Open in app

Sign in

Write

Sign in

How Did I Pass my AWS Solution Architect Exam

Manish Singh
8 min readApr 5, 2021

--

It took me 3 years of procrastination to do this, so yeah, that long. I started thinking about this in 2018 and finally passed it in 2021. One thing that created a barrier for me was multitasking, some people are good at and some people are really bad at this. So, if you try to do multitasking and try to achieve multiple things at the same time and not seeing success, I would highly recommend prioritizing. I try to break down my tasks into the immediate future, mid future, and far away in the future (short, medium, long term goals).

During 2018, I was busy with my MBA and at the same time, I was learning something new related to my tech space. So, it created a puzzling situation for me at that time on where should I focus my energy. Definitely, MBA took the precedence since it was important and I had to perform well in my weekly exams and than my Job, since, I am doing that full-time and then AWS.

I am an iOS engineer primarily focusing on front-end and APIs, so, I do not interact with AWS console or its related features in my job daily. This was the other reason that made my mind put this at the bottom of my prioritization list.

But, at this point, in the year 2021, I have completed all the tasks that I was working on, I am done with my MBA and other priorities. So, I focused well on my AWS exam. During this time as well, I took 3 months for preparation because I really wanted to get comfortable with the terms AWS uses such as VPC, EC2, etc. All these become so much intimidating when you read about them.

So, I started from acloudGuru videos and watched all of them by skipping the lab sections for now as I wanted to get theoretical understating and then spend time on labs if I get time for that. I spent a lot of my time on the VPC section and EC2.

After I went through the acloudGuru, I switched to taking practice exams on whizlabs. whizlabs provides a really great resource for practice questions. I have noticed that their questions are tough compared to the actual exam but they do prepare you well for the actual exam since they cover every section of AWS.

One strategy that worked out for me was referring back cloud guru exam tips videos. So, for example, when I completed my first full mock exam in whizlabs, I noted which sections I did not do good or which questions were confusing and then referred to their explanations through the either whizlabs explanations or just went through the entire section in acloudguru. whizlabs has done a great job by posting a explanation for all of their questions and also link back to the document from AWS documentation, and reading those helped me a lot too.

Some of the great reading materials sources.

  1. acloudGuru subscription, is the best for study material especially their exam tips part for the last couple of days before the exam.
  2. whizlabs for practicing questions. I have found that these questions are much harder than actual AWS exam questions but they definitely prepare you very well for the actual exam.
  3. I have also found these https://digitalcloud.training/certification-training/aws-solutions-architect-associate/ very helpful for the theoretical overview, they are very detailed.

You should definetly cover following topics going into the exam,

VPC

  • Definitely read about VPC, it comes a lot.
  • Know, how to structure public and private subnet NACL, security group, route tables. So, be prepared for questions like how to set up secure communication between your database hosted in a private subnet to your web application hosted in a public subnet. How can you access your private database securely through SSH ( through bastion host)
  • Know how to set up VPC peering, what is supported through VPC peering? what is the benefit of it? Sharing NAT Gateway is not supported in VPC peering.
  • Know when to use Direct connect and VPN and why you need two tunnels for VPN etc.?
  • When to use VPC endpoints, its cost-benefit, and security benefit. Remember, It Enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection
  • Know which services are supported through gateway endpoints such as S3 and DynamoDB and interface endpoint.
  • Spend some time on how CIDR blocks are set up, you might not get a lot of questions from this but remember you can always add a secondary CIDR block in a VPC.
  • Transit gateway works as a hub and spoke model to other accounts VPCs using VPC attachment.

NACL (Network Access Control List)

  • When you create a VPC you get a default NACL attached to it. Remember it's at the subnet level, not the instance level.
  • By Default NACLs allow all traffic inbound and outbound.
  • Network ACL is stateless: responses to allowed inbound traffic are subject to the rules of outbound traffic
  • Rule number. Rules are evaluated starting with the lowest numbered rule. As soon as a rule matches traffic, it’s applied regardless of any higher-numbered rule that might contradict it.
  • * is used to capture any packet which is not covered from any other existing rule number in the table.

Security Group

  • When you create a VPC you get a default Security Group attached to it. Remember it's at the instance level, not the subnet level.
  • By default security group has no inbound rules. Therefore, no inbound traffic originating from another host to your instance is allowed until you add inbound rules to the security group.
  • Security groups are stateful.
  • You can specify allow rules but not deny rules.

NAT

  • Difference between NAT instances and NAT Gateway, Remember you should always choose NAT Gateway because it can scale out vs NAT instances which can scale up ( you might need to change the underlying instance type to support more bandwidth). It is recommended to add more NAT Gateway per AZ.
  • With NAT instances always disable source destination checks.
  • NAT Gateway is used to give private subnet access to the internet so that it can download software patches or any upgrades.

