AWS Solutions Architect Associate Exam Study Guide And Crib Sheet[SAA-C02]Feb 03, 2022
AWS Solutions Architect Associate Exam Study Guide And Crib Sheet[SAA-C02]
The AWS Certified Solutions Architect – Associate exam is intended for individuals who perform in a solutions architect role. The exam validates a candidate’s ability to design secure and robust solutions by using AWS technologies.
The exam also validates a candidate’s ability to complete the following tasks: Design a solution by using appropriate AWS services and by following architectural principles based on requirements.
Provide implementation guidance based on best practices to the organization throughout the workload lifecycle.
Domain 1: Design Resilient Architectures – 30%
1.1 Design a Multi-tier Architecture Solution
Determine a solution design based on access patterns
Common AWS access patterns for your workforce
Architectural patterns for data lakes on AWS
Identify your data access patterns
Analyze access patterns in Amazon WorkSpaces
Determine a scaling strategy for components used in a design
Scale your web app: one step at a time
Scaling on AWS part I: A Primer
Select an appropriate database based on requirements
How do you select your database solution?
Select the right database for your application
Database architecture selection
Select an appropriate compute and storage service based on requirements
How do you select your compute solution?
How to choose a compute option?
Compute architecture selection
How do you select your storage solution?
Object storage classes in Amazon S3Demystify the Solutions Architect Associate Exam
1.2 Design Highly Available and/or Fault-tolerant Architectures
Determine the amount of resources needed to provide a fault-tolerant architecture across Availability Zones
Achieving fault-tolerance & redundancy
Select a highly available configuration to mitigate single points of failure
Remove single points of failure by using a High-Availability partition group
Eliminate single points of failure with High Availability clustering
Apply AWS services to improve the reliability of legacy applications when application changes are not possible
Demystify legacy migration options to AWS
Optimize a lift-and-shift for performance
Select an appropriate disaster recovery strategy to meet business requirements
How do you plan for disaster recovery (DR)?
Disaster recovery options in the cloud
Disaster Recovery (DR) architecture on AWS
Identify key performance indicators to ensure the high availability of the solution
Example implementations for availability goals
Monitor your resources to ensure they are performing
AWS Monitoring: Metrics to watch out for
1.3 Design Decoupling Mechanisms Using AWS Services
Determine which AWS services can be leveraged to achieve loose coupling of components
Building loosely coupled, scalable apps with Amazon SQS & SNS
Decoupling with SQS, SimpleDB, & SNS
Determine when to leverage serverless technologies to enable decoupling
Decouple larger applications with EventBridge
Decoupled serverless scheduler to run HPC apps
1.4 Choose Appropriate Resilient Storage
Define a strategy to ensure the durability of data
Amazon S3 Reduced Redundancy Storage (RRS)
Backup and data protection solutions
Strategies to ensure data durability
Identify how data service consistency will affect the operation of the application
Architect data quality on the AWS Cloud
DAX and DynamoDB consistency models
Select data services that will meet the access requirements of the application
Data Lakes and analytics on AWS
Best practices for securing sensitive data in AWS data stores
Identify storage services that can be used with hybrid or non-cloud-native applications
Storage services for hybrid cloud
Domain 2: Design High-performing Architectures – 28%
2.1 Identify Elastic and Scalable Compute Solutions for a Workload
Select the appropriate instance(s) based on Compute, storage, and networking requirements
Choosing the right EC2 instance type for your application
Determine appropriate EC2 instance type for your workload
Get recommendations for an instance type
Storage in Amazon Elastic Compute Cloud
Choose the appropriate architecture and services that scale to meet performance requirements
How do you select the best-performing architecture?
Compute architecture selection
Optimize performance for your AWS compute
Identify metrics to monitor the performance of the solution
Using Amazon CloudWatch metrics
Monitoring performance with CloudWatch dashboards
Monitor performance of Amazon ECS applicationsAWS Solutions Architect Associate Exam Tips
2.2 Select High-performing and Scalable Storage Solutions for a Workload
Select a storage service and configuration that meets performance demands
Storage architecture selection
Performance Efficiency design principles
How do you select your storage solution?
Determine storage services that can scale to accommodate future needs
Amazon Simple Storage Service (s3)
Best Practices: Optimizing Amazon S3 Performance
Design Patterns: Optimizing Amazon S3 performance whitepaper
Performance Guidelines for Amazon S3
Scale indefinitely on S3 with these secrets of the S3 masters
How to optimize the performance of Amazon EBS volumes?
How to optimize Amazon Elastic Block Store for higher performance?
AWS EBS volumes push the scalability envelope
File system storage
What is Amazon Elastic File System?
