You are looking to take the AWS Certified Solutions Architect — Professional certification exam. Today I will help you with some tips & tricks that I learned during my professional exam preparation two years ago.
How I PASSED the New AWS Solutions Architect Professional?
Another guide to the certification exam, probably reading the White Paper, watching videos on YouTube, taking that course, etc. No! Such articles are present on the internet a lot. I can get you some:
- How I PASSED the New AWS Solutions Architect Professional (Feb 2019 version) exam last March 9!
- AWS Certified Solutions Architect --- Professional 2019 (feedback)
- My AWS Solution Architect Professional Certification Experience
- My path to AWS Certified Solutions Architect --- Professional
- Passed SA Pro today
Those articles are already too many, and adding one of mine is nothing more. Are the other people correct? Right. But to do it is not as easy as it sounds. The exam depends on your ability to learn and your background knowledge. If you study for four months, you will die (I have looked for a whole year, what a shame), but you could still don't pass no matter an entire year's preparation.
What is the standard learning path?
In general, The path to passing the AWS certification exam includes (don't miss anything):
1. Read White papers
There are hundreds of White papers, some with thousands of pages. Can you read it all? No matter how many you read, how much are you able to remember?
I just checked, now there are 314 White Paper & Guides; you can check them at AWS Whitepapers & Guides.
You should read all the essential White Papers mentioned in those articles above.
2. Read FAQs
FAQs are also important. You should read all.
3. Watch AWS re:Invent, This Is My Architecture in YouTube
If you don't have much chance to try services architectures (like me), these videos are beneficial. They show you how a service should be used in actual projects (the exam too, of course) and how a group of services interact in architecture to resolve problems.
4. Take some online/offline courses
It is the easiest to access. Many (most) AWS courses are available, both paid and paid. AWS also has some Exam Readiness (Free) to guide you through the exam questions
Exam Readiness: AWS Certified Solutions Architect --- Professional
There are many types of courses, but they are not enough in general. Especially some of the default courses require you to have a good knowledge of AWS and the overview for you. If you stick to them only, failure is inevitable.
I found a precious course on Udemy. It could be more expensive than usual, but the author deserves it.
Fun Fact: The first time I took the exam, It hit me in the face with a service called Amazon Mechanical Turk, which didn't appear in any of the White Papers, FAQs, or AWS Console. I think it is a question that has not been scored, so don't worry if AWS gives you such a surprise.
5. Practice
Those learning materials are certainly informative, but it's hard to remember them all if you just read them and watch them do it. Practicing helps you understand better reflect better. Never skip practice any service.
6. Learn English
It's serious. It depends on the certification level you take the exam. With Professional, I took the exam, and all questions are very long; printing must also be over 50 pages. As I read and thought of the answer, it was indeed a terrible sprint. For test takers whose native language is not English (non-English speakers or English as a Second Language), AWS allows you to request accommodations, whereby you get a bonus of 30 minutes each time, so take advantage of it.
Many of you are probably shocked and don't dare to study, but that's the truth. This test is challenging, requiring hundreds of hours of study and practice. You should have terrible determination to make it through. Fortunately, Amazon will only test you on a few essential services. If you know (to the point of mastering) them, you have achieved over 80%. And if you don't understand these services and lose points, then strange services you never touch will be a lifesaver, but it is boundless knowledge. That is why AWS Solutions Architect Professional is touched, it is difficult to understand something deeply, and if it is broad, it is too wide to understand it all.
Tip & Trick
I'm not a person who can remember well. I tried to learn by going from service to service and memorizing them. According to statistics, I have read at least 47 full books about AWS, about 10--20 White Papers. However, the more I try to remember, the more I forget, learning 10--20 services, overlooking the first ones, reading a lot of books also forgetting quite a bit. So, I chose to study on my own.
Service classification
AWS has already categorized it for you at https://aws.amazon.com/products/
Service classification is critical. It helps you know what you face and how you deal with it. If you encounter a storage service, you need to know security, capacity, availability, and reliability. If you use databases, remember it is RDBMS or NoSQL, cache, or Big data.
It also helps you to remember the service better. There are various service names you have never heard before, so classification helps you have some idea about it. For instance, EC2 Auto Scaling or Elastic Load Balancer sounds reminiscent, but what do you think Neptune's purpose? Universe? Snowball, Glacier, etc.
Based on Well-Architected Framework's Five Pillars
Well-Architected Framework provides guidelines to help customers deploy systems on AWS. The framework offers five main pillars:
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
- Operational Excellence
When encountering any service, you need to think about these pillars.
1. Security
AWS places great emphasis on security across all architects. There are two main types of security that you need to know:
- Security operations
- Data protection
Security operations
There are always employees who do wrong things they are not authorized to do or should not do. Those are why there are services like IAM, Organizations, Cognito, CloudTrail, etc. When learning a specific service, you must know how to grant access or limit it. Amazon S3, how to not allow others to publish it? How do I allow access to someone with another AWS account (and only them)? How to prevent someone from Terminating EC2 instances? Knowing what a service can do is important, but securing it is just as important.
