AWS Certified Solutions Architect Certification: Grabbing the Opportunity

AWS Solutions Architect – Associate SAA-C02 exam is the most recent AWS exam that has supplanted the past SAA-C01 certification exam. It essentially approves the capacity to adequately show information on the most proficient method to architect and convey secure and strong applications on AWS advances 

• Giving a solution using architectural design principles based on customer requirements.
• Providing implementation guidance based on best practices to the organization throughout the life cycle of the project.

AWS Solutions Architect – Associate SAA-C02 Exam Summary 

• The SAA-C02 exam comprises 65 Questions shortly, and the time is above and beyond on the off chance that you are solid and steady. 

• SAA-C02 Exam covers the architecture perspectives in profound detail, so you should have the option to envision the architecture, even coax them out in the exam just to see how it would function and how various services relate. 

• AWS has refreshed the exam ideas from the attention being on singular services to more structure of adaptable, profoundly accessible, financially savvy, performant, strong. 

• If you had been getting ready for the SAA-C01 – 

 SAA-C02 is essentially like SAA-C01 except the operational viable architecture space has been dropped 

 Although, the greater part of the services and ideas covered by the SAA-C01 is something similar. There are not many new augmentations like Aurora Serverless, AWS Global Accelerator, FSx for Windows, FSx for Luster 

• AWS exams are accessible on the web, and I took the online one. Simply ensure you have an appropriate spot to take the exam with no aggravation and nothing around you. 

• Also, on the off chance that you are taking the AWS Online exam interestingly attempt to join at least 30 minutes before the real-time. 

AWS Solutions Architect – Associate SAA-C02 Exam Topics 

Ensure you go through every one of the subjects and spotlight on hints in italics 

Networking 

• Be sure to make VPC without any preparation. This is compulsory. 

 Create VPC and comprehend what’s a CIDR and tending to designs 

 Create public and private subnets, design legitimate courses, security groups, NACLs. (hint: Subnets are public or private relying upon whether they can course traffic straightforwardly through Internet entryway) 

 Create Bastion for correspondence with cases 

 Create NAT Gateway or Instances for cases in private subnets to collaborate with web 

 Create two-level architecture with application openly and database in private subnets 

 Create three-level architecture with web Servers openly, application, and database Servers in private. (hint: center around security bunch arrangement with least advantage) 

 Make sure to see how the correspondence occurs between the Internet, Public subnets, Private subnets, NAT, Bastion, and so on 

• Understand the distinction between Security Groups and NACLs (hint: Security Groups are Stateful versus NACLs are stateless. Additionally just NACLs give the capacity to deny or hinder IPs) 

• Understand VPC endpoints and what services it can help collaborate (hint: VPC Endpoints courses traffic inside without Internet) 

 VPC Gateway Endpoints upholds S3 and DynamoDB. 

 VPC Interface Endpoints OR Private Links upholds others 

• Understand the distinction between NAT Gateway and NAT Instance (hint: NAT Gateway is AWS overseen and is adaptable and profoundly accessible) 

• Understand how NAT high accessibility can be accomplished (hint: arrangement NAT in every AZ and course traffic from subnets inside that AZ through that NAT Gateway) 

• Understand VPN and Direct Connect for on-premises to AWS availability 

 VPN gives fast network, financially savvy, secure channel, anyway courses through web and doesn't give reliable throughput 

 Direct Connect gives steady devoted throughput without Internet, anyway expects time to the arrangement and isn't financially savvy 

• Understand Data Migration strategies 

 Choose Snowball versus Snowmobile versus Direct Connect versus VPN relying upon the transmission capacity accessible, data transfer required, time accessible, encryption necessity, once or ceaseless prerequisite 

 Snowball, SnowMobile are for one-time data, savvy, speedy, and ideal for huge data transfer 

 Direct Connect, VPN is ideal for ceaseless or incessant data transfers 

• Understand CloudFront as CDN and the static and dynamic storing it gives, what can be its beginning (hint: CloudFront can highlight on-premises sources and its use cases with S3 to diminish burden and cost) 

• Understand Route 53 for routing 

 Understand Route 53 wellbeing checks and failover routing 

 Understand Route 53 Routing Policies it gives and their utilization cases chiefly for high accessibility (hint: center around weighted, dormancy, geolocation, failover routing) 

• Be sure to cover ELB ideas. 

 SAA-C02 centers around ALB and NLB and doesn't cover CLB 

 Understand contrasts between CLB versus ALB versus NLB 

o ALB is layer 7 while NLB is layer 4 

o ALB gives content-based, have based, way based routing 

o ALB gives dynamic port planning which permits the same assignments to be facilitated on the ECS node 

o NLB gives low inactivity and capacity to scale 

o NLB gives static IP address 

Security 

• Understand IAM in general 

 Focus on IAM job (hint: can be utilized for EC2 application access and Cross-account access) 

 Understand IAM character suppliers and league and use cases 

 Understand MFA and how might carry out two-factor validation for an application 

 Understand IAM Policies (hint: a few Questions with arrangements characterized and you need to choose the right articulations) 

• Understand encryption services 

 KMS for key administration and envelope encryption 

 Focus on S3 with SSE, SSE-C, SSE-KMS 

 Know SQS currently gives SSE support 

• AWS WAF incorporates CloudFront to give security against Cross-site scripting (XSS) assaults. It additionally gives IP impeding and geo-security. 

• AWS Shield incorporates CloudFront to give security against DDoS. 

• Refer to Disaster Recovery whitepaper, be certain you realize the distinctive recuperation types with sway on RTO/RPO. 

