You are looking to take the AWS Certified Solutions Architect — Professional certification exam. Today I will help you some tips & tricks that I learned during my professional exam preparation two years ago.
How I PASSED the New AWS Solutions Architect Professional?
Another guide to the certification exam, probably reading the White Paper, watching videos on YouTube, taking this course that course, etc. No! Such those articles, are present on the internet a lot. I can get you some:
- How I PASSED the New AWS Solutions Architect Professional (Feb 2019 version) exam last March 9!
- AWS Certified Solutions Architect — Professional 2019 (feedback)
- My AWS Solution Architect Professional Certification Experience
- My path to AWS Certified Solutions Architect — Professional
- Passed SA Pro today
Those articles are already too many, adding one of mine is nothing more. Are the other people correct? Definitely right. But to do it is not as easy as it sounds. Learning the right route is good, but to pass the exam depends on your ability to learn and the background knowledge you have. It is said that if you study for 4 months, you will pass (I have studied for a whole year, what a shame), but you could still don’t pass no matter a whole year preparation.
What is the standard learning path?
In generally, The path to passing the AWS certification exam includes (don’t miss anything):
1. Read White papers
There are hundreds White papers, some with thousands of pages. Can you read it all? No matter how many you read, how much are you able to remember?
I just checked, now there are 314 White Paper & Guide, you can check it at AWS Whitepapers & Guides.
You should read all important White Papers which mentioned in the those articles above.
2. Read FAQs
FAQs are also important. You should read all.
3. Watch AWS re:Invent, This Is My Architecture in YouTube
If you don’t have much chance to try services, architectures (like me), these videos are very helpful. They show you how a service should be use in real project (the exam too, of course) and how a group of services interact in an architecture to resolve problems.
4. Take some online/offline courses
This is actually the easiest to access. There are many (most) AWS courses available, both paid and paid. AWS also has some Exam Readiness (Free) to guide you through the exam questions
Exam Readiness: AWS Certified Solutions Architect — Professional
There are many types of courses, but in general, they are not enough. Especially some of the default courses require you to have a good knowledge of AWS, they just overview for you. If you just stick to the course, failure is certain.
I found a really valuable course on Udemy. It could be more expensive than usual but the author deserve it.
Fun Fact: the first time I took the exam, I was hit in the face with a service called Amazon Mechanical Turk, which didn’t appear in any of the White Papers, FAQs or AWS Console. I think it is a question which isn’t scored, so don’t worry if AWS give you such a surprise like that.
5. Practice
Those learning materials are certainly informative, but it’s hard to remember them all if you just read them and watch them do it. Practicing helps you understand better, remember better. Never skip practice any service.
6. Learn English
It’s seriously. Depends on the certification level you take the exam. With Professional I took the exam, the question is very very long, printing must also be over 50 pages. As I read and thought of the answer, it was indeed a terrible sprint. For test takers whose native language is not English (non-English speakers or English as a Second Language), AWS allows you to request accommodations, whereby you get a bonus of 30 minutes each time, so take advantage of it.
Speaking of this, many of you are probably shocked and don’t dare to study, but that’s the truth. This test is extremely difficult, requiring hundreds of hours of study and practice. You should have really terrible determination to make it through. Fortunately, Amazon will only test you on a few key services. If you know (to the point of mastering) the key services, you have achieved over 80%. And if you don’t understand these services and lose points, then strange services you never touch will be a lifesaver, but, it is boundless knowledge. That why AWS Solutions Architect Professional is touch, it is difficult to understand something deeply, and if it is broad, it is too broad to understand it all.
Tip & Trick
In fact, I’m not a person who has the ability to remember well. I tried to learn by going from service to service and memorize all of them. According to statistics, I have read at least 47 full books about AWS, of which about 10–20 White Papers. However, the more I try to remember, the more I forget, learning 10–20 services, forgetting the first ones, reading a lot of books also forgetting quite a bit. So, I chose to study on my own.
Service classification
AWS has already categorized it for you at https://aws.amazon.com/products/
Service classification is very important. It helps you know what you are facing and how you deal with it. If you face a storage service, you need to know how to secure it, how much capacity, how much availability, what about reliability. If you use Database, remember it is RDBMS or NoSQL, cache or Big data.
It also helps you to remember the service better. There are various service names you have never heard before, so classification help you have some idea about it at least. For instance, EC2 Auto Scaling or Elastic Load Balancer sounds reminiscent, but what do you think Neptune is for? Universe? Snowball, Glacier, etc.
Based on Well-Architected Framework’s Five Pillars
Well-Architected Framework provides guidelines to help customers deploy systems on AWS. The framework offers five main pillars:
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
- Operational Excellence
When encountering any service, you need to think along these pillars.
1. Security
AWS places great emphasis on security across all architects. There are 2 main types of secure that you need to know:
- Security operations
- Data protection
Security operations
There are always employees who do wrong things that they are not authorized to do or should not do. Those are the reasons there are services like IAM, Organizations, Cognito, CloudTrail, etc. When learning a certain service, you must know how to grant access or limit access to it. Amazon S3, how to not allow others to publish it? How do I allow someone with another AWS account (and only them) to access? How to prevent someone from Terminate EC2 instance? Knowing what a service can do is important, but securing it is just as important.
Data protection
You must get used to the concept of Encrypt at rest and Encrypt in transit. Is data stored in Storage encrypted? Is it encrypted when transferring data to the internet or on-premises via VPN? Most services are encrypt in transit by default, but encrypt at rest is not (EBS is not encrypted by default). There are still a lot of difficult customers out there. They require even more security. Have to use CloudHSM, use their own certificate or use end-to-end encryption too, and it’s really hard. You will become confusing with such services like KMS, CloudHSM, Direct Connect, Security Hub, Transit Gateway, VPN, etc. but it is it will appear frequently in the exam because that’s how an enterprise application is built.
2. Resiliency: Availability and Disaster Recovery (DR)
High Availability, Blue/Green Deployment, Zero Down Time, Uptime, service level agreement (SLA), recovery time objective (RTO), recovery point objective (RPO), Redundancy, Failback, etc. You must go into deep dives on it.
Maybe the projects you have done or are doing are all at a very basic level: 1 server, 1 database, 1 data center, etc. Stop and start again. But when it came to AWS, the standard of architecture took a new high level. Your system must be redundant for everything: hardware failure leading to server stop or data loss. Possibilities like hurricanes, earthquakes, and volcanoes destroy a data center. Even, you have to take into account the case of the main error from AWS.
You need to know 4 ways to preserve the system
- Backup and Restore
- Pilot Light
- Warm Standby
- Multi-site Example
For example, EC2 only guarantees 95.0% availability, which means every 1 hour EC2 can down for 3 minutes. To increase availability, need to combine with Auto Scaling Group, Load Balancer. More advanced, use Cross region Load Balancer, Multi-site between AWS infrastructure and on-premises. The Serverless option can also be considered as an alternative. What about data? EC2 stores data in EBS, how to ensure no data loss? By now you will probably have to know things like RAID, Snapshot, Point-in-time (PIT).
Similarly in RDS, we have RDS snapshot, backtrack, Replica, Multi AZ, etc. With ElastiCache there is also Multi A-Z, Failover, Append Only Files (AOF),…You also need to know, how long it takes to recover (RTO) and how much data can be lost (RPO). If customers needs to restore the system within 1 hour, storing it in Glacier is absolutely wrong.