Getting the best performance out of Amazon EFS
Amazon Elastic File System (EFS): Scale Durable File Systems
Horizontal scaling using Amazon Elastic File System
What is Amazon FSx for Windows File Server?
Amazon FSx for Lustre Performance
Amazon FSx for Windows File Server Performance
Amazon FSx for Lustre: Dive on high-performance file storage
Walkthrough: Scaling-out performance with Shards
Amazon S3 Glacier Deep Archive
Other Storage solutions for high-performance
2.3 Select High-performing Networking Solutions for a Workload
Select appropriate AWS connectivity options to meet performance demands
Network-to-Amazon VPC connectivity options
Amazon VPC-to-Amazon VPC connectivity options
Software remote access-to-Amazon VPC connectivity options
Select appropriate features to optimize connectivity to AWS public services
How do you configure your networking solution?
Network architecture selection
Optimizing latency and bandwidth for AWS Traffic
Achieve up to 60% better performance with Global Accelerator
Determine an edge caching strategy to provide performance benefits
How caching works with CloudFront edge locations?
Select appropriate data transfer service for migration and/or ingestion
Top 10 data migration best practices
Migrating data to AWS: understanding your options
Other AWS networking services for building high-performing networking solutions are:
AWS Global Accelerator
It creates accelerators to improve the performance of your app by directing traffic to the best-suited endpoints in the AWS network
Get started with AWS Global Accelerator
Achieve up to 60% better performance with Global Accelerator
Improve application performance for your traffic with Global Accelerator
Global Accelerator: Building performant applications
AWS Direct Connect
Establishes a dedicated network connection from the on-premises network to the cloud
AWS Direct Connect (for connecting to the on-premises network)
Connect your data center to AWS with Direct Connect
AWS Virtual Private Network
Getting started – AWS Site-to-Site VPN
Improve VPN Network Performance with Global Accelerator
Troubleshoot low bandwidth issues on my VPN connection
AWS Transit Gateway
A cloud router. It connects multiple VPCs in your account with the on-premises network (if needed) with a central hub. Replaces many 1-1 connections between the VPCs.
Scaling VPN throughput using AWS Transit Gateway
Increasing bandwidth between VPCs by using Transit Gateway
CloudFront is a Content Delivery Network (CDN). It stores a copy of your website assets in different edge locations around the world. When a user requests a resource, it is served from the nearest edge location, thereby reducing latency.
Improve your website performance with CloudFront
Amazon S3+CloudFront: A match made in the Cloud
For running AWS infrastructure and other services in an on-premises environment. So you needn’t move your sensitive data to the cloud. You move the cloud to the location of your data.
AWS Local Zones
Moves AWS Compute, Storage, DBs closer to centers where no AWS regions exist.
Low-latency computing with AWS Local Zones
Why Outposts, Local Zones, & Wavelength are game-changing for enterprises?
Move AWS services to the edge of the 5G network, so traffic from 5G devices can reach servers in Wavelength Zones.
Introduction to AWS Wavelength
AWS Wavelength for delivering ultra-low latency apps for 5G
Use Wavelength to deliver apps that require ultra-low latency
2.4 Choose High-performing Database Solutions for a Workload
Select an appropriate database scaling strategy
Database scaling strategies for startups
Scaling your application with AWS Relational Databases
Auto-scaling a MySQL database to meet fluctuating demand
Managing scaling for Aurora DB clusters
Determine when database caching is required for performance improvement
Database caching strategies using Redis
Boost MySQL DB performance with ElastiCache for Redis
Caching for performance with ElastiCache
Choose a suitable database service to meet performance needs
How do you select your database solution?
How to choose the right database?
AWS databases: How to choose the right one?
Other articles for understanding how to choose high-performing database solutions
Simple stuff, data tables related to each other via primary-foreign key relationships. A great fit for transactions (OLTP) in the financial world.
Configuring parameters related to performance
Managing Performance for Aurora DB Clusters
Deep Dive on Amazon Aurora performance tuning
Top 10 performance tuning techniques for Amazon Redshift
Improving Amazon Redshift Performance
A type of NoSQL database (not only SQL). The unique identifier is the key. The value can be any data structure. It is widely used by web applications for storing user session details.
Best practices for designing and architecting with DynamoDB
Amazon DynamoDB: Performance & cost optimization at any scale
A database that’s housed in memory (RAM) instead of the disk. So it is volatile (you lose all data on failure) but gives you faster response times. Widely used in BI applications, so the user can drill down/up or filter the report across dimensions with minimal latency.
