AWS Solutions Architect Associate 2017- ACloud Guru course

AWS Solutions Architect Associate

----- Interested Reads------
+ Interesting Read (Serverless Architecture of Acloud guru)
  https://read.acloud.guru/serverless-the-future-of-software-architecture-d4473ffed864
  
----- Getting Started-------
+ Requirements 
  + AWS Free Tier Account
  + PC with putty and putty keygen/ Mac
  + Optional
    + IoS/ Android App $20
    + Free Alexa Skill with 60 questions for each certification
    + Free course on how to code Alexa
    + Reddit AWS: https://www.reddit.com/r/AmazonWebServices/
    + Acloud guru youtube channel: https://www.youtube.com/acloudguru
    
----- Exam Blueprint-------
  
----- Services------- (* important - overview)
+ AWS Global Infrastructure
+ Compute
  *+ EC2
  -+ ECS
  
+ Network & CDN
  + Route 53
  *+ VPC (peering)
  + Cloud Front
  + Direct Connect
  
+ Databases
  + RDS
  + DynamoDB
  + RedShift
  + Elasticcache
  + Aurora
  
+ Storage
  *+ S3
  *+ EBS- Elastic Block Store
  + Glacier
  + Storage Gateway
  
+ Security & Identity
  + IAM
  Inspector
  Certificate Manager
  Directory Service
  WAF & Shield
  Compliance Reports
  
+ Management tools
  CloudWatch
  CloudFormation
  CloudTrail
  Config
  OpsWorks
  Service Catalog
  Trusted Advisor
  Managed Services
  
+ Desktop & App Streaming
  WorkSpaces
  AppStream 2.0
  
+ Messaging
  Simple Queue Service
  Simple Notification Service
  SES

+ Kinesis
+ API Gateway
+ Trusted Advisor, Billing

-+ Opsowork
-+ Codecommit
-+ FIFO SQS
-+ STS
  
------To-Do--------
+ Went thru videos on acloud once

+ AWS Solutions Architect Official Study guide

+ FAQs of EC2, S3, SQS, VPC etc.

+ Architect, Security, S3, EC2, EBS whitepapers

+ Topic cheat sheets on http://jayendrapatil.com

+ Practice free labs on Qwiklabs/ Hands on AWS

+ Complete the mini test or final test on acloud. I recommend going thru the tests couple of days ahead of actual test.  

+ Go thru official sample questions from AWS

I got Kinesis, CORS, API Gateway and STS questions

https://d0.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

I passed CSA exam with 94%. Ryan and team has done a great job in preparing the course for someone who is very new to the AWS platform. It lays a good foundation to understand the various AWS services and helps with setting up a direction to augment the course with self-learning. In addition to the course, it's important to go through the AWS FAQs and whitepapers to understand the concepts not only from the exam standpoint but also to gain knowledge that would be useful in developing the solutions in real life.

I'd suggest you to watch the re:Invent 2016 deep dive talks on some of the important services like VPC, EC2, S3 and RDS. Additionally, I'd suggest to focus on the following topics based on my experience of getting certified.

1. EBS Snapshots and its impact on the performance while the snapshot is in progress

2. S3 encryption

3. VPC subnets and troubleshooting the connectivity issues

4. Connecting VPC and corporate network

5. Backing up in-house storage to the AWS cloud - Storage Gateway

6. Route53 - CNAME, Alias and a record set

7. RDS - Read replica vs standby

8. ELB - Multi Zone load balancing and how it load balances across EC2 instances running in multiple AZs with different number of instances in each AZ

9. ACL vs Security groups

10. Which services provide root access to the underlying operating system - EC2, EMR, BeanStalk and OpsWorks

11. CloudWatch vs CloudTrail

12. Well Architected Framework - Security, Cost, Performance and, Reliability of the solution

13. VPC Peering

14. EC2 Placement Groups

15. Bastian/Jump Host

I have created a blog with posts on various AWS services along with some introduction to basic concepts that might be helpful for some of you looking for a quick refresher before the exam. These blogs also covers some of the topics that I highlighted above.

My AWS Blog-

https://asardana.com

Direct links to some of my posts pertaining to AWS

https://asardana.com/2017/04/30/aws-relational-database-service/

https://asardana.com/2017/01/21/aws-identity-and-access-management/

https://asardana.com/2017/01/22/aws-ec2-ebs-and-elb/

https://asardana.com/2017/01/29/aws-simple-storage-service-s3-and-storage-gateway/

https://asardana.com/2017/01/29/aws-cloud-front/

https://asardana.com/2017/02/04/aws-dynamodb/

https://asardana.com/2017/02/11/aws-simple-queue-service/

https://asardana.com/2017/02/11/aws-simple-notification-service/

https://asardana.com/2017/02/12/aws-simple-workflow-service/

https://asardana.com/2017/02/15/aws-virtual-private-cloud/

https://asardana.com/2017/02/18/aws-vpc-nat-instances-and-nat-gateway/

https://asardana.com/2017/02/18/aws-vpc-network-security/

https://asardana.com/2017/02/20/domain-name-system-an-overview/

https://asardana.com/2017/02/24/aws-elastic-load-balancer/

https://asardana.com/2017/02/25/aws-dns-service-route-53/

https://asardana.com/2017/03/19/cloud-storage-types-object-block-and-file/

https://asardana.com/2017/03/25/aws-s3-access-management/

All the best!

My main study materials are listed below and I believe are sufficient to pass:

1. AWS SA training course

Great course if you are not too familiar with AWS. Labs are good but material can be dry. In itself not sufficient to pass and if you try reading the course notes, you will definitely fall asleep. Main downside is that it is quite expensive. but on hindsight, this is beneficial but entirely optional.

2 ) acloud guru course

This is a steal for the price. Very good and updated videos. I highly recommend it cos videos are a great way to learn. 19hours of video took me 3 full days to plough through. but as I followed along with the labs and took notes, my exam readiness and AWS knowledge definitely improved. Unfortunately, the sample exam/quiz is quite a let down, and if you just study this you may not pass.

*3) Sybex 2017 official study guide *

500+pages of good stuff. very well written and not too dry. be diligent and go through all the sample questions and labs after every chapter

4. http://jayendrapatil.com

Great blog with many sample questions on every topic. Many websites give dubious information and answers or ask you to pay money. I find this one highly credible. It's a good and free resource.

5. Amazon FAQs: EC2, RDS, DDB, SQS, VPC, etc

Don't skip this, the #6 app helps if you have no time to read all of them

My questions were mostly on VPC's, database security and fault tolerance, VPC peering, ELB and failover, S3 encryption procedures with security.

I took my exam and pass. First of all, there are some posts that may inspire fear but if you follow the following steps as minimum you will be fine. I studied for three days focus 100%

1. Read and understand the FAQ they are a pain in the neck but they have a lot of valuable info.

2. After going over the course, go over once or twice the summary on each section

3. Make sure you can create a VPC from scratch and understand public and private subnets pretty well. Private subnets need a NAT Gateway or NAT host and Public needs Elastic IP

4. I did the quizes and final mega quizes like 3 or 4 times each. I try not to memorize the questions but I made sure to try to understand the answers.

