Thoughts on the exam
I originally planned to take the exam in 2017 but with some delay, I passed the AWS SAA exam this morning on my first try! I thought the exam was pretty tough but fair. I have not been exposed to AWS very much and the only hands-on experience was labbing around in my free tier AWS lab environment which – in all honesty – I have not done enough. So, this was much more a theoretical experience for me. Everything is new and the breadth of the AWS services can make your head spin. I come from an infrastructure and VMware background so learning about media encoding services, queue services, and NoSQL databases was pretty challenging at times. Thankfully, the bulk of the exam is based on core infrastructure-related services such as EC2, S3, and IAM.
Full disclosure: I was second-guessing myself on a lot of questions. I always flag questions of which I’m not a 100% sure and there were a LOT of flags in the end. I wasn’t sure I was going to pass when I hit the ‘End Exam’ button. By deducing and thinking logically about the provided scenarios and the given options I was able to pass the exam without really knowing some of the answers.
A Cloud Guru
If Nespresso didn’t already claim the slogan, I would simply say: What else? Based on community feedback, I purchased the A Cloud Guru video training by Ryan Kroonenburg. It is amazing and hands down one of the best video courses I have seen in ages. I binge-watched the entire series at 1.5 to 1.75 speed in about two days while recovering from some minor surgery and I could really, really answer a lot of the exam questions based on Ryan’s input from the course. Great stuff!
Udemy had a Christmas special and a lot of the courses were on sale for just €11. That’s an amazing bargain. As a matter of fact, there now is a New Year sale going on. I strongly urge you to visit Udemy and pick up your copy while you can. I loaded up on all the A Cloud Guru associate courses for just €33. You can even migrate your Udemy purchases to the A Cloud Guru platform.
AWS Certified Solutions Architect Official Study Guide
Yes, a good old-fashioned paper study guide! I was fortunate enough to win a free copy at the O’Reilly stand on the AWS re:Invent 2017 Expo. The book is really helpful. After watching the A Cloud Guru videos, I flipped through the book to dive deeper into topics I was feeling unsure about. I did not read the book cover to cover but really used it as an additional resource to get more specific details. It also provides an extensive assessment test and lots of practice questions. I would say they are pretty representative of the difficulty of the exam questions. Maybe the exam questions are a bit more scenario-based…
AWS Whitepapers and FAQs
The official exam preparation guide is pretty clear on this topic: Step 4: Study AWS Whitepapers and FAQs. They even spell out which whitepapers and FAQs to focus on. Pretty obvious you should really study these bits. In retrospective, my exam would have gone a lot smoother if I had paid even more attention to these resources. I’m pretty sure most of the exam questions can be answered using these documents alone. But I found it pretty hard to stay focused while reading a seemingly endless list of individual questions and answers. It’s pretty dry stuff and there often is a lot more detail provided in the answers not related to the exam at all.
The whitepapers, on the other hand, are really good and easy to read. Even if you are not interested in any of the exams or even specifically in AWS, they are a good read.
AWS Free Tier lab
Everyone interested in AWS in general and especially everyone looking to get AWS certified should create a lab environment in AWS. Period. I believe it is entirely possible to pass the Associate level exam without even touching an AWS environment but building labs, testing stuff yourself and playing around with all the features of the AWS services is the only way to really learn a new technology. This is obviously not specific to AWS but is applicable to every technical IT certification. I should have put in more lab time but Q4 2017 was insanely busy. I’m surely going to push forward on AWS certification, so I will make up any missed time for sure!
There are 55 questions in the exam. They are all fairly short multiple choice questions. Some are simple facts you have to know and some are scenario based in which you are given a specific design challenge or problem, and you have to come up with the proper solution. I had about 30 minutes left on the clock so in my opinion, there is more than enough time available. You can flag a question and move back and forward between questions. My strategy was:
- Read the question in full
- Answer the question (based on a first instinct if I didn’t know the answer straight up)
- Flag the question if unsure
- Move to the next question
- Go through all the questions once more and pay extra attention to flagged questions.
Most of the times there are one or two really obvious wrong answers to a question. You’re then left with two, maybe three viable options. By logically thinking, deducing and – in the worst case – guessing .. just come up with a definitive answer. Remember, it’s multiple choice. Odds are often 30% to 50% you’re guessing correctly. Don’t panic if you are not a 100% sure or even when you have no clue whatsoever. Just answer the question and move on 😉
Final tip: sometimes a question further up in the exam can give away the answer to an earlier question so pay attention!