Amazon ElastiCache for Memcached
Boosting performance with Amazon ElastiCache for Redis
Performance at Scale with Amazon ElastiCache
Accelerate Application Performance with Amazon ElastiCache
Data is stored in JSON-like documents. Used when the data is not relational. For example, scanned images, PDF files, etc., In manufacturing aircraft, different parts have a different number of attributes. Storing the information in the Document database can accommodate for the potential increase in the attributes required.
Best practices for Amazon DocumentDB
A graph database is best used to describe relationships between entities. These databases consist of nodes (store data entities) and edges (store relationships between entities). They are mostly used in recommendation engines in e-commerce and social media applications.
Performance and Scaling in Amazon Neptune
Used for monitoring software/financial/physical systems like equipment & machinery where there is a heavy dependence on time.
Wikipedia: Time series database
Do I need a Ledger database? What is it?
Amazon Quantum Ledger Database (QLDB)
Database caching for high performance
Boosting database performance with Amazon ElastiCache for Redis
Supercharge query caching with AWS database services
Domain 3: Design Secure Applications and Architectures – 24%
3.1 Design Secure Access to AWS Resources
Determine when to choose between users, groups, and roles
IAM Identities (users, user groups, and roles)
When should you use AWS IAM roles vs. users?
Interpret the net effect of a given access policy
Understanding the IAM policy grammar
Policy summaries make understanding IAM policies easier
Select appropriate techniques to secure a root account
Best practices for securing AWS account
Determine ways to secure credentials using features of AWS IAM
AWS Identity & Access Management (IAM) features
Best practices for managing AWS access keys
Determine the secure method for an application to access AWS APIs
Control & manage access to a REST API
Evaluate access control methods to secure APIs
Control access to an API with IAM permissions
Select appropriate services to create traceability for access to AWS resources
Tracing S3 requests using AWS X-Ray
Track which users are accessing your S3 buckets
Security Pillar: AWS well-architected framework
AWS security design principles
Other approaches for securing access to AWS resources
a. Secure access credentials
AWS Security Token Service
Generates temporary security credentials that are limited in privileges and in duration. Enables you to provide access to users without creating AWS identities.
AWS Security Token Service API Reference
Temporary security credentials in IAM
IAM Instance profiles
A way for EC2 instances to access AWS APIs.
Create an IAM instance profile for your EC2 instances
Difference between an AWS role and an instance profile
b. Principle of least privileges
Granting least privileges in AWS
Defining least-privileged permissions for actions by AWS services
Remove unnecessary credentials
Organize several accounts into groups to create an organizational structure. Apply policies to individual organizational units or the entire organization.
Best practices for Organizational Units with AWS Organizations
3.2 Design Secure Application Tiers
Given traffic control requirements, determine when and how to use security groups and network ACLs
Security group rules for different use cases
Control network traffic with security groups
Determine a network segmentation strategy using public and private subnets
Improving security in the cloud with micro-segmentation
Making a case for network segmentation in AWS
Build a modular & scalable virtual network architecture
Select the appropriate routing mechanism to securely access AWS service endpoints or internet-based resources from Amazon VPC
Internet routing & traffic engineering
Select appropriate AWS services to protect applications from external threats
Protecting from external threats
How do you protect your network resources?
Other important articles for securing application tiers
Building three-tier architectures with security groups
Three Tier Architecture for Web Applications in AWS
Secure an AWS Three-tier Web Architecture
Create and Configure App-Tier Security Group
Create and Configure Data-Tier Security Group
Setting up a basic two-tier web application in Amazon Web Services
3.3 Select Appropriate Data Security Options
Determine the policies that need to be applied to objects based on access patterns
Select appropriate encryption options for data at rest and in transit for AWS services
Encrypting data-at-rest and -in-transit
How do you protect your data in transit?
Select appropriate key management options based on requirements
Different approaches to consider for data security in AWS
a. Data Classification
Analyzing and organizing data based on criticality and sensitivity so that appropriate data protection controls can be applied. For example, if you store sensitive data in your S3 buckets, then you can classify such objects with the help of object tagging.
Tagging your Amazon EC2 resources
Encryption transforms the sensitive content into a form that is unreadable to the hacker without the secret key (the reverse process is decryption).
Tokenization defines a token to represent a sensitive piece of information.
A Deep Dive into AWS Encryption Services
Protect data using server-side encryption
Protect data using client-side encryption
c. Secure data at rest
Securing data at rest with encryption
Protect data at rest with EC2 Instance Store Encryption
How does Amazon S3 use AWS KMS?
Encrypt your S3 objects with AWS KMS key
How does Amazon EBS use AWS KMS?
Data encryption at rest for Amazon Glacier
d. Secure data in transit
How do you protect your data in transit?
