Especially thanks and claps to Sandeep Jan ✊ (https://acloud.guru/forums/aws-certified-solutions-architect-associate/discussion/-LUUMRYlJGcw4RGLTXw9/passed_sa_associate_exam_with).
- Remember Redis Auth for security :)
- Lots of questions on EC2, ELB and autoscaling... So understanding this concept really well by doing hands on labs
- Understand the default termination policy used in AutoScaling Groups (http://jayendrapatil.com/aws-auto-scaling/)
- Remember that in Security Group you can choose source as a specific ip (/32) or CIDR or another Security Group. e.g how to secure HTTP access to EC2 instances - allow access based on security group of ELB
- Understand that Network Loadbalancer is the only type of load balancer whch provides you a static ip which can then be whitelisted by your clients (http://jayendrapatil.com/aws-elb-network-load-balancer/)
- ECS is mainly used for batch workloads & micro services.
- Cloudfront & S3 Integration - This came up so many times... Understand the key concepts related to Origin Access Identity (OAI), S3 presigned url & Cloudfront Signed url
- Understand usecases for S3 Cross region replication - remember that at times this might be a better option than using cloudfront for latency specific issues especially when the data changes so often that caching at cloudfront doesnt make sense
- RDS MultiAZ vs Read Replicas (http://jayendrapatil.com/aws-rds-replication-multi-az-read-replica/)
- Aurora replica (up to 15 Read Replicas for a given DB Cluster) Glo and Aurora Global Database
- Kinesis Data Streams vs Kinesis Firehose. Understand the various aws services they connect to
- SQS default timeouts and scenarios based on that
- Understand what Code commit and code deploy does at a high level
- There was a internal json based question on cloudformation. It will look scary but you dont need to know cloudformation as this mainly testing Security group knowledge. Key to look for here is that FTP is TCP and not UDP
- Understand IAM role and where it should be used within Lamda
- Disaster recovery whitepaper at high level to undertand Pilot Light, RTO, RPO (http://jayendrapatil.com/aws-disaster-recovery-whitepaper/)
- Understand differences between Encryption at rest and SSL (for transit). Your application connect to RDS instance using its SSL endpoint and NOT using its encryption keys kms/rds
- S3 storage classes and lifecycle management. Remember that you can move data from S3 standard to Glacier within 1 day itself but moving to S3_Standard_IA and Onezone_IA requires 30 days
- EBS volume vs snapshot vs encryption options. Also understand AMIs are by default within the same region and can be COPIED to another region but this doesnt copy permissions automatically
- Understand Athena at high level (https://aws.amazon.com/athena/faqs/)
- S3 encryptions. Remember that if you want full control of your keys and data should be encrypted before reaching AWS then choose client side encryption with your own master key (http://jayendrapatil.com/aws-s3-data-protection/)
- Serverless Architecture --> API Gateway, Lambda, S3, DynamoDB
- Stateless Architecture --> Elasticache, DynamoDB, RDS
| SQS | EC2, ECS (micro services), ElasticBeanstalk, Lambda, SNS, S3 & Dynamo DB |
| Kinesis Stream | EC2, S3, Redshift, EMR, DynamoDB, Elastic Search |
| Kinesis Firehose | Lambda, S3, Redshift, Elastic Search & Splunk |
| SNS | HTTP(s), Email, Email Json, SMS, Lambda, MobilePush, SQS |
| S3 | SQS, SNS, Lambda |
| CloudTrail | S3 bucket, Cloudwatch log groups, SNS(which can then trigger lambda) |
| CloudWatch Alarms | SNS, Auto Scaling policies, EC2 action – stop or terminate EC2 instances, Lambda |
| CloudFront Origin | S3, EC2, ELB, Route53, on-premise server |
| Route53 Alias | S3 static site, ELB, Cloudfront, ElasticBeanstalk |
- NO public internet access to my EC2 / Not able to ssh or rdp to instance
- Check is internet gateway is attached to VPC
- Is IGW added to route tables
- Does your EC2 instance have elastic ip or public ip
- Check if security group is allowing port 22(SSH) or 3389 (RDP for windows)
Cheers and applause for Luciano Mammino https://loige.co/aws-solution-architect-associate-exam-notes-tips/