The questions cover a lot of the core AWS services. Of course, you need to understand the foundational aspects of AWS such as regions, AZs and VPCs. EC2 and S3 are featured heavily in the exam but there were also a couple of questions on the fairly new Elastic Container Service (ECS). You should also understand important limitations of certain services. These are explained in the FAQs I mentioned earlier. You should know how to improve resiliency and redundancy in an AWS environment. Think of multiple AZs, redundant connections, auto-scale groups, load balancers, route 53, etc. Also, make sure you pay decent attention to the security whitepapers.
Looking back at the exam topic list I used in my preparation blogpost, I must say AWS does an excellent job of providing a detailed list of exam topics. With an exception here and there, all questions can be directly related back to this listing:
1 Designing highly available, cost-efficient, fault-tolerant, scalable systems
1.1 Identify and recognize cloud architecture considerations, such as fundamental components and effective designs. Content may include the following:
- How to design cloud services
- Planning and design
- Monitoring and logging
- Familiarity with:
- Best practices for AWS architecture
- Developing to client specifications, including pricing/cost (e.g., on Demand vs. Reserved vs. Spot; RTO and RPO DR Design)
- Architectural trade-off decisions (e.g., high availability vs. cost, Amazon Relational Database Service (RDS) vs. installing your own database on Amazon Elastic Compute Cloud (EC2))
- Hybrid IT architectures (e.g., Direct Connect, Storage Gateway, VPC, Directory Services)
- Elasticity and scalability (e.g., Auto Scaling, SQS, ELB, CloudFront)
2.1 Identify the appropriate techniques and methods using Amazon EC2, Amazon S3, AWS Elastic Beanstalk, AWS CloudFormation, AWS OpsWorks, Amazon Virtual Private Cloud (VPC), and AWS Identity and Access Management (IAM) to code and implement a cloud solution. Content may include the following:
- Configure an Amazon Machine Image (AMI)
- Operate and extend service management in a hybrid IT architecture
- Configure services to support compliance requirements in the cloud
- Launch instances across the AWS global infrastructure
- Configure IAM policies and best practices
3 Data Security
3.1 Recognize and implement secure practices for optimum cloud deployment and maintenance. Content may include the following:
- AWS shared responsibility model
- AWS platform compliance
- AWS security attributes (customer workloads down to physical layer)
- AWS administration and security services
- AWS Identity and Access Management (IAM)
- Amazon Virtual Private Cloud (VPC)
- AWS CloudTrail
- Ingress vs. egress filtering, and which AWS services and features fit
- “Core” Amazon EC2 and S3 security feature sets
- Incorporating common conventional security products (Firewall, VPN)
- Design patterns
- DoS mitigation
- Encryption solutions (e.g., key services)
- Complex access controls (building sophisticated security groups, ACLs, etc.)
- Amazon CloudWatch for the security architect
- Trusted Advisor
- CloudWatch Logs
3.2 Recognize critical disaster recovery techniques and their implementation. Content may include the following:
- Disaster recovery
- Recovery time objective
- Recovery point objective
- Amazon Elastic Block Store
- AWS Import/Export
- AWS Storage Gateway
- Amazon Route53
- Validation of data recovery method
4 Troubleshooting Content may include the following:
- General troubleshooting information and questions
I really love AWS. I’m going to push forward on AWS certification for sure. I feel the Professional level exam is a bridge too far for now. I will need to get some hands-on experience and real-life exposure to AWS projects. As I wrote earlier, I see a lot of opportunities with VMware Cloud on AWS and knowing the ins and outs of AWS, is imperative in my opinion to be successful as an SDDC and cloud architect delivering hybrid cloud environments. The real strength of VMware Cloud on AWS lies in the opportunity to integrate the hybrid SDDC environment with native AWS services.
From an AWS perspective, my logical next steps are most likely the DevOps and SysOps Associate exams. I do, however, still want to upgrade my VCDX5-DCV by taking the VCAP65-DCV Design exam. That’s top of my list now. And yes, VCDX-NV is also somewhere in the back of my mind…
So much to do, and so little time!