5. Follow and understand the 20 questions on this post.

Couple of tips

RDP uses port 3389 and SSH port 22

You get charge for ENI (nics) that are not in use and in used

You can use a NAT gateway when you have burstable traffic e.g 200Mb to 3Gb

Know how to encrypt data at rest in S3. (SSL DOES NOT ENCRYPT DATA AT REST)

to import large amount of date into AWS you use AWS import/export service (NOT VM import/export)

You CAN NOT change instances on autoscaling group instead, create a new one

By default security groups are allow all outbound. read the questions carefully they may say all outbound have traffic is denied on the security group

I Just cleared my re-certification for CSA exam. I have prepared extensively. "RYAN'S COURSES ARE THE FOUNDATION" I can'nt thank him enough for sharing his knowledge through his excellent courses.

Make sure you cover all the sections from www.jayendrapatil.com

MUST REVIEW ALL QUIZ sections, read extensively, EC2,S3, RDS, DynamoDB, Routing related to IGW, Security groups. Many questions were focused on this..

Questions were focused on Design to an extent focused on EC2, Placement groups - low latency network throughput, EC2- Roles , Databases on EC2 scenerios, )

Can you attach a role to running EC2 instance - Its a latest release from AWS.. may be 2 weeks back..

Many questions on Comparing and confusing with respect to EC2-roles and IAM users & Roles. Wisely choose EC2-roles for most of the question requesting the access to DynamoDB related questions.

Complex SQL queries - Prefer RDS

Kinesis - Question related to Shipping and coordinates being updated 3 times every minute.. this is usually Kinesis-DynamoDB choice of architecture.

S3 - Bucket policy, ACL - how can you give readonly access to all the objects in the bucket. (Do you make a run time changes via policy, or update all ACLs to public, Update bucket policy to public.. e.t.c.)

S3 - version control and 2 factor IAM for accidental deletion and recovery of data

Know that which AWS components fall outside the Region (Route53, DB cross region replication, IAM) & With in region (ELB, RDS, Security groups), One Subnet- one availability zone.

Multiple EBS backed storage snapshot, recovery to other regions scenerios.

Avalability of volume encryptions to all available for - All EC2 types, All ebs volume types, Only to ebs-backed volumes..

Retaining of data on Instance store volumes is a definite question.

By default all subnets can communicate each other in a VPC.

I was bumped with how to handle forecasted traffic spikes 5 choices were given choices - Desired Capacity, (I will update with other 4 choices later .. dont remember now.. )

Another question on elastic load balencer - Do you enable "accesslogs or cloud watch metrics" for monitoring all the information every 5 minutes to analyse them later for detailed analysis on the traffic. I choose accesslogs. (http://jayendrapatil.com/tag/elastic-load-balancer/)

ead the FAQ (EC2, VPC, route 53, S3, SQS, IAM )and understand the logic, not the numbers (i got no question on limits, IOPS, or any numbers),

complete lab 'build a high available wordpress site' (available in the course)

Learn the use cases

During the exam, read carefully the questions: sometimes a word can change everything (example: "evenly distributed" should make you think) and take your time.

I was surprised to get quite a lot of questions on EBS, snapshot or volume encryption

Hello Cloud Gurus,

I passed Aws Solution Architect Associate exam today (25.5.2017) with %87 overall score today, taking regular 60 question exam.I followed course by Ryan, studied on cheatsheet by Mistwire (http://mistwire.com/2016/05/aws-certified-solutions-architect-associate-study-notes/) , read VPC and EC2 Faq , just quickscanned other FAQs and also quick scanned only answers on AWS Official Study guide, as detailes are already explaned in Ryans's couse and not much to add. This topic was really helpful.Here are some question topics I remember , important to note is they tell you how many answers to choose if multichoice.- Spot Instances 2 questions : cost efficient instance usage when you can handle irregular instance termination

• SNS recipients 1 question
  -Having root access on which services: Ec2 , elasticache, elasticbeanstalk was on answer. Needing to choose 2, selected EC2 and ElasticBeanstalk
• Lots of VPC questions about how to allow SSH, NAT Gw, Bastion host and of course source/destination disable on Nat instance. A different case was a customer connecting to private subnet via vpn having Windows RDP access on all public connections, wanting to have high availibilt with secure access on public bastion host only. Choseuse secondary VPN with allowing customer IP on Bastion host.
• A question where you have a web app that need to have high avaiable with 6 instances and another 6 for response, asking how to autoscale with load balancers (I chose 2 ELB autoscaling groups)
• S3 at rest encryption and another question about EBS at rest cryption
• A question I was unprepared was what Ami should t2.medium instance use: instance or EBS backed AMI with hardware virtual machine or para virtual . Chose HVM EBS and seems correct.
  -A company wanting consolidated billing but allowing each division their own resouce management (below one still unsure on answer)
  https://acloud.guru/forums/aws-certified-sysops-administrator-associate/discussion/-KZLTFIvKuZYbgbZK-kx/?answer=-KcRJibN4zIEqnlmtTWt
  -Auto scaling Launch options , where to select ami and where to put user scripts
• no questions about EFS or SQS Fifo

Sorry for spell errors, as i use a really fast but unresponsive android tablet.

Thanks all.

Ryan's course was my primary study material

1. Make sure you watch course videos more than once

You have to really pay attention while watching videos or listening since he's covering lot of concepts; taking down notes and trying to recap will help you to remember

And while watching second time, you would be able to correlate better since you knew all topics unlike first time

2. White Papers, following white papers I would recommend to go through at least once

AWSCloudBest_Practices.pdf

AWSSecurityWhitepaper.pdf

aws-securing-data-at-rest-with-encryption.pdf

aws-security-best-practices.pdf

3. FAQ

After completing each section; don't forgot to have a glance at FAQ section

4. Practice Exams

Practicing will be helpful in terms of identifying topics which we might have missed or not covered in course videos

don't just try to identify the right answer, but try to analyze why other options are not viable as like discussed in the below blog

https://markosrendell.wordpress.com/2013/12/12/aws-certified-solutions-architect-sample-questions-answered-and-discussed/

make use of the free exam questions on these sites mentioned below

https://thecertschool.com/

http://quizbucket.org/quiz/aws

http://hadoopexam.com/do1111/index.php/aws-amazon-webservice/aws-sol-architect-associate/71-question-8-for-dynamodb-which-statement-are-correct

5. Answering scenario questions

remember you will be spending much time in answering scenario questions;

eliminate wrong answers to narrow down the scope of right answer

if you remember what's allowed and what's possible with each and every service, you will be able to eliminate incorrect options like when it comes to VPC only one internet gateway can be attached any time and NAT and bastion host will be at public host always

still if you are not able to decide on the scenario questions, just mark it for review and proceed with other questions, definitely you will be able to pass even if you miss couple of scenario questions.

6. About the exam

absolutely no questions on limits like how many Elastic IP allowed per account; but knowing the limits will be helpful

eliminate wrong answers as I said earlier.

exam is mix of scenario questions, straight forward questions, if you have practiced well, you will be able to answer many of them in less than a minute

your chances of scoring high marks based on how much time you will be able to dedicate for scenario questions

All the best

I passed the exam with 80% . I have gone through this course videos multiple times to understand the concept and read FAQ for all major topics ( S3,EC2,RDS,IAM,VPC) .The whitepaper for security is very important .

All points mentioned here are very useful and you may get straight questions from these topics . Additionally ,i got NAT Gateway question in my exam to choose b/w NAT gateway vs NAT instance .

One Very Important tip - Do not focus on remembering questions/Ans,you may fail . Focus on clearing your Concepts and pay attention what Ryan is saying (every line is important in video ). The multiple choice answers will confuse you if concept is not clear for topics.