Storage 

• Understand different storage alternatives S3, EBS, Instance store, EFS, Glacier, FSx and what are the utilization cases and enemies of examples for each 

• Instance Store

 Understand Instance Store (hint: it is genuinely connected to the EC2 occurrence and gives the most reduced idleness and most noteworthy IOPS) 

• Elastic Block Storage – EBS

 Understand different EBS volume types and their utilization cases regarding IOPS and throughput. SSD for IOPS and HDD for throughput 

 Understand Burst execution and I/O credits to deal with infrequent pinnacles 

 Understand EBS Snapshots (hint: reinforcements are computerized, previews are manual)

• Simple Storage Service – S3

 Cover S3 inside and out 

 Understand S3 storage classes with lifecycle arrangements 

o Understand the distinction between SA Standard versus SA IA One Zone regarding cost and strength 

 Understand S3 Data Protection (hint: S3 Client-side encryption encodes data before putting away it in S3) 

 Understand S3 highlights including 

o S3 gives a savvy static site facilitating 

o S3 forming gives assurance against unintentional overwrites and erasures 

o S3 Pre-Signed URLs for both transfer and download gives access without requiring AWS accreditations 

o S3 CORS permits cross-area calls 

o S3 Transfer Acceleration empowers quick, simple, and secure transfers of records over significant distances between your customer and an S3 container. 

 Understand Glacier as authentic storage with different recovery designs 

 Glacier Expedited recovery presently permits object recovery inside mins 

• Understand Storage doors and their various kinds. 

 Cached Volume Gateway gives admittance to often got to data while utilizing AWS as the real storage 

 Stored Volume passage utilizes AWS as a reinforcement, while the data is being put away on-premises too 

 File Gateway upholds SMB convention 

• Understand FSx simple and financially savvy to dispatch and run mainstream record frameworks. 

 FSx gives two document frameworks to browse: Amazon FSx for Windows File Server for business applications and Amazon FSx for Luster for superior jobs. 

• Understand the contrast between EBS versus S3 versus EFS 

 EFS gives shared volume across numerous EC2 cases, while EBS can be joined to a solitary volume inside a similar AZ. 

• Understand the contrast between EBS versus Instance Store 

• Would suggest alluding Storage Options whitepaper, albeit somewhat dated 90% holds right

Compute

• Understand Elastic Cloud Compute – EC2 

• Understand Auto Scaling and ELB, how they cooperate to give High Available and Scalable arrangement. (hint: Span both ELB and Auto Scaling across Multi-AZs to give High Availability) 

• Understand EC2 Instance Purchase Types – Reserved, Scheduled Reserved, On-request, and Spot and their utilization cases 

 Choose Reserved Instances for ceaseless tireless burden 

 Choose Scheduled Reserved Instances for load with fixed booked and period 

 Choose Spot cases for flaw lenient and Spiky burdens 

 Reserved examples give money-saving advantages to long terms prerequisites over On-request cases 

 Spot examples give money-saving advantages to brief issue lenient spiky burden 

• Understand EC2 Placement Groups (hint: Cluster arrangement bunches give low inertness and high throughput correspondence, while Spread position bunch gives high accessibility) 

• Understand Lambda and serverless architecture, its highlights, and use cases. (hint: Lambda coordinated with API Gateway to give a serverless, profoundly versatile, financially savvy architecture) 

• Understand ECS with its capacity to send compartments and miniature services architecture. 

 ECS part for assignments can be given through taskRoleArn 

 ALB gives dynamic port planning to permit different same assignments on a similar node 

• Know Elastic Beanstalk at a significant level, what it gives, and its capacity to get an application running rapidly. 

Databases 

• Understand social and NoSQLs data storage choices which incorporate RDS, DynamoDB, Aurora, and their utilization cases 

• RDS 

 Understand RDS highlights – Read Replicas versus Multi-AZ 

O Read Replicas for adaptability, Multi-AZ for High Availability 

o Multi-AZ are provincial as it were 

o Read Replicas can length across locales and can be utilized for catastrophe recuperation 

 Understand Automated Backups, basic volume types 

• Aurora 

 Understand Aurora 

o provides numerous read imitations and repeats 6 duplicates of data across AZs 

 Understand Aurora Serverless gives a profoundly versatile savvy database arrangement 

• DynamoDB 

 Understand DynamoDB with its low idleness execution, key-esteem store (hint: DynamoDB is certainly not a social database) 

 DynamoDB DAX gives reserving to DynamoDB 

 Understand DynamoDB provisioned throughput for reading/Writes (It is more covered in the Developer exam, however.) 

• Know ElastiCache use cases, predominantly for reserving execution 

Joining Tools 

• Understand SQS as message lining administration and SNS as bar/sub warning help 

• Understand SQS highlights like perceivability, long survey versus short survey 

• Focus on SQS as a decoupling administration 

• Understand SQS Standard versus SQS FIFO distinction (hint: FIFO gives precisely once conveyance both low throughput) 

Investigation 

• Know Redshift as a business knowledge apparatus 

• Know Kinesis for constant data catch and examination 

• At least understand what AWS Glue does, so you can dispense with the appropriate response 

The board Tools 

• Understand CloudWatch checking to give operational straightforwardness 

• Know which EC2 measurements it can follow. Keep in mind, it can't follow memory and plate space/trade usage 

• Understand CloudWatch is extendable with custom measurements 

• Understand CloudTrail for Audit 

• Have an essential comprehension of CloudFormation, OpsWorks