Data protection
You must get used to the concept of Encrypt at rest and Encrypt in transit. Is data stored in Storage encrypted? Is it encrypted when transferring data to the internet or on-premises via VPN? Most services are encrypted in transit by default, but encrypt at rest is not (Encryption is not enabled by default on EBS). There are still a lot of demanding customers out there. They require even more security. Have to use CloudHSM, use their certificate, or use end-to-end encryption too, and it's tough as well. You will become confusing with such services as KMS, CloudHSM, Direct Connect, Security Hub, Transit Gateway, VPN, etc... Still, it will frequently appear in the exam because that's how enterprise applications are built.
2. Resiliency: Availability and Disaster Recovery (DR)
High Availability, Blue/Green Deployment, Zero Down Time, Uptime, service level agreement (SLA), recovery time objective (RTO), recovery point objective (RPO), Redundancy, Failback, etc. You must go into deep dives on it.
Maybe the projects you have done or are doing are at an elementary level: one server, one database, one data center, etc. Stop and start again. But when it came to AWS, the architecture standard took a new high level. Your system must be redundant for everything: hardware failure leading to server stop or data loss. Possibilities like hurricanes, earthquakes, and volcanoes destroy a data center. Even, you have to consider the case of the main error from AWS.
You need to know four ways to preserve the system
- Backup and Restore
- Pilot Light
- Warm Standby
- Multi-site Example
For example, EC2 only guarantees 95.0% availability, which means every 1 hour, EC2 can be down for 3 minutes. We need to combine with Auto Scaling Group, Load Balancer to increase availability. More advanced, use Cross-region Load Balancer, Multi-site between AWS infrastructure and on-premises. The Serverless option can also be considered as an alternative. What about data? EC2 stores data in EBS. How to ensure no data loss? By now, you will probably have to know things like RAID, Snapshot, Point-in-time-recovery (PITR).
Similarly, in RDS, we have RDS snapshot, backtrack, Replica, Multi-AZ, etc. With ElastiCache, there is also Multi A-Z, Failover, Append Only Files (AOF)...You also need to know how long it takes to recover (RTO) and how much data can be lost (RPO). If customers need to restore the system within 1 hour, storing it in Glacier is wrong.
Refer
- Rapidly recover mission-critical systems in a disaster
- AWS High Availability: Compute, SQL and Storage
- High Availability for Mere Mortals
3. Performance
The performance here is understood as using computing resources to meet system requirements and maintain performance when conditions change or technology evolves. Some of the issues raised could be:
- Latency
- IOPS
- Throughput
When choosing a service to use for your architecture, there are four types of resources you need to consider: compute, storage, database, and network.
Compute
There are three main types of computing:
- Instance: a virtual server, typically EC2 and Lightsail. You can use EC2 to solve everything if there is no other option. For example, launch a MySQL server inside an EC2 instance.
- Container: this is a way of virtualizing the operating system, I can immediately think of Docker, Kubernetes. With AWS, think about ECS, Fargate, and EKS. When to use Container instead of Instance? Most of the answers (in the test) will be customers who already use on-premises containers and want to spend the least amount of effort if migrating to AWS.
- Function: focus on code and run without having to manage instances. Functions have three essential benefits: minimal management effort, outstanding scalability and are particularly suitable for event-based programs.
Storage
There are three main types of storage:
- Object Storage: just S3
- Block Storage: just EBS
- File Storage: EFS, FSx
In my opinion, Storage Gateway should also be included here. The storage classification doesn't make much sense either. You can save it in Object Storage, Block Storage, or File Storage with a file. However, there is a slight difference. E.g., S3 is limited to 3,500 PUT/COPY/POST/DELETE and 5,500 GET/HEAD requests per second per prefix (directory name), and don't forget there's also a KMS limit if you choose to encrypt. And yet, accessing files from S3 will have extremely high latency. Think about them when you use them. With EBS, it is necessary to know the difference between the volume types, which are optimal for IOPS? Which are optimal for Throughput? If you need even higher performance, you can think of RAID, but what are the disadvantages of RAID? Data loss, Downtime. EBS still has certain limitations: IOPS, Throughput, Hybrid Storage, Limit storage size, Sharing, Availability, etc. Then you will need to use EFS.
Database
Databases can be divided into seven types:
- Relational: RDS
- Key-Value: DynamoDB, or maybe even Redis
- Document: DocumentDB
- In-Memory: ElastiCache, MemoryDB (new)
- Graph: Neptune
- Time-Series: Timestream
- Ledger: QLDB
Each type of database will be used for different purposes, but sometimes it is not too noticeable.
E.g., Customers using MySQL on-premises does not mean that going to AWS is required to use RDS. That's also just an option. Another option could be MySQL on EC2 instance, converting MySQL to DynamoDB.
If you want a database with high access frequency low latency, it can be DynamoDB, but if the data is not too necessary, ElastiCache is also a good choice.
In general, the database selection problem is not too complex. Usually, the question will revolve around the issue of optimizing a particular type of database.
E.g., the customer is using MySQL on RDS and is noticing slow response as traffic increases. Think about multi-writer, multi-reader, and maybe even ElastiCache to reduce RDS load.