Just passed the SA Associate Exam with a 72%. I have been using AWS for 5 years, but I can tell you that a lot of the information that is in this course are on the exam. However, the devil is in the details, at least on my exam. Some of the questions that stumped me were simply word-play. There's always that one word that throws the whole question off. Here's an overview of certain topics that I had that had me second guessing my answers

VPC Peering

I had a question that pertained to VPC peering, but more specifically the ability to access an instance from one peer to another. The funny thing about this question that threw me off is that everything is set correctly between VPC peers and there are no overlapping CIDRs, but one instance on one VPC cannot access another instance. Let's just say that if I actually took the time to do the lab exercises, I probably would have known the answer off the top of my head, but I didn't and therefore am left wondering what would be the answer to troubleshoot the problem.

A Lot of Encryption

Yes, EBS encryption, S3 encryption, encryption about encryption, etc. I felt like they were preparing me to encrypt the living daylights out of everything. I had to answer how to encrypt an EBS that has already been created, how to encrypt an EBS and transfer it between availability zones, two part question on what can be encrypted, how to encrypt files in S3, what are the types of S3 encryption (choose 3 of 6 answers that are poorly worded), etc. Considering I scored an 80% on Security, I think I got those right, but I'm tired of encrypting.

I Think I can Scale

All of my scalability questions had multiple answers and some of them were barely understandable. They weren't as clear cut as the practice exams on the course or the practice quizzes on the mobile app. It was like a game of, "How can I confuse the hell out of you." I've been scaling systems for years so my first choices were pretty obvious. It's only the second answer that makes you go, "Huh!" You end up using process of elimination tricks to get to that second answer, but from my score on the scalability part, it probably still ain't right. As a side note, I've always had problems with reading comprehension so confusing questions and answers are my kryptonite. The fact that I passed the scalability section at all is a milestone because of the wording.

Softball Questions, HAHAHA

Don't expect to get the questions like, "What's SES?" They didn't exist on my exam. If you get it, slam dunk it like King James! <- (Basketball reference) If not, you're in good company. I did get one that looked like a softball, but was quickly denied that level of comfort when I saw the answers. They asked about services that "I" or "you" can setup in multi AZs, but then they give you the answers where only one is obvious and three others are multi-AZ by default. Don't know if I got it right, but that was just wrong to pull on my heart-strings like that - thinking I had one easy one.

Advice

In conclusion, this training course is one of the most relevant training courses to get familiarized with the concepts of the exam. The practice quizzes, mobile app and practice exams are all just tools to further your knowledge of the concepts not because they are on the exam as-is, but because you are going to have to know the "Why" about all of the covered topics. At the end of the day, I can honestly say that I had a slight bit of over-confidence because I have done most of what was in this course professionally for clients. However, when you've been doing this stuff for so long, you don't pay attention to the details anymore and just ignore little things like, "The name of the link that you setup your instances for auto-scaling." Yeah, I had that question. I just know where to do it and didn't ever pay attention to what that link is actually called. On that note, I recommend doing the exercises, labs, etc. to make sure you know those details.

You can highlight the text above to cha

I passed the Solutions Architect exam yesterday. Got 90% score. I am thankful to Cloud Guru for their course. After reading the comments I felt, the questioners offered by them was not sufficient. I went through the cheat sheet offered by "jayendrapatil" http://jayendrapatil.com/aws-certification-security-identity-services-cheat-sheet/ and purchased http practice exam for $15. At least from what I experienced, most of questions came from whizlabs, but having said that please DO NOT skip the white papers and FAQ's. It is always better to understand the concepts first and then go for the questioners. I finished the exam in 40 min, probably 2 +years hands on with AWS and the above mentioned helped me to achieve the certification in first go.

General tips-

Do not be overconfident, be ready to work for your pass. I could only recognise 2 questions. 95% of the questions are scenario based. Give yourself time to finish and review your work. If a section is too difficult just move on and get back to it later.

*Specific points on questions that baffled me: *

There were 7 questions on lambda functions. Understand how they can be provisioned, secured and optimised. Rayn please add more content on lambda. I lost about 4 marks on this.

5 questions on ECS. You must understand how the are provisioned, secured, and integrated with other services. Deep dive into EC2 Container Service. Lambda and ECS service made up about 15%.

2 questions on S3 backed instances. I assumed they were instance stores. Look into this for easy marks.

VPN vs Direct Connect. How do you introduce redundancy, resilience and recovery?. Understand their performance characteristics.

Throughput optimised HDD vs General purpose IOPS. What are their preferred use cases? Understand their cost vs bursting characteristics.

Security group VS Network ACL. Understand their combined effect. The key to distinguishing them is when you see the word "denied" in one of the answers (ACL).

Hope this helps.

One thing I would add is that ECS seems to be creeping into the exam, as I had maybe 3 questions that I was not prepared for. They aren't super detailed, just get to know how ECS tasks and IAM roles relate and maybe run through a container deployment tutorial.

A lot of VPC/S3/EC2/SG/NAT/NACL/RDS/DynomaDB etc. questions but no Application Gateway or Kenesis question though

My last minute notes - taken from the AcloudGuru lectures only. I was hoping to get 100% but not sure which 2 questions I got wrong out of 55 (scratching my head :))

http://169.254.169.254/latest/meta-data/

SDK -

IOS, Android, Browser (Java scripts)

Java, .NET,

Node.js, PHP, Python, Ruby

Go, C++

SQS - message oriented API

SQS - Message can contain upto 256KB of text, billed at 64KB chunks,

Single request can have 1 to 10 messages unto maximum of 256KB payload

Even though there is one message of 256Kb its basically 4 request for billing since (4 * 64KB)

NO ORDER - SQS messages can be delivered multiple times in any order

Design - you can have 2 priority queues for priority based message one for higher and other for lower priority

EC2 instances always poll for messages from the queue (pull from the queue and not push)

Visibility timeout always start from when the application instance polled the message.

Great design - Visibility timeout expires that means there is a failure somewhere since that message was polled but not processed and hence not deleted so other some other process will poll the message again and visibility timeout starts again.

Visibility timeout by default is 30 Seconds up to 12 hour maximum (ChangeMessageVisibility) / maximum visibility

Maximum long polling timeout 20 seconds (http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-long-polling.html) —ReceiveMessageWaitTimeSeconds

Messages in the Queue can be retained for up to 14 days

First 1 million request ares free, then $0.50 PER EVERY MILLION REQUESTS

SNS

works on a publish - subscribe model, SNS notifies the message, and hence push based approach. Inexpensive pay as you go

CloudWatch or Autoscaling triggers SNS

SNS can notify to Email, Text / SMS, SQS or any HTTP end point.

protocols: HTTP, HTTPS, EMAIL, EMAIL-JSON, SQS or Application - messages can be customized for each protocol

SNS messages are stored redundantly to multiple AZs

SNS Dataformat - JSON (Subject, Message, TopicArn, MessageId, unsubscribeURL etc..)

$0.50 per 1 million SNS request

Different price for different recipient types

to HTTP: $0.06 / 100,000 notifications deliveries

to EMAIL: $2 / 100,000 notifications deliveries

to SMS: $0.75 / 100 notifications deliveries

http://docs.aws.amazon.com/sns/latest/dg/mobile-push-send-devicetoken.html (CreatePlatformEndpoint API)

SWF - task oriented API

Simple Work flow - human interaction to complete order or collection of services to complete a work order.