Refer
- Rapidly recover mission-critical systems in a disaster
- AWS High Availability: Compute, SQL and Storage
- High Availability for Mere Mortals
3. Performance
Performance here is understood as the use of computing resources to meet system requirements, as well as maintain performance when requirements change or technology evolves. Some of the issues raised could be:
- Latency
- IOPS
- Throughput
When choosing a service to use for your architecture, there are four types of resources you need to consider: compute, storage, database, and network
Compute
There are 3 main types of compute
- Instance: a virtual server, typically EC2 and Lightsail. Actually, you can use EC2 to solve everything if there is no other option. For example, launch a MySQL server inside an EC2 instance.
- Container: is a way of virtualizing the operating system, can immediately think of Docker, Kubernetes. With AWS, think about ECS, Fargate, and EKS. When to use Container instead of Instance? Most of the answers (in the test) will be customers who already use on-premises containers and want to spend the least amount of effort if migrating to AWS.
- Function: focus on code and run without having to manage instances. Functions have three important benefits: minimal management effort, great scalability, and are particularly suitable for event based programs.
Storage
There are 3 main types of storage:
- Object Storage: just S3
- Block Storage: just EBS
- File Storage: EFS, FSx
In my opinion, Storage Gateway should also be included here. The storage classification doesn’t make much sense either. With a file, you can save it in Object Storage, Block Storage or File Storage. However, there is a slight difference. Eg: S3 is limited to 3,500 PUT/COPY/POST/DELETE and 5,500 GET/HEAD requests per second per prefix (directory name), and don’t forget there’s also a KMS limit if you choose to encrypt. And yet, accessing files from S3 will have extremely high latency. Think about them when you use them. With EBS, it is necessary to know what’s the difference of the volume types, which are optimal for IOPS? Which are optimal for Throughput? If you need even higher performance, you can think of RAID, but what are the disadvantages of RAID? Data loss, Downtime. EBS still has certain limitations: IOPS, Throughput, Hybrid Storage, Limit storage size, Sharing, Availability, etc. Then you will need to use EFS.
Database
Databases can be divided into 7 types:
- Relational: RDS
- Key-Value: DynamoDB, or maybe even Redis
- Document: DocumentDB
- In-Memory: ElastiCache, MemoryDB (new)
- Graph: Neptune
- Time-Series: Timestream
- Ledger: QLDB
Each type of database will be used for different purposes, but sometimes it is not too obvious.
Eg: Customers using MySQL on-premises does not mean that going to AWS is required to use RDS. That’s also just an option. Another option could be MySQL on EC2 instance, convert MySQL to use DynamoDB.
If you want a database with high access frequency, low latency, it can be DynamoDB, but if the data is not too important, ElastiCache is also a good choice.
In general, the database selection problem is not too difficult. Usually the question will revolve around the problem of optimizing a certain type of database.
Eg: Customer is using MySQL on RDS and is noticing slow response as traffic increases. Think about multi-writer, multi-reader and maybe even ElastiCache to reduce the load on RDS.
Refer:
Network
All AWS components are connected through a network, could be AWS’s private network or the internet.
EC2 instances connect to EBS through the internal network; Route53, CloudFront, S3 in/out internet; connection between AWS and on-premises,… In this regard, there are several common solutions:
- CloudFront can reduce latency when accessing global
- Deploying (adding a system) on a region near the user is also a best way to reduce latency
- Upload/Download on S3 is slow, use S3 transfer acceleration
- Connecting to On-premises using VPN is slow, spend more money to use Direct Connect
- Latency-Based Routing in Amazon Route 53
- Use VPC Endpoints to use AWS’s internal network
Refer
- PERF 1: How do you select the best performing architecture?
- PERF 2: How do you select your compute solution?
- PERF 3: How do you select your storage solution?
- PERF 4: How do you select your database solution?
- PERF 5: How do you configure your networking solution?
- PERF 6: How do you evolve your workload to take advantage of new releases?
- PERF 7: How do you monitor your resources to ensure they are performing?
- PERF 8: How do you use tradeoffs to improve performance?
- Performance Efficiency
4. Cost
Usually, there are 2 scenarios:
- Customers already have the system and want to reduce the price
- Customers wants to migrate to AWS, for the lowest possible price.