Refer:
Network
All AWS components are connected through a network, AWS's private network, or the internet.
EC2 instances connect to EBS through the internal network; Route53, CloudFront, S3 in/out internet; the connection between AWS and on-premises... In this regard, there are several standard solutions:
- CloudFront can reduce latency when accessing global
- Deploying (adding a system) on a region near the user is also the best way to reduce latency
- Upload/Download on S3 is slow: Use S3 transfer acceleration
- Connecting to On-premises using VPN is slow: Spend more money to use Direct Connect
- Latency-Based Routing in Amazon Route 53
- Use VPC Endpoints to use AWS's internal network Refer
- PERF 1: How do you select the best performing architecture?
- PERF 2: How do you select your compute solution?
- PERF 3: How do you select your storage solution?
- PERF 4: How do you select your database solution?
- PERF 5: How do you configure your networking solution?
- PERF 6: How do you evolve your workload to take advantage of new releases?
- PERF 7: How do you monitor your resources to ensure they are performing?
- PERF 8: How do you use tradeoffs to improve performance?
- Performance Efficiency
4. Cost
Usually, there are two scenarios:
- Customers already have the system and want to reduce the price
- Customers want to migrate to AWS for the lowest possible price.
So how to optimize the price:
- Choose cheaper services. When to use Kinesis instead of SQS? When to use a VPN instead of Direct Connect? When to use Spot Instances?
- Remove unnecessary resources.
- Commitment: Savings Plans, Reserved Instances
- Cost Management: Consolidated Billing, Cost Allocation Tags, Trust Advisor,...
And finally, remember, optimizing for price also comes at the expense of other things (performance, availability, reliability, security, etc.). The architecture you choose may not be perfect, but it is still the correct answer if it is feasible and the most cost-effective according to the customer's requirements.
5. Operational Excellence
"The Operational Excellence pillar includes the ability to support development and run workloads effectively, gain insight into their operations, and to continuously improve supporting processes and procedures to deliver business value"
It depends on services, but there are some common aspects:
- Infrastructure as code: in short, CloudFormation, Opsworks. You don't need to understand what Ansible or Puppet is, but you should know what Opsworks is and what it is suitable for. You also don't need to master the CloudFormation template, but you must know some basic syntax and create some services by CloudFormation, such as VPC, Subnets, RDS...
- Basic settings: some services have unique settings you must be familiar. E.g.: could I change Lambda CPU configuration? Restore an RDS snapshot, make a failover on an RDS instance? Change Launch Template, etc.
- Monitoring, Incident response: logging, metric visualizer, alarms, incident management, and remediation
- Some managed operator services: there are some services you should get to know, such as CloudTrail, Config, Personal Health Dashboard, Organizations, Service Catalog, Systems Manager. Refer
- https://wa.aws.amazon.com/wellarchitected/2020-07-02T19-33-23/wat.pillar.operationalExcellence.en.html
Don't trust keywords
When taking the exam, many of you will have a trick that believes in the keyword, see this keyword, and immediately decide. But here, things are not so clear. If you insist on choosing the most appropriate service, it is easy to lead you to the wrong architecture because this is a collection of services and methods, not a story of just one service.
E.g., When a customer needs a Relational database, RDS comes to mind, but don't forget you could also use EC2 and launch the database on its instance. Why does it? Because of the cost, there are features of the database that RDS does not support.
When customers think of storing static data, you think of S3. But, saving in EBS, EFS is also away.
When facing a problem, the answers will gather a lot of services and methods to solve it. Your job is to choose the most suitable plan, only the most appropriate service is not enough.
Do what customers ask
There are widespread errors I have encountered. Each question will present many problems, and you must focus on only some of them: What the customer wants. These could be requests:
- How to optimize price?
- How to reduce latency?
- How to shorten the processing time?
Why is it a problem? Because the content of the question will be very rambling and make you think of its request in the wrong way.
E.g., The customer has a website deployed in region us-east-1, using EC2 instance and Application Load Balancer, Auto Scaling Group. The website has about 1 million users worldwide. Customers find that users accessing from Asia will experience significant latency. Ask how to optimize the price?
You can think of CloudFront with global access, high latency, and optimal price. However, CloudFront is not price-optimized too much, sometimes even increasing costs, while customer requirements are price-optimized. So you have to think about Spot Instances, Reserved Instances. So, your job is to choose the answer to the question, don't let other things distract you.
Time management
You have 170 minutes (or 200 minutes if you request as ESL) to solve 75 questions. However, the topic is very long. Furthermore, to the pressure of the exam, it is easy to get immersed in some difficult questions and waste a lot of time. Try to practice solving each question within 2 or 2.5 minutes. I will review the sentences marked with review the rest of the time.
Also, do not mark the review too many. Should only keep the check under 20 sentences. For questions you don't know or think you can't answer, answer indiscriminately and don't look back; spend your precious time on questions that are more likely to earn points.
Conclude
The AWS Certified Solutions Architect --- Professional exam is challenging. You need a solid determination to overcome. But whether you pass or not, it doesn't matter; what matters is that you will gain various knowledge, which will help you in a real career path.