles of building on the AWS cloud
- An understanding of the AWS global infrastructure
- An understanding of network technologies as they relate to AWS
- An understanding of security features and tools that AWS provides and how they relate to traditional services
The exam includes 65 questions and has a time limit of 130 minutes. You need to score a minimum of 720 out of 1000 points to pass the exam.
The question format of the exam is multiple-choice (one correct response from four options) and multiple-response (two correct responses from five options).
Ever since the new exam format was released in February 2018, the questions are almost 100% scenario-based. Most scenarios are just a couple to a few lines long.
With many questions in the AWS Solutions Architect Associate exam, you will find there are multiple correct answers and you must select the answer that best fits the scenario. For instance, you may be asked to select the MOST secure, MOST cost-effective, BEST architecture, or LEAST complex option.
Important: be very careful reading the wording of the question to ensure you select correctly! Sometimes small details can be easily missed that change the answer so take your time when sitting the exam.
Domains, objectives and examples
The knowledge required is organized into five test “domains”. Within each test domain, there are several objectives that broadly describe the knowledge and experience expected to pass the exam.
Test Domain 1: Design Resilient Architectures
This domain makes up 34% of the exam and includes the following four objectives:
- 1.1 Choose reliable/resilient storage.
- 1.2 Determine how to design decoupling mechanisms using AWS services.
- 1.3 Determine how to design a multi-tier architecture solution.
- 1.4 Determine how to design high availability and/or fault-tolerant architectures.
What you need to know
You need to understand the various block, file and object storage technologies such as Amazon EBS, Instance Store, Amazon EFS and Amazon S3, and know their use cases.
You must be able to design multi-tier application architectures and know-how to decouple application components using technologies such as Amazon SQS and Amazon SWF.
The architectures also need to be highly available in the case of component failure, and able to recover in the case of major outages, so you need to know the various ways of implementing high availability and fault tolerance.
Technologies you need to understand include Amazon Elastic Load Balancing, Amazon Route 53, and Amazon RDS Read Replicas and Multi-AZ.
You also need to understand the AWS Global Infrastructure in order to determine how to design application stacks to best use the underlying infrastructure architecture.
Question: You are a Solutions Architect at a media company and you need to build an application stack that can receive customer comments from sporting events. The application is expected to receive significant load that could scale to millions of messages within a short space of time following high-profile matches.
As you are unsure of the load required for the database layer what is the most cost-effective way to ensure that the messages are not dropped?
- Use RDS Auto Scaling for the database layer which will automatically scale as required
- Create an SQS queue and modify the application to write to the SQS queue. Launch another application instance the polls the queue and writes messages to the database
- Write the data to an S3 bucket, configure RDS to poll the bucket for new messages
- Use DynamoDB and provision enough write capacity to handle the highest expected load
Answer: 2, Amazon Simple Queue Service (Amazon SQS) offers a reliable, highly-scalable, hosted queue for storing messages in transit between computers and is used for distributed/decoupled applications. This is a great use case for SQS as you don’t have to over-provision the database layer or worry about messages being dropped.
Question: A new Big Data application you are developing will use hundreds of EC2 instances to write data to a shared file system. The file system must be stored redundantly across multiple AZs within a region and allow the EC2 instances to concurrently access the file system. The required throughput is multiple GB per second.
From the options presented which storage solution can deliver these requirements?
- Amazon EBS using multiple volumes in a RAID 0 configuration
- Amazon S3
- Amazon EFS
- Amazon Storage Gateway
Answer: 3, Amazon EFS is the best solution as it is the only solution that is a file-level storage solution (not block/object-based), stores data redundantly across multiple AZs within a region and you can concurrently connect up to thousands of EC2 instances to a single filesystem.
Test Domain 2: Define Performant Architectures
This domain makes up 24% of the exam and includes the following three objectives:
- 2.1 Choose performant storage and databases.
- 2.2 Apply caching to improve performance.
- 2.3 Design solutions for elasticity and scalability.
What you need to know
You need to be able to select the best storage and database services to use for a given scenario, taking into account requirements for performance.
