- Start with Udemy
- Author – Ryan Kroonenburg Course Name – AWS Certified Solutions Architect – Associate 2017
- Once you register for the above course, go to the author site – acloud.guru and you get free redemption of udemy course on this site. This is more updated version of the same course.
- Author – Chandra Lingam Course Name – FREE: Practice Test AWS Certified Solutions Architect – Read for networking concepts. Free course.
- Create AWS account for free tier and practice all lessons from Ryan’s course.
- Go through forums on acloud.guru
- Go through jayendrapatil website for notes
- Whiz labs – sample tests for practice. You get 8 full question papers to practice. Around $18.
Components of AWS:
IAM – Identity and Access Management
EC2 – Elastic compute cloud
S3 – Simple storage service
Route 53 – DNS
VPC – Virtual private cloud
EFS – Elastic file storage
EBS – Elastic block storage
SQS – Simple Queue Service
SES – Simple Email Service
SNS – Simple Notification Service
Forum pages from acloud guru that are most helpful for exam prep:
Only 55 questions. Mostly straight forward questions.
Around 15 questions from AWS Lambda, API Gateway & DynamoDB – Must Read FAQs.
One VPC Peering question.
One subnet = 1 AZ
EBS volume – encryption – Server side and client side.
EBS volume to Snapshot (Conversion Encrypted & Unencrypted)
Know the difference between NAT instance & NAT Gateway.
Know the difference between Security group & Network ACL.
Know how to configure federated users login to aws. Active directory
Choosing between Storage classes S3, S3-IA, glazier & RRS
Choosing the right EC2 instance type. DR MC GIFT PX
Choosing between SQS and SWF.
Long polling and short polling SQS
What is elastic cache.
What can you do with WAF ?
Which aws service you will have full control ?
two question from security process : Shared security responsibility and
underlying hardware and virtual instance.
2 questions from Kenesis – read Faqs
To attend scenario question. Don’t need to read the whole question. read and understand only the question given in the last few lines.
1) S3 – different classes use case (standard, IA for less access, Glacier for deep archive)
2) Combo: EC2, ELB, Autoscale (high availability = multi-AZ)
3) For Cost optimum EC2 – Spot / Reserved instances (characteristics/charge)
4) Databases: Complex relational joints= RDS vs Simple and single digit latency = DynamoDB
5) If need root access – EC2, EMR, Beanstalk don’t use managed services like RDS
6) VPC – NACL (stateless) vs SG (stateful), for internet access remember Internet gateway, public/elastic ip, route table to IGW
7) NAT Gateway (AWS managed, easy and scalable) vs NAT instance (manual EC2 instance, MUST disable source/destination check)
8) 1 subnet can only be 1 AZ – public subnet (with IGW) vs private subnet
9) Lambda – set trigger to create function with codes
10) EBS encryption – how?
11) EBS (persistent) vs Instance Store (ephemeral = stop and gone forever)
12) IAM (global) – Use IAM roles instead of IAM user when granting permission for security
13) How to create cross account access
14) SQS = for decouple task, when to change the visibility timeout, long polling vs short polling
15) STS – how to authenticate and give user access
Some of the questions read out like:
You launched a set of Ubuntu AMIs using Amazon ECS, but their resources don’t appear; why?
Your security team requires an ECS task to limit the privileges to only required users, how?
When an EBS snapshot is taken, can the drive be written to or is it read only?
You have high-priority clients requiring data transformative services via SQS. How do you architect it so their SQS messages are prioritized to take precedence over default messages.
When would CORS need to be enabled?
Which services natively encrypt data at rest?
Know a little bit about configuring a Windows Instance Using the EC2Config Service.
Understand what Total Cost of Ownership (TCO) is and how it applies to AWS.
Understand AWS STS and which security functions it involves
A question asked when you enable CloudTrail and VPC logs do you need to enable it on for the specific services or on the AWS account as a whole.
Know a little about spot instance pricing. A question asked if you bid .22 cents and the market price is .20; you get the instance and can run it for an 90 minutes before the market price jumps up to .25 cents. How much do you pay for the 90 minutes.
There was a question about CloudFront distribution where user’s can’t access an S3 bucket in USWest-2; they get a 404 response. Then they show you some code from the bucket
static1/* -> S3 bucket in USEast-1
* ->An ELB in USEast-1
static2/* ->S3 bucket in USWest-2
You need to interpret it and why the user’s get that message.
And another question asks how to make two PEERED VPCs (VPC1 and VPC2) have higher availability when VPC 1 only has a private subnet configured and a direct connect to your on-prem environment and VPC2 has only a public subnet and the IGW.
You should know about:
Not covered in the course:
- Options on authenticating using LDAP together with IAM.
Some extra topics I hadn’t seen here before or weren’t quite covered in enough detail:
I have seen many post saying exam has been updated and so i was just concern that i have just read the faq of these 3 new services [lambda,api gateway,ecs].
From your question
Your EC2 instances use an IAM role to access the ECS service.
Your ECS tasks use an IAM role to access services and resources.
is this a answer to your question?
Triggers of lambda
sns,dynamo db, kinesis stream, api gateway , s3, cloudwatch logs,event, iot etc….
Ecs mainly topics i think so is
Lambda mainly topics
integration with api gateway for example as custom authorize
how to scale , troubleshoot
Api gateway mainly topics
how to scale , troubleshoot
But there were definitely some things that stood out in my mind that weren’t covered or weren’t covered enough.
1. There were at least 3 questions about AWS ECS (EC2 Container Service). I was completely thrown off by these because they weren’t covered at all in the course. Definitely something to pay attention to. The one question that stands out was about if you could add a role to a container instance vs. a container task.
2. Lambda popped up at least 3 times during the exam as well. One question in particular was something to the effect of “Which events will trigger a Lambda?” and I had to pick at least 2 out of the five choices.
3. Stateless architecture and the components that you would need to build them popped up a few times too.
4. SQS! I don’t recall SQS coming up in the course a lot but I do remember coming up on your practice exam a lot. Thank goodness I did the extra research to make sure I knew it well before going into the exam. I definitely think their needs to be more emphasis placed on SQS and decoupling systems because this was definitely a point of reference on the test.
5. Make sure you understand VPC, RDS, EC2 & S3!!! The big 4 (That’s what I like to call them) were in full effect on the exam and understanding the difference between when to use RDS vs S3 vs DynamoDB was something they made sure I understood.
6. If you need some extra practice test to run through, check out Whizlabs. You get about 7 practice test to work on and those definitely helped a lot in preparing me for the exam. But don’t rely solely on those practice test!!!
There’s definitely a level of understanding you’re required to have in order to pass this exam! You can’t prepare for everything, so having a solid understanding of the concepts acloud.guru teaches in their courses is paramount in passing the exam since you will have to lean on it more than any type of memorizing you think you will be able to get by with.