So how to optimize the price:
- Choose cheaper services. When to use Kinesis instead of SQS? When to use a VPN instead of Direct Connect? When to use Spot Instances?
- Remove unnecessary resources.
- Commitment: Savings Plans, Reserved Instances
- Cost Management: Consolidated Billing, Cost Allocation Tags, Trust Advisor,…
And finally, remember, optimizing for price also comes at the expense of other things (performance, availability, reliability, security, etc.). The architecture you choose may not be perfect, but if it is feasible and the most cost-effective according to the customer’s requirements, it is still the right answer.
5. Operational Excellence
“The Operational Excellence pillar includes the ability to support development and run workloads effectively, gain insight into their operations, and to continuously improve supporting processes and procedures to deliver business value”
It depends on services, but there are some common aspects:
- Infrastructure as code: in short, CloudFormation, Opsworks. You don’t need to understand what Ansible or Puppet is, but you should know what Opsworks is and what it is suitable for. You also don’t need to master CloudFormation template, but you must know some basic syntax and be able to create some services by CloudFormation, such as VPC, Subnets, RDS,…
- Basic settings: some services have unique settings you must be familiar with. Eg: could I change Lambda CPU configuration? Restore a RDS snapshot, make a failover on a RDS instance? Change Launch Template, etc.
- Monitoring, Incident response: logging, metric visualizer, alarms, incident management, and remediation
- Some managed operator services: there are some services you should get to know, such as CloudTrail, Config, Personal Health Dashboard, Organizations, Service Catalog, Systems Manager
Refer
Don’t trust keywords
Many of you when taking the exam will have a trick that believe in the keyword, see this keyword, then immediately make a decision. But here, things are not so clear. If you insist on choosing the most appropriate service, it is easy to lead you to a wrong architecture, because this is a collection of services and methods, not a story of just one service.
Eg: When a customer needs a Relational database, RDS comes to mind, but don’t forget you could also use EC2 and launch the database on its instance. Why do it, because of the cost, because there are features of the database that RDS does not support.
When customers think of storing static data, you think of S3. But actually, saving in EBS, EFS is also a way.
When facing a problem, the answers will gather a lot of services and methods to solve it. Your job is to choose the most suitable method, only the most suitable service is not enough.
Do what customers ask
This is a very common error I encounter. Each question will present a lot of problems, you must focus on only one of it: What the customer really wants. These could be requests:
- How to optimize price?
- How to reduce latency?
- How to shorten time?
Why is it a problem? Because the content of the question will be very rambling and make you think its request in a wrong way.
Eg: Customer has a website being deployed in region us-east-1, using EC2 instance and Application Load Balancer, Auto Scaling Group. The website has about 1 million users worldwide. Customers find that users accessing from Asia will experience significant latency. Ask how to optimize the price?
Global access, high latency, optimal price, you can think of CloudFront. However, CloudFront is not exactly price-optimized too much, sometimes even increasing costs, while customer requirements are price-optimized. So you have to think about Spot Instances, Reserved Instances. So, your job is to choose the answer to the question, don’t let other things distract you.
Time management
You have 170 minutes (or 200 minutes if you request as ESL) to solve 75 questions. However, the topic is very long. In addition to the pressure of the exam, it is easy to get immersed in some difficult questions and waste a lot of time. Try to practice solving each question within 2 or 2.5 minutes. The rest of the time will be to review the sentences marked with review.
Also do not mark the review too many, should only mark the review under 20 sentences. For questions you don’t know or think you can’t answer, answer indiscriminately and don’t look back, spend your precious time on questions that are more likely to earn points.
Conclude
The AWS Certified Solutions Architect — Professional exam is tough. You need a very strong determination to overcome. But whether you pass or not, it doesn’t matter, what matters is that you will gain various knowledge, and it help you in real career path.