Protecting data in transit with encryption
AWS Certificate Manager
Automate encryption in transit with ACM
Encryption in Transit with Amazon CloudFront
e. Backup/replicate/recover your data
How to backup files to Amazon S3?
Amazon S3 cross-region replication
Domain 4: Design Cost-optimized Architectures – 18%
4.1 Identify Cost-effective Storage Solutions
Determine the most cost-effective data storage options based on requirements
Cost-effective data management
Manage, analyze, & reduce storage costs
Optimizing storage costs using Amazon S3
5 Ways to reduce data storage costs using S3 Storage Lens
Apply automated processes to ensure that data over time is stored on storage tiers that minimize costs
S3 intelligent-tiering storage class
Amazon S3 intelligent-tiering automates storage cost savings
Intelligent-tiering adds automatic archiving
Cost optimization with S3 intelligent tiering
Cost-effective techniques for other AWS services
AWS storage optimization whitepaper
Cost optimization guidelines for Amazon S3
Amazon Elastic Block Store
EBS optimization strategies for better cost savings
4.2 Identify Cost-effective Compute and Database Services
Determine the most cost-effective Amazon EC2 billing options for each aspect of the workload
Understand Amazon EC2 instance-hours billing
Per-second billing for EC2 instances & EBS volumes
Billing management and cost control
Determine the most cost-effective database options based on requirements
Reduce database cost when you migrate to the cloud
Strategies to reduce Amazon RDS costs
Optimizing costs in Amazon RDS
Saving with AWS RDS: Identifying the top 3 cost drivers
Cost optimization for RDS in AWS
Optimize Amazon Aurora with MySQL
Reducing Aurora PostgreSQL storage I/O costs
4 steps to reduce your Amazon Redshift costs
Amazon Redshift cost optimization techniques
3 cost-cutting tips for Amazon DynamoDB
How to optimize DynamoDB & reduce costs?
10 tips to optimize your DynamoDB costs
Select appropriate scaling strategies from a cost perspective
Optimizing costs as you scale on AWS
Optimize costs with Auto Scaling
Performance and cost optimization at any scale
Select and size compute resources that are optimally suited for the workload
Provisioning instances to match workloads
Determine options to minimize total cost of ownership (TCO) through managed services and serverless architectures
TCO & cost optimization: Best practices for managing usage on AWS
Reduce TCO for your Linux file-based apps
Modernization your apps, and reduce TCO
Determine the TCO of serverless technologies
4.3 Design Cost-optimized Network Architectures
Identify when content delivery can be used to reduce costs
How to reduce Amazon Cloudfront costs?
Reduce data transfer costs with CloudFront
Reduce Amazon Cloudfront costs
Determine strategies to reduce data transfer costs within AWS
Use Cost Explorer to analyze data transfer costs
Reduce unexpected data transfer costs
Solving hidden network transfer costs
Determine the most cost-effective connectivity options between AWS and on-premises environments
How to connect your data center to AWS?
Connect On-premises to AWS cloud
How to Become a Cloud Engineer with no Experience in less than Six Months Webinar!
Who is the online seminar for
Anyone who wants to learn more about becoming a cloud engineer as fast as possible in a cost-efficient manner
Tuesday, February 8, 2022 9:00 AM EST
Hosted by Joe Holbrook
Some of the Courses on TechCommanders
On Techcommanders, we provide free Accredible Certificates that can be verified and posted online.
Coming in February 8th 2022. Cloud InterviewACE.
The best way to pass the Cloud Computing interviews. Period.
Cloud InterviewACE is an online training program & professional community mentored by industry veteran Joseph Holbrook (“The Cloud Tech Guy“), a pre/post sales guru in cloud.
Learn to pass the technical and even soft skills interviews from the starting basics to advanced topics covering presales, post sales focused objectives such cloud deployment, cloud architecting, cloud engineering, migrations and more. resume tips, preparation strategy, common mistakes, mock interviews, technical deep-dives, must-know tips, offer negotiation, and more. AWS, GCP and Azure will be covered.
Find Out more about Cloud InterviewACE from TechCommanders
Fast-track your career now!
This changes your world, what are you waiting for!
We are TechCommanders…
experts in Next Generation Technology Training.
TechCommanders is an online training platform for both aspiring and veteran IT professionals interested in next generation IT Skills.
TechCommanders is led by Joseph Holbrook, a highly sought-after technology industry veteran.
TechCommanders offers blended learning which allows the students to learn on demand but with live training.
Join TechCommanders Today.
Over 60 Courses and Practice Questions!
Coaching and CloudINterviewACE
Stay connected with news and updates!
Join our mailing list to receive the latest news and updates from our team.
Don't worry, your information will not be shared.
We hate SPAM. We will never sell your information, for any reason.