Workers - interact with SWF to get task, process received task and return the result

Deciders - program that co-ordinates the tasks, i.e. - ordering, concurrency and scheduling

Workers and Deciders can run independently

TASK is only assigned ONCE and NEVER DUPLICATED (key difference from SQS where messages can be processed multiple times)

SWF Domain - think of it as a container for the work flow. you can register a domain by Console or API

Maximum workflow processing time can 1 year (equivalent seconds) - SQS is 12 hours processing time

CloudFormation

Use of CFT, Beanstalk and Autoscaling are free but you pay for the AWS resources that these services create.

Fn::GetAtt - values that you can use to return result for an AWS created resource or used to display in output

By Default - rollback everything on error

Infrastructure as a code, Version controlled, declarative and flexible

ElasticBeanstalk

Its uses ASG,ELB,EC2,RDS,SNS and S3 to provision things.

Environment Tier - Webserver, Worker

Predefined Configurations - IIS, Node.JS, PHP, Python, Ruby, Tomcat, Go, .NET,

preconfigured docker: Glassfish, Python or generic docker

Environment URL - has to be unique

Dashboard - Recent events, Monitor, Logs, Alarms, Upload and Deploy and Configurations

Configuration - Scaling, Instances (DIRTMCG instance types, key pair), Notifications, Software configuration (e.g. PHP.ini), Networking tier (ELB, VPC config), Data tier(RDS)

Environment properties (Access key and secret key as parameters)

DynamoDB

fast - flexible No sql database - single digit ms latency, fully managed, supports document and key-value (web, gaming, ad-tech, IOT)..

Table, Item (row), attribute (key - value)

Eventual Consistent Reads vs Strongly Consistent Reads

Read Capacity Units, Write Capacity Units (can be scaled up) - push button scalability

Writes are written to 3 different location / facilities/ datacenter (synchronous) - Amazon DynamoDB synchronously replicates data across three facilities in an AWS Region, giving you high availability and data durability.

Two types of primary key -

(1) Single Attribute (think unique id) - Partition Key (Hash Key) composted of 1 attribute (no nesting allowed here) - Partition key will help determine the physical location of data.

(2) Composite key (think unique id and range) - Partition Key(Hash Key) & Sort Key (Range key - e.g date) - composed of 2 attributes - if two data have same partition key (same location) it must have a different sort key, and they will be stored together on single location.

Secondary Indexes

(1) Local Secondary Index - Same Partion Key + Different Sort Key ( can only be created while creating the table, cannot be added/removed or modified later)

(2) Global Secondary Index - Different Partition Key + Different Sort Key ( can be created during the table creation or can be added later or removed / modified later)

DynamoDB Streams

use to capture any kinda modification to the dynamo db table, Lambda can capture events and push notifications thru SES

Table can be exported to csv (either select all items )

Query vs Scan

Query operation finds item in a table using only primary key attribute values , must provide partition attribute name and the value to search for, you can optionally provide a sort key attribute name and value to refine search results (e.g. all the forums with this ID since last 7 days). By default Query returns all the data attributes for those items with specified primary keys. You can further use ProjectionExpression parameter to only return a selected attributes.

Query results are always sorted by the sort key (ascending for both numbers and string by default). To reverse the sort order set the ScanIndexForward parameter to false

By Default Queries are going to be Eventually consistent but can be changed to StronglyConsistent.

Scan operation is basically examines every item - e.g. dumping the entire table, by default Scan returns all the data attributes but we could use ProjectionExpression parameter to only return a selected attributes.

Query operation is more efficient than scan operation

For quick response time design your table in a way that you can use Query Get or BatchGetItem API (read multiple items - can get upto 100 items or up to 1MB of data) ,

Alternatively design your application to use scan operation in a way that minimize impact of your table’s request rate since it can use up the entire table’s provisioned throughput in a single scan operation

DynamoDB Provisioned Throughput calculations

Items == rows

Read Provisioned Throughput

All units are rounded up to 4KB increments

Eventual Consistent reads (default) consist of 2 reads per second

Strongly Consistent reads consist of 1 read per second

( Size of Read Rounded to nearest 4KB Chunk / 4 KB * no of items ) / 2 <— if eventual consistency

( Size of Read Rounded to nearest 4KB Chunk / 4 KB * no of items ) / 1 <— if strongly consistency

Write Provisioned Throughput

All units are rounded up to 1KB increments

All writes consist of 1 write per second

( Size of write in KB * no of items ) / 1

When you exceed your maximum allowed provisioned throughput for a table or one or more global secondary index you will get 400 HTTP Status code - ProvisionedThroughputExceededException

AssumeRolewithWebIdentity role

Idempotent conditional write

Atomic counters - always need to increment so its not idempotent

if data is critical and no margin of error then must use Idempotent conditional write.

http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html#limits-tables

Only Tables(256 table per region) and ProvisionedThroughput(80 K read, 80K write per account for US east, 20K for other regions) limits can be increased

http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/QueryAndScanGuidelines.html (Reduce Page Size for Scan operation and Isolate Scan Operation)

S3

secure, durable, highly scalable object store (1 byte to 5TB), universal namespace (must be unique bucket - regardless of regions),object based key value store, VersionID, Metadata, ACL

The total volume of data and number of objects you can store are unlimited. Individual Amazon S3 objects can range in size from 1 byte to 5 terabytes. The largest object that can be uploaded in a single PUT is 5 gigabytes. For objects larger than 100 megabytes, customers should consider using the Multipart Upload capability. it mean the largest single file into S3 is 5G, but after the 5G files are in S3, they can be assembled into a 5T file,

You can use a Multipart Upload for objects from 5 MB to 5 TB in size (Exam question, scenario where more than 5GB file needs to be uploaded)

object based storage vs block based Storage (EFS)

data is spread out in multiple facilities, you can loose two facilities and still have access to files

For PUTS of New Objects (Read after Write Consistency), For Overwrite PUTS and DELETE (Eventual Consistency)

http://docs.aws.amazon.com/general/latest/gr/awsservicelimits.html#limits_s3 ( Number of S3 bucket limit per account — 100)

Storage Tiers/ Class

S3 Standard - Durability (11 9s), Availability (99.99 %) - reliable regular for just about everything

S3 IA (Infrequent Access) - Durability (11 9s), Availability (99.9 %) - accessed every 1 month to 6 months or so (infrequent) but rapid access and low retrieval time (few ms)

S3 RRS(Reduced Redundant Storage)- Durability (99.99%), Availability (99.99 %) - less durability (data that can easily be regenerated - e.g thumbnails) - cheapest of all s3, less fault tolerant then the other two since you are willing to loose the data, reproducible data

Glacier - for archival only (3 to 5 hours restore time)

S3 price - charged for Storage, number of requests, data transfer (tiered so more you use less charge)

bucket name has to be all lowercase letters

S3 for static website hosting (Static Website Hosting > Enable website hosting) - no dynamic

Any time you create a bucket nothing is publicly accessible / Any time you add an object to a bucket its private by default (you will get 403) > Make the files public (even for public hosting)

every object inside the bucket can have different storage class (S3 standard, S3-IA, S3-RRS) and you can turn on server side encryption (AES - 256)

regular bucket link: https://s3-eu-west-1.amazonaws.com/ankittest <— https

bucket with Static website hosting: http://ankittestsite.s3-website-eu-west-1.amazonaws.com <— http (has to be for static hosting), you can turn it into SSL / https with cloudfront though

CORS (CROSS ORIGIN RESOURCE SHARING) - to avoid the use of proxy

Versioning - once enable you cannot disable versioning / although it can be suspend it , if you want to turn it off delete the bucket and recreate (version id)

Once you delete the delete marker, you can get the file back that you have deleted while versioning on

every version is stored separately in the bucket for each version / might not be a good choice for cost perspective for large media files., multiple updates use case also not ideal for versioning.

Versioning’s MFA Delete Capability can be used to provide additional layer of security.

Cross Region Replication - (requires versioning enabled on source and destination buckets)

you can enable - need source and destination bucket (create a new bucket, source bucket will not show up on drop down of destination)

Existing objects will not be replicated, only new objects will be replicated across the region

Lifecycle management in S3

(1) when versioning is disabled

Transition to IA S3 - min 30 days and has a 128KB minimum of object size

Archive to Glacier - min 1 day if IA is not checked, min 60 day if Transition to IA S3 is checked

Permanently Delete - min 2 day if IA is not checked and 1 is selected for Glacier, min 61 day if IA is selected 30, Glacier is selected 60.

(2) when versioning is enabled you have lifecycle management options to take action on previous version as well as current version.

Security and Encryption in S3

by default newly created buckets are private

Access control using Bucket Policies (entire bucket) and ACL(individual objects and folders)

access logs - all the request made to S3 buckets, to another bucket or another account’s S3 bucket

Encryption

(1) In Transit - SSL / TLS

(2) Data at rest

Server Side Encryption

SSE- S3 Server Side Encryption with S3 managed keys, (amazon AES 256 handled for you) - click on the object and encrypt

SSE - KMS - AWS Key management services , managed keys - additional charges / audit trail of keys, amazon manage keys

SSE - C - Server side encryption with Customer provided keys - you manage encryption keys

Client Side Encryption

you encrypt the data on client side and upload to s3
Every non-anonymous request to S3 must contain authentication information to establish the identity of the principal making the request. In REST, this is done by first putting the headers in a canonical format, then signing the headers using your AWS Secret Access Key.

You can insert a presigned url into a webpage to download private data directly from S3.

The object creation REST APIs (see Specifying Server-Side Encryption Using the REST API) provide a request header, x-amz-server-side-encryption that you can use to request server-side encryption.

S3 Transfer Acceleration

Utilize local edge locations to upload content to S3 - incur extra cost

further away you are the more benefit you get (faster)

GateWay

(1) Gateway stored volumes - entire dataset is stored onsite and asynchronously backed up to S3

(2) Gateway cached volumes - Most frequently used data is stored onsite and entire dataset is stored on S3

(3) Gateway Virtual Taped library - Used for backup if you don’t want to use Tapes, like Netbackups etc..

Import Export

Import / Export Disk

Import to S3, EBS, Glacier

export from S3

Import / Export Snowball

Import to S3

Export to S3

S3 stored data in alphabetical / lexigraphical order. so if you want to spread the load across S3, filename should not be similar (Optimize performance)

CloudFront

Content Delivery Network - edge locations, reduced latency, traffic serves from the closest nodes

Edge locations - content will be cached (over 50), different from region / AZ. TTL (speed of image // media is quicker - first user suffers the performance), can be not only read only (you can write it)

Origin can be - S3, EC2, ELB, Route53 also NON AWS origin server ,

Distribution - name given to the CDN consist of collection of Edge locations

(1) Web Distribution -

(2) RTMP (media streaming / flash) Distribution - for Adobe flash files only

you can have multiple origins of a distribution

Path Pattern (*)

Restrict viewer access by signed URL or Signed Cookies

Restrict content based on geo location (whitelist and blacklist)

Create invalidate - invalidate TTL (you pay for it) like purge in Akamai

VPC - logical datacenters in AWS

Can span multiple AZ, but can’t span multiple regions, PEER VPC, but no Transitive Peering

Custom VPC has to be /16 can’t go higher then that /8 is not allowed

When you create Custom VPC it creates default security group, default network ACL and default route table., it doesn’t create default Subnet

One Subnet == one AZ, you can have security group spanning multiple AZ, ACL’s span across AZ (assign sg and ACL to two different subnets)

any CIDR block 5 reserved IPs (.0, .1, .2, .3, .255)

so for CIRD block /24: 2^8 - 5 = 256 - 5 = 251 available IP address space

when you create internet gateway, by default its detached, attach it to VPC then, only 1 IGW per VPC

When you create a VPC Default Routetable(Main Routable) is created where the default Routes are,

10.0.0.0/16 Local <— all subnets inside VPC will be able to talk to each other

Don’t touch Main route table

Create another routetable for route out to internet (0.0.0.0/0 IGW) <— route out to the internet

Last thing you associate this new route table to one of the subnet which will make it public. (you can enable auto assign public IP for the public subnet)

1 subnet can have 1 routetable

ICMP is for ping / monitor

NAT instance and NAT gateway

NAT Instance - disable source / destination check., always behind security group, must be in public subnet, must have an EIP, ,must be a route out of the private subnet to NAT

Increase the instance size if bottleneck

Change the main route table - add a route (0.0.0.0/0 NAT Instance target)

NAT Instance is a single point of failover (put it behind a ASG),

NAT gateway - released in 2016 - amazon handled

Amazon maintains it for you, no need to handle yourself. (security patches applied by AWS)

You can just create the gateway and assign EIP (put it in public subnet) (automatically assigned)

Change the main route table - add a route (0.0.0.0/0 NAT gateway target)

No need for disable source/destination check or no need to put it behind a security group - it handles it for you.

Highly available / redundancy no need for ASG.NAT gateways are little bit costly - always use it in production scale automatically up to 10Gbps

ACL vs SG

Security groups are statefull - any inbound rule , applies to outbound as well (Only Allow rules)

by default all inbound deny, all outbound allow

can span across AZ

ACL are stateless -

For default ACL, all inbound and outbound rules are allowed by default - associated with all subnets in VPC by default

for Custom ACL, all inbound and outbound traffic is denied by default - not associated with any subnet

1 subnet is only associated with ACL. granular rules for ACLs, numbered rules (recommended steps of 100)

rule no. 99 takes precedence over rule no. 100 (if 99 is blocked and 100 is allowed) 99 will be executed.

Can SPAN across AZ

Ephemeral port - 1024 - 65535 should be allowed to take traffic.

if you want to BLOCK IP address then must use ACL, because security group doesn’t have deny

Bastion - keep it in public subnet to allow SSH / RDP into instances into private subnets (High availability - Bation in two public subnets and also ASG - Route 53 running Health checks on those Bastion)

VPC Flowlogs: to capture all the traffic information into logs - logs everything (create IAM role and create cloud watch log group - and log stream)

VPC Cleanup: can’t delete VPC if you have active running instance or ELB is running

Thank you so much ACLOUDGURU team, you guys rock, wouldn't have been possible without you.

The minimum size of an S3 object is 0 Bytes (was 1 Byte, the videoand question in this course are out of date).

Reference: https://aws.amazon.com/s3/faqs/

1. " For quick response time design your table in a way that you can use Query Get or BatchGetItem API (read multiple items - can get upto 100 items or up to 1MB of data) ," .... should be upto 16MB

2.Only Tables(256 table per region) and ProvisionedThroughput(80 K read, 80K write per account for US east, 20K for other regions) limits can be increased

this should be 40K per table / 80K per account for US-EAST-1 and for others it is 10K/20K .. also number of tables limited to 256 per region per account , so I guess a single account can have more than 256 spanned in different regions.

http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Limits.html

passed on Friday lots of Questions on DynamoDB, so make sure to read up on it

Recent post

Lots of questions on SQS, SNS and DynamoDB.... (about 25 out of the 55 questions) Definitely know this inside out and you will pass no problem.

Every DynamoDB question was using the old Hash/Range names.

Got 1 Provisioned Throughput Write calculation questions

Few questions on VPC, EC2 and S3

The minimum storage size for a SQL Server DB instance is 20 GB for the Express and Web Editions, and 200 GB for the Standard and Enterprise Editions.

The maximum storage size for a SQL Server DB instance is 4 TB for the Enterprise, Standard, and Web editions, and 300 GB for the Express edition.

I would recommend reading S3, Dynamo, CloudFormation, Elastic Beanstalk, VPC tutorial from AWS website. Overall I am glad I took dev course on Cloud Guru and completed certification in 3-4 weeks. I did work on AWS for about 6months - 1year last year.

most of the questions showed up from http://devcertguru.com/certifications/amazon/exam-questions/aws-cda-v1

100% the post above. Forget about the dev course (except for dynamodb section). Someone not into the matter would rather fail with it. SA course + all the points above, solid dynamodb knowledge (not just faq but dev / docs + dynamodb optimization questions, sns message format / publish api, aws.com sample questions etc and you are set.

Hello, all. I recently achieved certification as an AWS Certified Solutions Architect - Associate, and I wanted to share my approach with those who might be interested.

I did start with a solid technical background, but I believe the following were the key activities that helped me learn AWS:

1. Watching all the videos in all five ACloud.Guru certification courses. I felt that the CSA-A course was a great overview, but the other four courses really deepened my understanding and I do think there's value in going through all of them right off the bat.

2. Doing many QwikLabs (34 labs; 10 quests; 40 hours), with determination to squeeze every last drop of learning out of each one. Before I did them, a colleague of mine had pointed out that the labs don't end when the script does, so you can keep trying out all sorts of things in that environment until the "Access Time" expires. And to maximize this leftover time available to you, you can read through the lab script before you actually start the lab. I highly recommend buying a one-month unlimited access subscription for $55 and doing as many of the quests as you can, in this way. (For more info about my use of QwikLabs, see the "Extra notes about QwikLabs", below.)

3. Spending lots of time answering questions and reading about people's experiences, on the ACloud.Guru forums. I paid particular attention to services/features that other people had trouble with, and learned about those things by reading the relevant documentation.

4. Getting hands-on and building things in AWS, such as: I built VPCs with bastions, NATs, VPC endpoints, and local-traffic-only subnets; I migrated a Wordpress web site to AWS and used RDS and both internal and external Route53 hosted zones; etc. Doing this also included reading AWS documentation about the things I was trying to do.

The mindset I've had when learning about AWS has been to try to understand things, not just memorize them. In particular, I want to understand how services and features are implemented, under the hood, and what that means for limits and gotchas. I do still think it's valuable to memorize certain important details, though--especially thresholds at which we need to switch from naive mode ("AWS does all the magic for us") into careful mode ("Avoid tripping over the leaks in the abstraction"). Some examples of these include S3 request rates and DynamoDB partitions (though I'm not sure partitions are tested at the associate level). I like this quote: "Leaky abstractions are precisely why it's important to understand what's going on at least one level below where you're working at. This has always been true of computers, whether you're working at a script level, system language level, assembly, or even hardware. Eventually something will break the abstraction".

Here are my more-traditional exam tips:

Spot instances are good for cost optimization, even if it seems you might need to fall back to On-Demand instances if you wind up getting kicked off them and the timeline grows tighter. The primary (but still not only) factor seems to be whether you can gracefully handle instances that die on you--which is pretty much how you should always design everything, anyway!

The term "use case" is not the same as "function" or "capability". A use case is something that your app/system will need to accomplish, not just behaviour that you will get from that service. In particular, a use case doesn't require that the service be a 100% turnkey solution for that situation, just that the service plays a valuable role in enabling it.

There might be extra, unnecessary information in some of the questions (red herrings), so try not to get thrown off by them. Understand what services can and can't do, but don't ignore "obvious"-but-still-correct answers in favour of super-tricky ones.

If you don't know what they're trying to ask, in a question, just move on and come back to it later (by using the helpful "mark this question" feature in the exam tool). You could easily spend way more time than you should on a single confusing question if you don't triage and move on.

My exam questions required me to understand features and use cases of: VPC peering, cross-account access, DirectConnect, snapshotting EBS RAID arrays, DynamoDB, spot instances, Glacier, AWS/user security responsibilities, etc.

In the end, I was very pleased with my results:

Overall Score: 100%

Topic Level Scoring:

1.0 Designing highly available, cost efficient, fault tolerant, scalable systems : 100%

2.0 Implementation/Deployment: 100%

3.0 Security: 100%

4.0 Troubleshooting: 100%

At first I was a bit sceptical (I mean, I wasn't absolutely confident about every single answer), but an Amazon employee confirmed it: "We have reviewed your test scores and the scores are correct. Congratulations on scoring 100% across all topics and on the exam!"

Thank you to everyone who participates on these forums and to the ACloud.Guru team!

Extra notes about QwikLabs:

I'd like to clarify that none of what I described above should be considered necessary. I could have taken a different path to learning AWS and passing my exams, and you probably will. I only meant to share what I found particularly useful.

Also, while I did choose to do many QwikLabs, that should not be taken as a slight against the ACloud.Guru course labs. I got a lot of value out of watching the course labs; I just also got a lot of value out of going through dozens of diverse QwikLabs. As one example, the flexibility of EBS was really locked in for me when a QwikLab had me snapshot and create a second EBS volume to avoid re-downloading a large installer on a second EC2 instance. I binged on QwikLabs during their free promotion period, but I have since paid real money for them and would do so again--especially now that QwikLabs offers a monthly, all-you-can-use subscription.

For those who are interested in doing the same labs I did--or just knowing which they were--here is a link to my QwikLabs profile. From there, you can click on each badge to get to the associated quest and see which specific labs it includes. (Note that some of the badges look like duplicates but they are actually two different quests: an introductory one and an advanced one.) I have done a few more labs that haven't (yet) culminated in a badge, but the labs you can get to from my profile are the lion's share.

My path forward:

Since writing this post, I have also achieved additional certifications. I wrote up my experiences with those exams on these posts:

My Path to Developer Associate

My Path to SysOps Associate

My Path To DevOps Engineer Professional

My Path To Solutions Architect Professional

This Solutions Architect Associate certification was #1 on my path to 5/5.

I have also written a post answering many of the Frequently Asked Questions on these forums. I hope it might help you on your path.

100% is amazing, congratulations! After taking the exam, I honestly thought I would get 100%, but I ended up with 87%. To add to this post, this course was about 80% of my study material for the exam. I retook every quiz in every section until I got 100%. I also took a practice exam on thecertschool.com which turned out to be pretty valuable as some of those questions appeared word-for-word on the exam. Other than this course, I felt that the FAQs were the most useful study material. I would say 80% of my studying was done with this course. Here's what was covered in my exam:

1. VPC - there were a TON of questions about VPCs, subnets, NACLs, internet gateways, VPNs, etc.

2. EC2/EBS - lots of questions about EBS, snapshots, termination protection, spot instances

3. S3 - know the different storage classes, encryption, etc

4. IAM

5. SQS/SNS/DynamoDB - not as many questions on these as I expected. My exam referred to hash and range key instead of partition and sort key, which threw me for a loop until I remembered from the course what it was referring to.

6. Storage Gateway/Snowball

Overall, this was a great affordable course for what I learned and how well it prepared me for the exam. Now, I just have SysOps left for the trifecta!

Here are my 2 cents

1. Course is sufficient to get you thru (caveat: one has understood the concepts properly)

2. But if you really want to be close to 80+ score, you need to a lot of practical experience either thru job or thru hands-on with aws.

I felt that questions were quite tricky (especially with multiple answers) but if one has understood the concepts and have practiced atleast a end-2-end vpc setup, it should be achievable.

https://medium.com/@franktran/how-to-succeed-in-aws-certified-solutions-architect-associate-exam-8a30344347f#.jbgmq2dr5

Where are the AWS FAQs?

https://aws.amazon.com/faqs/

Where are the AWS Whitepapers?

https://aws.amazon.com/whitepapers/

Which one is is "the Security Whitepaper"?

That's a bit complicated because AWS keeps updating old and releasing more new security whitepapers. As of March, 2017, there were ten general "Security Whitepapers", plus more specific ones for things like HIPAA and governance. However, these are the two key security whitepapers:

AWS: Overview of Security Processes (March 2017; 91 pages)

AWS Security Best Practices (August 2016; 74 pages)

Where is AWS's official information about certifications?

https://aws.amazon.com/certification/certification-prep/

This page contains lots of important information for those considering or pursuing an AWS certification. For each certification, this page includes the Exam Guide (a.k.a. Exam Blueprint), sample questions, links to recommended QwikLabs, links to key whitepapers and FAQs, information on recertification, and more.

How do I schedule an AWS certification exam?

Go to https://www.aws.training/certification , click "Schedule an Exam", and follow link after link to make your way into the Webassessor system.

Going Through the Courses
Where are the course resources?

Each video has its own "Lesson Resources" section in the course/lesson navigation/overview pane to the left of the lesson video (while it's playing)--and now also on the Course Outline! Here's an example on the Course Outline: http://imgur.com/a/RYLsU . And here's an example on the video player: http://imgur.com/pkAnfPy . On small screens, the video-player resources view may be hidden behind the "Related Discussions" panel, so try making your browser window larger or having it zoom out. If the video mentions a resource and it's not listed there, ask ACloud.Guru support to add it. Please note both the specific video (ideally with a timecode) and the specific missing resource, when you contact support.

The course is too fast, so how do I slow it down? The course is too slow, so how do I speed it up?

There are speed controls that show up with the player controls when playing a video: these start as "1x" and change as you click that. Here's an example: http://i.imgur.com/0zXFLdB . Alternatively, if you want finer or wider control over the playback speed, then you can use a Chrome extension like Video Speed Controller. You could also download each video and control the playback in whatever video app you choose, but that's rather more hassle. That said, you should consider downloading and fast-replaying the exam tips videos on your phone or tablet just before your exam.

How do I download the course videos?

When you're watching a video, there's a little "Cloud" icon in the bottom right corner of the video player. Here's an example: http://imgur.com/hq4Ppv5 . Pressing this button should download the video.

If I've already bought a course on Udemy, how do I attach that purchase to my ACloud.Guru account?

When you're logged in to the site, your name will show up in the top right corner. Pressing this drops down a menu that includes "Migrate". Here's an example: http://imgur.com/a/ZSzkl Pressing that starts a wizard to link up your purchase(s). If you have any trouble with this, email support@acloud.guru .

Why are the section quizzes so easy and the final practice exam so hard?

They target different things: the module quizzes are more for reinforcing and checking that you remember that module's concepts--which is good to help with learning but is not representative of the AWS exams. If you're trying to determine whether you're ready for the real test, the Final Practice Exam on ACloud.Guru--which is better at targeting your understanding of the concepts--is rather closer to the real test. See this answer to read more of my opinion on this.

Why does the Final Practice Exam include some topics that were not mentioned in the course?

AWS is a large ecosystem and the AWS certification exams are not constrained to small sections of it. The certification courses cover all of the major areas tested by the exams, but there are too many details to cover every single one of them. Some people believe that blasting through the certification course videos will be enough to go from AWS newbie to AWS master, but that is not really the case. It is possible that only watching the course videos through once might be enough for you to pass the exam, but the ACloud.Guru team recommends, "If you’re new to AWS, but have some IT experience typically between 40 to 80 total hours of study is required. Our Associate Courses are between 7 to 11 hours long, and require 4 to 8 hours of study for every 1 hour of video." AWS states that candidates should have at least one full year of professional real-world experience with AWS before taking the Associate level exams, and two years for the Professional level exams, but this is not enforced. Still, many people who pass the exam laud the value of getting hands-on experience with AWS--whether through something like QwikLabs or by going through the course labs and exploring on their own using the free tier.

Why do the ACloud.Guru quizzes/exams not tell me how many responses are expected?

Actually, they do, now! :-)

That was overlooked when they originally implemented the multi-response functionality, but they have since fixed it so that you are clearly told how many answers are expected and then required to select exactly that many responses.

Is the course up-to-date? Why is the Lambda video so old? Why is there no lesson on NAT Gateway? Why does the console shown in the video look different from mine? Why does the WordPress lab use S3 instead of EFS? When does AWS update their exams?

First of all, let me point out that since writing the above questions, the course has been updated with new lectures on Lambda, NAT Gateways, EFS, Bastions, API Gateway, and many other things. As for why some videos sometimes seem out of date, though, I think there are three key factors at play, here:

1. The certification exams lag far behind the bleeding/leading edge of AWS services. For example, until the Extended exam from early 2017, there were repeatedly reports from students that Lambda was not even mentioned on their exam, and I only remembered seeing one report that an exam question even asked about its definition--despite Lambda having been in full production for almost two years. Since the certification courses are targeting the AWS certifications (not "All the things!"), newer features are often mentioned but given lower priority until students report back that those new topics appeared on their exams. This keeps the courses more focused. In my post-exam posts, I wrote more about the out-of-date questions that appeared on my exams. Also, jghaines has researched the dates when the exams were released, noting, "As best I can tell, they have not received significant updates since their release."

2. AWS makes dozens of changes, every week, and it takes a lot of time to rerecord videos every time AWS updates or adds something--so some older videos may remain in the course until their content needs to be updated. That said, I know that the courses do get updated--especially based on post-exam feedback from students. For example, the three Associate courses received significant updates and additions to their VPC lessons (including Bastions), the OpsWorks lectures were completely remade, the Lambda lesson was redone, many lessons were added for new AWS features, etc. And of course they are also being updated to include the wealth of new topics from the Extended exam and any other gaps that are found.

3. It is important to understand the foundational services even when AWS brings out new service offerings that seem to supplant them. A perfect example of this is NAT functionality accomplished via an EC2 instance instead of checking the "magical" NAT Gateway checkbox on your VPC. You really need to understand how NAT instances work, for the exams--not only because the exams will present situations that include them, but also because they will illuminate important aspects of how AWS networking (i.e. VPC) works. There will also be important tradeoffs to consider: for example, a t2.nano NAT instance is rather cheaper to run than the NAT Gateway service and may therefore be a better choice for some light, non-critical workloads.

Getting Certified
In what order should I do the certifications?

Not everyone agrees, and it may depend on your background, but many people seem to suggest the following order: 1) Solutions Architect Associate, 2) Developer Associate, 3) SysOps Administrator Associate, 4) DevOps Professional, 5) Solutions Architect Professional. See also this answer.

What do I need to memorize for the exam?

Try to understand things, not memorize them, but the list of topics/areas that will be tested in a particular exam is listed in that exam's blueprint (a.k.a. "exam guide"), which can be found under https://aws.amazon.com/certification/certification-prep/ . As for specific items, review forum posts that others have written after taking their exams:

Solutions Architect Associate: exam, exam-tips, exam-tips-student-feedback

Developer Associate: exam

SysOps Administrator Associate: exam

DevOps Engineer Professional: exam (search)

Solutions Architect Professional: exam

For each of these forum topics, I recommend reading all the highest-voted posts ("Popular") and all the recent posts ("Recent"). While you're going through them, don't forget to upvote posts that you find helpful--especially the recent ones--so that others will have an easier time finding or noticing them.

How should I prepare for my certification exam?

Your path will be different from mine and everyone else's, but here are some helpful resources:

I wrote about my experiences in the posts linked from My Path to 5/5. If you're starting out, you can read about what I did at the associate level in My Path to Solutions Architect Associate, and for the Professional level certifications, you can read what I wrote in My Path to Solutions Architect Professional.

The ACloud.Guru team has written a blog post describing, "What you need to get AWS certified!"

Rusty wrote a great response to a forum question asking, "How to take the course".

In his "Exam Tips/Strategy" section, djohns061578 described an excellent technique to leverage the ACloud.Guru courses' final practice exams to really learn the material.

The post-exam forum posts mentioned above also contain a lot of good suggestions.

Official Practice Exams
How do I take the official AWS practice exam?

You buy a token for it in the same way as you schedule your real exams: By going to https://www.aws.training/certification , clicking "Schedule an Exam", and following link after link to make your way into the Webassessor system. In there, you can buy a token which will be active on your account until you decide to start the practice exam. The time limit only starts counting down when you begin the practice exam, not when you buy the token.

Note that you may have access to free practice exam codes on the "Benefits" screen in the AWS certification portal.

Can I retake the official AWS practice exams for free?

No. And the questions will be the same every time you (or anyone else) takes that practice exam.

Are the official AWS practice exams worth the money?

I personally think they can be a useful personal assessment and studying tool. Note that I do not recommend sharing the practice exam questions with others; rather, try to frame any forum questions you have around the parts of the questions and responses that you don't fully understand.

Official Certification Exams
What should I know before I schedule an AWS certification exam?

Read the AWS Certification FAQs found at https://aws.amazon.com/certification/faqs/ .

How do I schedule an AWS certification exam?

Go to https://www.aws.training/certification , click "Schedule an Exam", and follow link after link to make your way into the Webassessor system.

If I fail the exam, can I retake it? Will retaking it cost me more money?

Here is AWS's retake policy, from their certification FAQs:

"In the event that you fail to pass an AWS certification exam, you may retake the exam subject to the following conditions:

a. You must wait 14 days from the day you fail to take the exam again.

...

f. Candidates must pay the exam price each time they attempt the exam."

AWS used to restrict candidates to three attempts at each certification exam in a calendar year, but they dropped this requirement in May of 2017.

Note that if you took a $150 Specialty exam while it was in Beta, and it turns out that you failed it, you will be given a free token to retry the $300 Specialty exam when it is released.

How many questions will there be on my Associate-Level exam?

The exact number may depend on how lucky you are, but there are generally between 55 and 60 questions on each Associate-level exam. The Extended exam (available only early in 2017) had 80 questions.

How many questions will there be on my Professional-Level exam?

The exact number may depend on how lucky you are, but there are generally between 75 and 80 very long scenario questions on each Professional-level exam. You may get a few non-scenario questions, but don't count on it.

In an AWS exam, can I mark questions for review? Can I see and change my answers before I submit them?

Yes. There's a checkbox at the bottom of each question, and each question you mark in this way will show up with a "*" on your response overview page. The response overview page has a grid listing all the question numbers and the response(s) you chose for each question. Pressing on a question number takes you directly back to that question.

Will the official exam tell me how many responses are needed for each question?

Yes. Also, see "Why do the ACloud.Guru quizzes not tell me how many responses are expected?" question elsewhere in this FAQ.

Where can I get the actual questions from the official AWS exams?

There are some legitimate question pools out there that non-AWS people have put together (such as the ones on ACloud.Guru!), but don't cheat yourself, your employer, or AWS by looking for, using, or contributing to any question dumps from the real exams. Sharing/communicating questions from your exam constitutes a breach of the non-disclosure agreement (NDA) you entered into with AWS before taking the exam and may result in a revocation of any certification(s) you achieve. Furthermore, passing a certification exam because of such techniques is dishonest and arguably reckless--akin to bribing a driving examiner for a driver's license without actually knowing how to drive. Instead, avail yourself of the ethical resources at your disposal: the free practice questions on the AWS site, the paid official practice tests, the ACloud.Guru course exams, and forum discussions that help you better-understand the AWS technologies.

How can I get better at answering AWS exam questions?

How well you do on the exams correlates strongly with how well you understand the AWS services--memorizing questions and answers is not a good idea--but here are some useful resources to help you close the gap between your understanding and your exam scores:

Rusty has written an excellent post on how to approach AWS exam questions in a way that will turn what you've learned about AWS into correct answers.

Brian Schuster has also written his tips for an effective exam mindset and using the process of elimination.

Using the Forums
How can I search the forums?

You could either use the built-in search box or use Google and add "site:acloud.guru" as a search term. For example: https://www.google.com/search?q=site%3Aacloud.guru+course+resources

Why did nobody answer my question?

There are a lot of possible reasons, but here are some tips to improve your forum posts:

Use the subject/question line to communicate information. A subject line like "Question" offers virtually no value to someone considering whether to click on it and read what you wrote. A much better subject line would be something like: "What is the purpose of the Source/Destination check?"

Know your audience. The forums are primarily for students like yourself to further your learning by interacting with other students. Of course there are instructors and moderators around, too, but they can't answer every question themselves. So try to aim your questions at students who might offer you some insight.

Start the conversation. Don't just paste in a sample question you found on the internet and expect everyone to spend their time answering it for you. Give others something to respond to by listing the things you believe are true about the situation and asking specific questions about the things you find confusing or uncertain.

Answer other people's questions. When you read someone else's question, can you answer it? And I don't just mean that you can you choose "C"--as if the person asking the question has the answer key. If you understand the topic well enough to teach it to someone else, then you can feel good about what you've learned. Prove to yourself that you have this level of learning by explaining the reasoning behind your answers--ideally with supporting references (links) to AWS documentation. Then reread your own answers and look for holes in your logic. Use other people's questions as your own little challenges to explore parts of AWS that you didn't know you didn't know. :)

Search the forums to see if your question has already been asked. If it has, either start the old conversation back up or at least refer to the previous discussion in your post and ask something new about it. If you were wondering about something, there's a good chance that someone before you was wondering about the same thing.

How do I contact Ryan or the other ACloud.Guru people?

They might see your forum post, but that's hit and miss. Instead, try emailing them at support@acloud.guru .

You can highlight the text above to change formatting