Passing the AWS Solutions Architect Associate (SAA) Exam: Tips and Resources

Hey there! If you're reading this, chances are you're either gearing up to tackle the AWS Solutions Architect Associate (SAA) or already deep into your preparation. Either way, I'm here to share some valuable notes I made during my own SAA journey.

In this blog, I'll provide you with all the essential tips to ace the exam and recommend the best resources to help you succeed.

Now, let's talk about the online PearsonVUE exam experience. Scheduling the exam wasn't the smoothest process; the slots I initially wanted were unavailable, and it took about two hours of calling and chatting online to secure a suitable one. However, once I got into the exam, everything proceeded without any hiccups. The proctor asked me to introduce myself and engaged in some basic small talk, like "How's your day?"

Before starting the exam, I had to take pictures of my ID (passport or any legitimate government ID) and provide multiple views of my room. During the exam, I had some flexibility to stretch, but I had to ensure I remained within the video frame. The exam itself lasted around 50 minutes, which was quite manageable, given that it's a 140-minute exam. This provided ample time for reviewing my answers, although I didn't want to second guess myself. When I finally clicked "submit," I had to participate in a survey for around 5 minutes before receiving my grade. The moment I saw "PASS," I was absolutely thrilled and ecstatic to finally become an AWS Solutions Architect - Associate (though, let's be honest, AWS could use a shorter name for this certification!).

Now, let's dive into the best resources for your preparation. I started with Adrian Cantrill's course, followed by Stephane Maarek's course. Both instructors covered the same content, but in different teaching styles. Adrian had a hands-on and practical approach, while Stephane's course was more exam-focused. I highly recommend going through both courses, at least twice, to thoroughly grasp the concepts.

Additionally, Adrian Cantrill generously provides his guided labs for free on GitHub, which proved incredibly useful during my preparation. It's essential to make detailed notes while studying, as merely watching the course videos may not be enough to retain all the information.

After mastering the course material, I moved on to practice exams, and the ones offered by TutorialsDojo and Neal Davis were the best I could find. These practice tests were of excellent quality and closely resembled the actual exam. In particular, TutorialsDojo provided super-detailed answers, which helped me immensely.

Taking practice exams is crucial, but what's even more important is understanding your wrong answers. Make sure to take notes on all the questions you got wrong, both from TutorialsDojo and Neal Davis's exams.

Regarding the scores on practice exams, don't worry if you start with scores in the 60%-70% range on your first attempt. The key is to learn from your mistakes and focus on understanding the correct answers. For subsequent attempts, aim to score above 90% on each exam, but avoid overdoing it, as memorization won't help in the long run.

One thing I noticed is that Neal Davis's exams are more challenging compared to TutorialsDojo's, though the latter provides a closer resemblance to the actual exam.

How much do you need to know for each?

Basics

Know the difference between Availability Zones, Regions and Edge Locations.

IAM

Know that it's a global service.
Know the difference between users, roles and groups.
Know the best principles for the root user.
Know the difference between authorization and authentication.
Know how to read policies.
Know the hierarchy, e.g. explicit deny cannot be surpassed.

EC2

Know the basics like what an AMI is and what user data is, what are the different types of instance states and know what the hibernate state preserves and what it doesn't.
Know some common instance types (T, M, C, R).

Know the instance metadata address (http://169.254.169.254/latest/meta-data) and what instance metadata is.
Know security groups and they can't have deny rules and are stateful (automatically allow return traffic).
Know the difference between Elastic IPs, Private IPs and Public IPs.
Know the different pricing models (on-demand, reserved, spot, dedicated) and know the differences between each.
Know how spot instances work https://karansingh.gitbook.io/aws-saa-c02/ec2/spot-instances.
Know how to copy AMIs cross-region and cross-account.
Know the difference between cluster, spread and partition placement groups; you don't need to go in-depth. Just know that cluster is for low latency and is in one AZ and spread is for high availability, etc.
Know what an Elastic Network Interface (ENI) is.

Elastic Load Balancer (ELB)

Know the difference between ALB, NLB and CLB (legacy).
Know what listeners and target groups are.
Know what session stickiness is.
Know what cross-zone load balancing is (literally in the name).
Know what Server Name Indication (SNI) is and which load balancers support it.
Know what connection draining is.
Know what Access Logs are.