EC2

  • Placement groups such as Cluster, Partition, Spread know their differences and when to use what.

EBS

  • Know all 4 different types and know their differences in IOPS etc. Know which one is better for Big Data and which one is better for high IOPS and which one can be used for cost efficiency for Infrequently accessed data.
  • Know about Hibernate such as it is something that can help in pre-warming of EC2 instance so that it can boot up faster. Hibernate is not supported through ASG (auto-scaling group).

EN, ENI, EFA

  • EN used to achieve speed between 10B to 100GB.
  • EFA for Machine learning and OS bypass

S3

  • Lifecycle methods such as transition and expiration action.
  • Remember S3 supports up to 5TB of file size and in a single upload, it is recommended to use multipart if the file size is greater than 100MB.
  • The largest file for a single PUT is 5GB.
  • A bucket can have objects stored in a different storage class.
  • Different storage classes.
  • Bucket policies, ACLs. Remember ACLs can be applied at the object level.
  • Remember intelligent tier is an intelligent storage class that uses pattern to move files from one storage class to another.
  • Know about the storage gateway and when to use it.
  • Pricing, It’s important and some questions might come up but I did not see a lot but do learn about them.
  • S3 bucket policies: Server access logging, object-level logging, versioning, static website hosting, tags, transfer acceleration, events for notifications messages.
  • S3 provides the eventual consistency for the for overwrites PUTS, DELETE in all regions. This means if an overwrite is in progress and we make a GET call then we might get either old or new data due to eventual consistency.
  • Amazon S3 glacier select can be used to fetch data directly from Amazon S3 Glacier. For this to work, the data should be stored using CSV, JSON, Apache Parquet, Gzip, and BZip2 format with CSV or JSON format with server-side encryption.

Route 53

Routing Policy type

Simple

Failover

Geolocation

Geoproximity

Latency

Multivalue

Weighted

CloudFront

  • It’s a front-facing module that is used to cache static content such CSS, images, pdf, etc to give users a seamless experience. It automatically redirects the request to a copy of the file at the nearest edge location.
  • It can be configured to look for certain query parameters to serve for content based on that.
  • Cloudfront query string does not support RTMP. it only supports Web distribution, delimiter for the query should be & and names and query string is case sensitive.

EFS

  • Know about them, I saw a couple of questions for this. So, in short when you need a shared file system AWS then you can use these.
  • Know that encryption can only be enabled at rest during EFS creation and for transits, it is during mounting.

RDS

  • Definitely know when to use read replica and don’t get confused between Multi-AZ and read replica.
  • Multi-AZ is used for disaster recovery and read replica is used to increase read performance.
  • AWS aurora
  • AWS Organization
  • Read about consolidated billing, if you have multiple accounts in an organization.

Lambdas

  • Did not see many questions for this 1–2 maximum.
  • It comes in conjunction with API Gateway.
  • Do Remember when there multiple requests Lambda triggers multiple instances of the same functions, not multiple functions.
  • Charge happens as follows $0.20 per 1M requests
  • Amount of memory allocated to the function.
  • Lambda supports, Node.js, Java, Python, C#, go.

Kinesis

  • It's important so do understand the difference between firehose, stream, and analytics types.
  • Kinesis stream can not directly upload data to Redshift a middleware is required whereas Kineses firehose can do that.
  • Kinesis stream default retention is 24 hours but it can support upto 168 hours (7 days).
  • Kinesis has persistence whereas kinesis firehose does not
  • Kinesis firehose can be used to perform compression, batch, or encryption on the real-time stream.
  • Kinses uses VPC interface endpoint.
  • SQS, SNS: Know one is poll-based and another one is push-based.
  • SQS dead letter queue is used to separate problematic messages from the queue.
  • Know what are some of the AWS services are connected with SNS and how SQS helps with the incoming traffic
  • Know that there are two types of SQS as Standard and FIFO. So, if you are using standard then the order is not guaranteed but it is with FIFO.

IAM

  • I saw a couple of questions but not a lot.
  • It comes in conjunction with EC2, definitely role piece of IAM is important, and spend some good amount of time on this but do understand group, user and policies too.
  • WAF, AWS shield: Did not see a lot of questions but do understand them as they are important for web architecture.

Conclusion

Practice, practice, and can’t stress enough on that. Definitely cover whizlabs questions, all of them, and repeat them. It will make you comfortable with all the terms such as VPC and CIDR blocks etc. For me, when I started that was the main reason for procrastination, It was intimidating to get comfortable with these terms as I do not use them on my job. So, it’s kind of kept me away. But, with practice, you will get it too. If you have any questions, please feel free to reach out to me Linkedin.

Aws Certification

--

--

Manish Singh
Manish Singh

Written by Manish Singh

15 Followers
9 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams