AWS Solutions Architect Professional Exam Feedback
I just passed the AWS Solutions Architect Professional Exam and would like to give you a quick rundown of the material I used to study and the areas that I focused on.
Hope this helps you with your preparation and wish you the best of luck with your exam!
This time I chose for the Ultimate AWS Certified Solutions Architect Professional 2020 course from Stephane Maarek.
On top of this, I found that Re:Invent videos are an awesome resource for this exam since they contain tons of architectures and helpful explanations. I have added a list of great talks down below.
Finally, I finish it up with practice exam questions, here I chose AWS Certified Solutions Architect Professional Practice Exam from Jon Bonso. His questions helped me a lot in previous exams and so again for this exam.
And lastly, this is a wonderful video to get a first idea of the content and what to expect.
This time the length and amount of questions were just really hard to cope with. 75 long mostly multiple-choice questions were draining my concentration and it took me roughly 2 hours for the first pass of all questions.
I've read some horrible feedback on the internet of 6 possible multiple choice answers and questions texts so long you forget what you read at the end, but I can't confirm that.
The length is long but in line with the complex questions from Jon Bonsos test exams and the ones from the official AWS practice test.
In the end, my one takeaway is really to do the practice tests from question 1 to 75 in one sitting. Even if your smashed and tired afterwards that's the real exam experience.
How did I study?
I know that everyone studies differently and that's perfect. Here is just my way of studying and handling loads of information.
- Start with the Udemy course and watch it completely
- Do one test exam and mark all questions that I'm unsure off
- Read the feedback and deep dive on those topics, often I find myself lacking knowledge in specific domains (Looking at you Route53 😄)
- Meanwhile, watch the Re:Invent videos (2019/18 ones)
- Do the next test only when I'm confident that I learned from my mistakes
- Before the exam, rewatch the videos on the topics that I'm unsure off
Here comes the juicy part we are all here for. This is a collection of all focus areas I can remember but also the ones that I found most challenging. I added all the resources and whitepapers that I used to study. Often I find reading the FAQs or the developer guide super helpful. Especially if it contains architectures.
These are my recommended Re:Invent videos that I watched to study and found helpful.
If you only have time to watch one go with this one, it's such a gem: AWS re:Invent 2019: Advanced VPC design and new capabilities for Amazon VPC (NET305-R1)
AWS re:Invent 2019: The right AWS network architecture for the right reason (NET320-R1)
AWS re:Invent 2019: AWS Transit Gateway reference architectures for many VPCs (NET406-R1)
AWS re:Invent 2019: Deep dive on DNS in the hybrid cloud (NET410)
Great for questions about DDOS and attacks inbound from CloudFront and this video helps to explain the architecture. AWS re:Invent 2019: Using Amazon CloudFront, AWS WAF, and Lambda@Edge to keep spammers out (CMY303)
I had some questions about EFS but not FSX, so select from this video: AWS re:Invent 2019: Deep dive: File storage for business-critical applications (STG238)
Reading all these whitepapers would take way too much time so I always skim through them and stop at topics that I find interesting or need to deep dive on. But I recommend you give it a try, they are super helpful for this exam. Here is the selection of whitepapers that I bookmarked.
Migrating AWS Resources to a New AWS Region
Secure Content Delivery with Amazon CloudFront
Best Practices for VPCs and Networking in Amazon WorkSpaces Deployments
Security Pillar - AWS Well-Architected Framework
And lastly, these are some of the services I encountered in the exam. This is not a complete list of all services but a list of topics that I stumbled about in the exam or found complex to understand.
- SCPs and how they can restrict IAM permissions
- Do SCPs from a higher OU account overrule the lower OU SCPs? Service control policies
- Can you set up a CloudTrail in the master account or do you have to enable it in the OU accounts to consolidate the trails? Creating a Trail for an Organization
- How can the master account create billing reports for the OU accounts and send these reports to the managers of this OU? Organizational Units with AWS Organizations
- DMS and SCT
- What are the steps you have to take to migrate an eg. 20TB Oracle database to RDS Postgres?
- Understand what happens in which order: First SCT, then Snowball and lastly DMS?
- How to do you migrate a mix of on-prem servers and VMware servers into AWS?
How to Migrate Your Oracle Database to PostgreSQL
Migration and Transfer overview
- DR up and down really understand RTO and RPO
- Think about how long will it take to get the infrastructure up and running.
Migrating AWS Resources to a New AWS Region Whitepaper
- How to get everything from Region A to Region B
- Think of RDS instances, EBS volumes, KMS keys, EC2 servers...
Watch the Re:Invent video above
- Inbound or Outbound
- AD federation in and out
- MS AD on-prem, how do you enable Workspaces to use AD and SSO with the AD credentials? Launch a WorkSpace Using AWS Managed Microsoft AD
- Troubleshoot why your S3 bucket is not accessible from your EC2 instance with VPC endpoints
- Example: Private EC2s, Aurora and S3 with VPC endpoint. Do you need a Nat Gateway and the Internet Gateway? Using Amazon CloudFront with Multi-Region Amazon S3 Origins
- EC2 spot or Fargate cheaper to run an unregular workload?
- S3 bucket in Europe how to make it available for your viewers in the US via Cloudfront?
- Lambda@Edge runs your code in response to events generated by the Amazon CloudFront content delivery network (CDN). See use-cases and architectures: Lambda@Edge Interesting blog post regarding Authorization@Edge: How to Use Lambda@Edge and JSON Web Tokens to Enhance Web Application Security
- S3 resides outside of a VPC and can be accessed from a private VPC through a S3 VPC Endpoint. S3 Enpoints
- You can replicate objects between different AWS Regions or within the same AWS Region.
- Cross-Region replication (CRR) is used to copy objects across Amazon S3 buckets in different AWS Regions.
- Same-Region replication (SRR) is used to copy objects across Amazon S3 buckets in the same AWS Region.
- Enable versioning to replicate.