Auto Scaling Group (ASG)

Know the difference between Launch Configurations and Launch Templates.
Know the different scaling policies.
Know what lifecycle hooks are.
Know what a scaling cooldown is and when to use it.

EBS, EFS, EC2 Instance Store

Know the difference between them.
Know the EBS volume types and when to use each of them.
Know that EBS Provisioned IOPS is for more than 16,000 IOPS or 250 MiB/s of throughput per volume.
Know what Data Lifecycle Manager (DLM).
Know how to copy and share EBS snapshots.
Know what location type is thing is attached to, e.g. EBS Volumes are attached to Availability Zones and Snapshots are attached to regions.
Know what RAID 0 and RAID 1 is and the difference between each.
Know why people use Instant Store, even though it is not persistent when an EC2 instance fails/stops.
Know what EFS is for and trust me, you don't need to know a lot of in-depth knowledge about it; just that it is for Linux instances, it can be accessed by lots of different instances, it is a Network File System and also that it is attached to a region.
Know what block device mapping is and that it is only for EBS and Instance Store.

Relational Database Service (RDS)

Know Read Replicas vs Multi-AZ.
Know how synchronous replication is different from asynchronous replication.
Know how RDS encryption works.
Know what IAM Database Authentication is.
Know the difference between RDS and Aurora.
Know what Aurora Serverless is and how it differs from standard Aurora.

ElastiCache

Know the difference between Redis and Memcached
- Memcached is just a pure cache; no backups and restores, no data persistence.
- Redis supports backups, restores, Multi-AZ, data persistence, failovers, read replicas.

Route53

Know the different record types (A, AAAA, CNAME, ALIAS, etc.)
Know what TTL is and this one is really important to understand as it is used for CloudFront as well.

Know the routing policies and when to use each one.
Know the difference between public and private hosted zones.
Know how to import 3rd party domains.

S3

Know buckets vs objects vs keys.
Know what object versioning is and why you'd use it.
Know when to use Multipart Upload.
Know all the different Encryption methods (SSE-S3, SSE-KMS and SSE-C).
Know the difference between user based policies (IAM policies) and resource based policies (bucket policies).
Know what pre-signed URLs are and when to use them.
Know how to host websites on S3.
Know what CORS is.
Know its consistency model (https://karansingh.gitbook.io/aws-saa-c02/simple-storage-service-s3/consistency-model).
Know what MFA Delete, Access Logs, lifecycle rules, Transfer Acceleration and S3 Select are.
Know when to use Cross-region replication vs Same-region replication.
Know the different storage classes (I literally saw like 10 questions just on this).
Know what vault lock is.

Athena

Know that it's serverless.
Know that you can use it to analyse data in S3.

CloudFront

Know what origins are.
Know what Origin Access Identity (OAI) is.

Know what Signed Cookies and Signed URLs are and the difference between them.
Know what Geo restriction is.

Global Accelerator

Know how it differs from CloudFront and Transfer Acceleration.
Know that you can get two global anycast static customer facing IPs.

Storage Gateway

Know the difference between File Gateway, Volume Gateway and Tape Gateway.
Know what the Storage Gateway File Gateway Hardware Appliance is.

FSx

Know the difference between FSx for Windows Servers and FSx for Lustre, e.g. FSx for Lustre is POSIX compliant.

Snowball/Snowmobile

Know the difference between them and when to use each one.
Know the size constraints of each one.

SQS

Know what standard queues are and how they differ from FIFO queues.
Know the message retention period (1 minute to 14 days).
Know what the Message Visibility Timeout is and when to use it.
Know what Dead Letter Queues are.
Know some common use cases, e.g. auto scaling EC2 instances based on the queue size.

SNS

Know the difference between subscribers and publishers.
Know the different supported protocols, i.e. SQS, Lambda, HTTP, email, mobile push notifications, and SMS.
Know what the Fan Out Pattern is, i.e. multiple SQS queues as SNS subscribers.

Kinesis

Know the difference between Kinesis Data Streams, Kinesis Data Firehose and Kinesis Data Analytics.
Know what shards are.
Know what some use cases are.
Know that it is real-time.

Amazon MQ

Know that it is managed message broker service.

