The course is part of this learning path
This course introduces the AWS Certified Solutions Architect - Associate learning path.
Hello and welcome to this learning path, which has been designed to help you prepare and pass the AWS Certified Solutions Architect - Associate exam, version SAA-C02 which was released by AWS on the 23rd March 2020.
Throughout this learning path, you will be guided via our courses, hands-on labs including some lab challenges, blog posts, webinars, and a preparation exam at the end, all of which are focused on areas that will be assessed within the exam.
As defined in the exam blueprint, which can be found here, the exam has been designed for individuals within a solutions architect role which will verify and validate their knowledge within this area by effectively demonstrating their ability to architect solutions using best practice design principles, in a secure and robust way.
The questions within the exam are multiple-choice requiring you to select either a single or multiple answers for each question. The scoring is based out of 1000, with a minimum passing score of 720 (72%).
The exam is split into 4 different domains that you will be assessed against, each carrying a different percentage weighting, these are identified as:
- Domain 1: Design Resilient Architectures 30%
- Domain 2: Design High-Performing Architectures 28%
- Domain 3: Design Secure Applications and Architectures 24%
- Domain 4: Design Cost-Optimized Architectures 18%
So let me now run through how we approach each of these domains with the content within this learning path!
In this first Domain, ‘Design Resilient Architectures’ you will be assessed on our knowledge of how to design a multi-tier architecture and ensure such solutions are highly available and fault-tolerant. In addition to this, you must show an understanding of the benefits of decoupled and event-driven architectures. Storage also plays an important part in this domain, and you are required to demonstrate your awareness of resilient storage capabilities in your architecture.
With this in mind, you will be introduced to the AWS global infrastructure, providing you with a foundation of how the underlying architecture is pieced together on a global scale. We shall discuss how to implement a multi-tier architecture within a VPC using multiple subnets and networking components, amongst other features and services. You will also be introduced to Amazon Route 53 and Amazon CloudFront and also some common disaster recovery and business continuity strategies.
You will learn the differences between decoupled and event-driven architectures and some of the services that allow you to implement such solutions, such as the Amazon simple notification service, the Amazon simple queue service, and Amazon Kinesis and AWS Lambda.
From a storage perspective, you will gain a deeper understanding of storage services and how they can be used to help maintain your data from a resiliency point of view, including Amazon S3, AWS Storage Gateway, and Amazon EFS to name but a few.
Looking at Domain 2, you must understand how to design high performant architectures across the compute, storage, networking, and database categories.
The key areas of focus here is to ensure that you know which services to use and configure to implement elastic and scalable solutions for compute workloads. So we will cover the configuration of auto scaling and application and network load balancers, in addition to services such as Amazon EC2, Amazon Elastic Container Service (ECS) and AWS Elastic Beanstalk.
Again you will be assessed on your AWS Storage service knowledge, but this time from a high-performance and scalable side of things. We look deeper at Amazon EFS and its configuration, plus an insight into additional features within Amazon S3.
From a network standpoint, you need to be able to demonstrate you have a good knowledge of how to architect infrastructure that can support your workload effectively, so I focus on many of the VPC networking components that can help you to do this, from the fundamentals of the VPC itself, including subnets, Elastic network interfaces (ENIs) and Elastic Network Adapter (ENAs) to the security controls and considerations, including Network access control lists, security groups, NAT Gateways, and Bastion Hosts, plus connectivity options, such as VPC endpoints, Virtual private networks, Direct Connect, transit gateway, and the AWS Global Accelerator.
The final component of Domain 2 will test your awareness and knowledge of Database performance and what you can implement to help you manage workloads across your databases. We introduce you to many of the different database services to give your foundation knowledge of the different services available before honing in on some of the performance options available including HA with Amazon RDS using Multi-AZ features, in addition to HA options across Amazon DynamoDB and Amazon Aurora. You will also be introduced to the Amazon DynamoDB Accelerator known as DAX to boost your database performance 10 fold using cached clusters.
Domain 3 for me personally is probably the most interesting content, but that’s because I love the security aspect of AWS. You’ll be assessed on 3 main points across this domain. You’ll need to know how to design secure access to AWS and its resources within it, you will have to understand how to design secure application tiers and finally be able to recommend and select the most appropriate security services and feature to protect your data.
We have lots of content that will help you understand all of these elements, and one of the main services that you will need to know and be familiar with is AWS Identity and Access Management, known as IAM, so we cover this in some detail, which also covers federated access. You will also be introduced to Amazon Cognito, as well as AWS Organizations, in particular, the service control policies that this service offers.
From an application security standpoint, we focus on the AWS Web Application Firewall, with an introduction to Firewall Manager and Shield. Logging is also a crucial element of application security and so you’ll learn how to enable logging and use it to your advantage from a security standpoint. You will understand how services such as AWS Config and AWS CloudTrail can also be used to help you audit, monitor and evaluate your infrastructure for security issues and incidents, to help you resolve threats quicker and more effectively.
From a data security perspective, you will learn how to protect your data using the AWS Key Management Services, known as KMS, to encrypt your data across multiple services, in addition to learning how to manage and configure multiple encryption mechanisms used by Amazon S3.
The final Domain of the certification looks at cost optimization across your architecture, so it’s important to understand the different costing metrics to different services and how you can optimize their configurations.
Here we spend time looking at the different costs associated with AWS storage services to ensure you understand the full spectrum of price points associated with these, such as service classes or tiers, using specific management elements of a service, for example, Provisioned Throughput in EFS, or S3 replication time control, using different types of requests, data retrieval and data transfer, replication, and more...
You will be introduced to compute savings plans and reserved instances and how these can be optimized to save you money across your EC2 fleets, and finally a review of some of the cost optimization features and best practices when designing a cost-optimized network architecture.
Ok, so now you have an understanding of what’s involved, let’s get your prepped and ready to tackle this certification!! And If you have any questions throughout this learning path, please feel free to reach out to us here by sending an email to email@example.com. OK, let's get started!
About the Author
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data centre and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 60++ courses relating to Cloud, most within the AWS category with a heavy focus on security and compliance
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.