Technologies to increase performance may include a caching layer such as Amazon ElastiCache, Amazon DynamoDB DAX, or Amazon CloudFront and you must be able to select the best service to use in the situation presented.
You must know how to effectively implement elasticity and scalability to your application architectures. This means understanding at an architectural and implementation level what to use and how to build it.
Elasticity and scalability services you need to understand include AWS Auto Scaling, EC2 Auto Scaling, and how to implement these features at the application, storage, and database layers of your application using AWS technology.
Question: A developer is creating a solution for a real-time bidding application for a large retail company that allows users to bid on items of end-of-season clothing. The application is expected to be extremely popular and the back-end DynamoDB database may not perform as required.
How can the Solutions Architect enable in-memory read performance with microsecond response times for the DynamoDB database?
- Configure DynamoDB Auto Scaling
- Enable read replicas
- Increase the provisioned throughput
- Configure Amazon DAX
Answer: 4, Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second. You can enable DAX for a DynamoDB database with a few clicks.
Question: A Solutions Architect is designing a workload that requires a high-performance object-based storage system that must be shared with multiple Amazon EC2 instances.
Which AWS service delivers these requirements?
- Amazon S3
- Amazon EFS
- Amazon EBS
- Amazon ElastiCache
Answer: 1, Amazon S3 is an object-based storage system. Though object storage systems aren’t mounted and shared like filesystems or block-based storage systems, they can be shared by multiple instances as they allow concurrent access.
Test Domain 3: Specify Secure Applications and Architectures
This domain makes up 26% of the exam and includes the following three objectives:
- 3.1 Determine how to secure application tiers.
- 3.2 Determine how to secure data.
- 3.3 Define the networking infrastructure for a single VPC application.
What you need to know
You need to understand how to use native AWS technologies and solution architecture to create secure applications. This includes configuring security controls for authentication, authorization, and access and applying encryption to data.
You need to know how to design isolation and separation through AWS service architecture, Amazon EC2 instance deployment options and Amazon VPC configuration.
It is also recommended to understand the best practices for implementing services in the most secure manner and best practices for creating users, groups, and roles using AWS IAM. Which services can use multi-factor authentication is also required knowledge and you should understand the available AWS Directory Services at a high-level and when to use them.
Questions often come up asking you to identify which technologies include DDoS mitigation and these include AWS Auto Scaling, Amazon CloudFront, and Amazon Route 53.
You should also know how to implement monitoring and logging using Amazon CloudWatch and AWS CloudTrail, when and what penetration testing you are allowed to perform within the AWS cloud and what compliance programs AWS comply with.
Technologies you need to know for domain 3 include Amazon VPC, AWS KMS, AWS CloudHSM, AWS IAM, Amazon Cognito, and AWS Directory Services.
Question: The development team at your company have created a new mobile application that will be used by users to access confidential data. The developers have used Amazon Cognito for authentication, authorization, and user management. Due to the sensitivity of the data, there is a requirement to add another method of authentication in addition to a username and password.
You have been asked to recommend the best solution. What is your recommendation?
- Integrate IAM with a user pool in Cognito
- Enable multi-factor authentication (MFA) in IAM
- Integrate a third-party identity provider (IdP)
- Use multi-factor authentication (MFA) with a Cognito user pool
Answer: 4, You can use MFA with a Cognito user pool (not in IAM) and this satisfies the requirement. A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your web or mobile app through Amazon Cognito. Your users can also sign in through social identity providers like Facebook or Amazon, and through SAML identity providers.
Question: You have been asked to come up with a solution for providing single sign-on to existing staff in your company who manage on-premise web applications and now need access to the AWS management console to manage resources in the AWS cloud.
Which product combinations provide the best solution to achieve this requirement?
- Use your on-premise LDAP directory with IAM
- Use IAM and MFA
- Use the AWS Secure Token Service (STS) and SAML
- Use IAM and Amazon Cognito
Answer: 3, Single sign-on using federation allows users to log-in to the AWS console without assigning IAM credentials. The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (such as federated users from an on-premise directory). Federation (typically Active Directory) uses SAML 2.0 for authentication and grants temporary access based on the users’ AD credentials. The user does not need to be a user in IAM.