Lambda

Know that it integrates very well with API gateway.
Know that 15 minutes is the maximum timeout.

Lambda@Edge

Know how it differs from Lambda.

API Gateway

Know that it is for APIs.
Know what APIs are.

Know it integrates very well to Lambda functions.

Cognito

Know the difference between user pools and identity pools.
Know what Cognito Sync is.

AWS SAM

Know what it is.

DynamoDB

Know why and when to use it.
Know the difference between Tables, Items, and Attributes.
Know what RCUs and WCUs are.
Know what Streams and Triggers are.
Know what DAX is.
Know what Global Tables are.

Elastisearch

Know what it is and when to use it.

Redshift

Know how it differs from Athena.
Know that it is for data warehousing.

Glue

Know what ETL is and that Glue is used for ETL.

Cloudwatch

Know the basic concepts (metrics, dimensions, namespaces, resolution).
Know what CloudWatch Alarms and CloudWatch Logs and CloudWatch Events are and how they differ from each other.
Know when to use the CloudWatch Agent.
Know what EC2 instance recovery is (CloudWatch alarm that monitors an EC2 instance and automatically recovers the instance if it becomes impaired).

CloudTrail

Know what it is, when to use it and why to use it.

Config

Know what rules are.

STS

Know what it is and when to use it.
Know the difference between AssumeRole, AssumeRoleWithSAML and AssumeRoleWithWebIdentity.

Identity Federation

Know the different types of federation in AWS (SAML 2.0, AD FS, Web Identity Federation and Cognito) and how they all differ from each other.

Directory Service

Know the difference between AWS Managed Microsoft AD, AD Connector and Simple AD and when to use each one.

Organizations

Know the benefits and what consolidated billing is.
Know what Service Control Policies are.

Resource Access Manager

Know what it is and when to use it.

Key Management Service (KMS)

Know why to use it and what Customer Master Keys are.

SSM Parameter Store & Secrets Manager

Know the difference between each of them (hint: one of them supports key rotation.)
Know when to use one over another.

CloudHSM

Know why to use it and what it is.
Know that it allows you to manage your encryption keys using FIPS 140-2 Level 3 validated HSMs.

Shield & WAF

Know the difference between Shield, Shield Advanced and WAF and when to use each one.
Know what a DDoS attack is.
Know some common web attacks against which WAF protects you against, e.g. SQL injection and cross-site scripting.

Virtual Private Cloud (VPC)

Know how to work out CIDR ranges.
Know the difference between public IPs and private IPs.
Know what NAT is and how it works.
Know when to use a default VPC vs non-default VPC.
Know that VPCs are attached to a region (regional).
Know that subnets are attached to an Availability Zone.
Know what VPCs, subnets, NAT Gateways, Route Tables are.
Know the difference between NAT Gateways and Internet Gateways and NAT Instances.
Know what source/destination checks are in NAT instances.
Know how to enable DNS support in non-default VPCs.
Know that a public and private hostname is provided in a default VPC whereas only a private hostname is provided in a non-default VPC and you have to configure additional values to enable a public hostname (enableDnsHostnames and enableDnsSupport).
Know the differences between NACLs and Security Groups.
Know what stateful, stateless, inbound and outbound mean.
Know what VPC Peering is.
Know what VPC Endpoints are.
Know the difference between Gateway Endpoints and Interface Endpoints.
Know what VPC Flow Logs are.
Know what Bastion Hosts are and that you should small EC2 instances for them and not large EC2 instances as they don't require a lot of compute capacity.
Know the differences between Site to Site VPNs and Direct Connect.
Know what Direct Connect Gateways are.
Know the components of a Site to Site VPN.
Know what an Egress-only Internet Gateway is and how it differs from a NAT Gateway.
Know what AWS PrivateLink and AWS ClassicLink are and what the differences are between them.
Know what VPN CloudHub is and when you should use it.
Know what Transit Gateway is and when you should use it.

DataSync

Know when to use DataSync vs Direct Connect vs Snowball vs Snowmobile.

CloudFormation

Know what stacks and change sets are.
Know are how to read basic ones.

Other Services

Have a read through this and that'll be more than enough: https://karansingh.gitbook.io/aws-saa-c02/other-services/overview-of-other-services.

Google Sites

Report abuse