Test Domain 4: Design Cost-Optimized Architectures
This domain makes up 10% of the exam and includes the following two objectives:
- 4.1 Determine how to design cost-optimized storage.
- 4.2 Determine how to design cost-optimized compute.
What you need to know
A relatively small but still important area of the exam requires architects to consider cost-effectiveness when deploying application on AWS. You need to understand the various cost models of compute and storage services, what you pay for and what the best choices would be given a specific scenario.
Question: You need to run a production batch process quickly that will use several EC2 instances. The process cannot be interrupted and must be completed within a short time period.
What is likely to be the MOST cost-effective choice of EC2 instance type to use for this requirement?
- Reserved instances
- Spot instances
- On-demand instances
- Flexible instances
Answer: 3, the key requirements here are that you need to deploy several EC2 instances quickly to run the batch process and you must ensure that the job completes. The on-demand pricing model is the best for this ad-hoc requirement as though spot pricing may be cheaper you cannot afford to risk that the instances are terminated by AWS when the market price increases.
Question: An Architect is designing a serverless application that will accept images uploaded by users from around the world. The application will make API calls to back-end services and save the session state data of the user to a database.
Which combination of services would provide a solution that is cost-effective while delivering the least latency?
- Amazon CloudFront, API Gateway, Amazon S3, AWS Lambda, DynamoDB
- API Gateway, Amazon S3, AWS Lambda, DynamoDB
- Amazon CloudFront, API Gateway, Amazon S3, AWS Lambda, Amazon RDS
- Amazon S3, API Gateway, AWS Lambda, Amazon RDS
Answer: 1, Amazon CloudFront caches content closer to users at Edge locations around the world. This is the lowest latency option for uploading content. API Gateway and AWS Lambda are present in all options. DynamoDB can be used for storing session state data.
Test Domain 5: Define Operationally-Excellent Architectures
This domain makes up 6% of the exam and includes the following objective:
- 5.1 Choose design features in solutions that enable operational excellence
What you need to know
You need to understand how to reduce operational overhead by using technologies that require less manual work. Managed services and serverless services are often the best ways to achieve this. You might be asked to choose between a database on EC2 vs an RDS database for instance and as RDS is a managed service it would require less management overhead.
Serverless services require even less management and often also reduce cost as you don’t pay for running or idle resources. This is becoming an increasingly bigger topic for the exam and you should make sure you’re fully aware of the AWS serverless services and know when to use them.
Question: Your manager is interested in reducing operational overhead and cost and heard about “serverless” computing at a conference he recently attended. He has asked you if AWS provide any services that the company can leverage. Which services from the list below would you tell him about? (choose 2)
- API Gateway
Answer: 1,3, AWS Serverless services include (but not limited to): Amazon API Gateway, AWS Lambda, Amazon S3, Amazon DynamoDB, Amazon SNS, Amazon SQS, and Amazon Kinesis.
Free AWS Practice Test
Click here to access Free Practice Questions to test your knowledge
AWS Certified Solutions Architect – Associate Training
Whether you’re just getting started with AWS Certification Training, have on-the-job experience, or are continuing your education after taking other AWS exams, you will need to cover both the theory and practical aspects in your journey.
Please check out the resources below which take you from just starting out with AWS to being a proficient builder on AWS and fully equipped to ace your exam.
AWS Hands-On Labs
This is the FUN way to learn AWS! Our AWS Certified Solutions Architect Associate Hands-On Labs course teaches you AWS from creating a Free Tier account right through to building complex applications – delivered through guided practice labs. No other course gives you so much hands-on experience with the AWS Cloud.
AWS Practice Tests
Our AWS Certified Solutions Architect Associate Practice Exams are designed to be representative of the question format and difficulty of the actual AWS exam. These are a great way not just of assessing your readiness, but also for learning the concepts as we provide detailed explanations and reference links for every question. But don’t leave it until the last minute, get started with AWS Certified Solutions Architect Associate Practice Exams early so you can ensure you’re on track.
Also, check out the FREE online Training Notes on the Digital Cloud Training website which provide a deeper level of detail for all test domains of the Solutions Architect exam.
Get in touch with us here.