AWS CERTIFIED SOLUTIONS ARCHITECT SAA-C02 : HOW TO BEST PREPARE IN 5 STEPS

Recently, AWS announced the launch of a new version of the most popular certification in their program, the AWS Certified Solutions Architect Associate. The new exam has a code of SAA-C02 and replaces the previous SAA-C01 exam as of 23 March 2020.

In this article I walk you through how to best prepare for the AWS Certified Solutions Architect Associate SAA-C02 exam in 5 steps:

1. Understand the exam blueprint
2. Learn about the new topics included in the SAA-C02 version of the exam
3. Use the many FREE resources available to gain and deepen your knowledge
4. Enroll in our hands-on video course to learn AWS in depth
5. Use practice tests to fully prepare yourself for the exam and assess your exam readiness

I’ll walk you through the exam blueprint and break down the various “domains” of the exam guide so you know what to expect. I will also let you know the AWS services you need to study and what type of questions you will get in the exam. Lastly, I’ll introduce the certification training courses from Digital Cloud Training for the AWS Certified Solutions Architect Associate exam so you have the best resources available to ensure you pass your exam first time.

1 — Understand The AWS Exam Blueprint

This exam sits within the Associate level in the AWS training program and is recommended for individuals with at least one year of hands-on experience. The exam is intended for Solutions Architects and requires you to demonstrate knowledge of how to define a solution using architectural design principles based on customer requirements and provide implementation guidance based on best practices to the organization throughout the lifecycle of the project.

In the “AWS Certified Solutions Architect — Associate (SAA-C02) Exam Guide“, the following AWS knowledge is recommended:

• One year of hands-on experience designing available, cost-effective, fault-tolerant, and scalable distributed systems on AWS.
• Hands-on experience using compute, networking, storage, and database AWS services.
• Hands-on experience with AWS deployment and management services.
• Ability to identify and define technical requirements for an AWS-based application.
• Ability to identify which AWS services meet a given technical requirement.
• Knowledge of recommended best practices for building secure and reliable applications on the AWS platform.
• An understanding of the basic architectural principles of building in the AWS Cloud.
• An understanding of the AWS global infrastructure.
• An understanding of network technologies as they relate to AWS.
• An understanding of security features and tools that AWS provides and how they relate to traditional services.

The exam includes 65 questions and has a time limit of 130 minutes. You need to score a minimum of 720 out of 1000 points to pass the exam.

The question format of the exam is one of the following:

• Multiple-choice (one correct response from four options).
• Multiple-response (two or more correct responses from five or more options).

Most questions are 1–2 lines of a scenario followed by the actual question itself. They typically get straight to the point without any filler. With many questions in the AWS Solutions Architect Associate exam, you will find that there are multiple correct answers and you must select the answer that best fits the scenario. For instance, you may be asked to select the MOST secure, MOST cost-effective, or MOST operationally efficient option.

Important: Be very careful reading the wording of the question to ensure you select the correct answer! Sometimes small details can be easily missed that change the answer — so take your time when sitting the exam.

DOMAINS, OBJECTIVES AND EXAMPLES

The knowledge required is organized into four test “domains”. Within each test domain, there are several objectives that broadly describe the knowledge and experience expected to pass the exam.

If you’ve seen the old SAA-C01 exam blueprint you may notice that one domain has been removed: “Define Operationally Excellent Architectures”. This is the key difference between the SAA-C01 and SAA-C02 blueprints as can be seen in the image below.

Test Domain 1: Design Resilient Architectures

This domain makes up 30% of the exam and includes the following 4 objectives:

• 1.1 Design a multi-tier architecture solution
• 1.2 Design highly available and/or fault-tolerant architectures
• 1.3 Design decoupling mechanisms using AWS services
• 1.4 Choose appropriate resilient storage

What you need to know

You need to understand the various block, file and object storage technologies such as Amazon EBS, Instance Store, Amazon EFS and Amazon S3, and know their use cases.

You must be able to design multi-tier application architectures and know-how to decouple application components using technologies such as Amazon SQS and Amazon SWF.

The architectures also need to be highly available in the case of component failure, and able to recover in the case of major outages, so you need to know the various ways of implementing high availability and fault tolerance.

Technologies you need to understand include Amazon Elastic Load Balancing, Amazon Route 53, Amazon RDS Read Replicas and Multi-AZ, AWS Global Accelerator and Amazon CloudFront.

You also need to understand the AWS Global Infrastructure in order to determine how to design application stacks to best use the underlying infrastructure architecture.

Test Domain 2: Design High-Performing Architectures

This domain makes up 28% of the exam and includes the following 4 objectives:

• 2.1 Identify elastic and scalable compute solutions for a workload
• 2.2 Select high-performing and scalable storage solutions for a workload
• 2.3 Select high-performing networking solutions for a workload
• 2.4 Choose high-performing database solutions for a workload

What you need to know

You need to be able to select the best storage and database services to use for a given scenario, taking into account requirements for performance.

Technologies to increase performance may include a caching layer such as Amazon ElastiCache, Amazon DynamoDB DAX, or Amazon CloudFront and you need to select the best service to use in the situation presented.

You need to know how to effectively implement elasticity and scalability to your application architectures. This means understanding at an architectural and implementation level what to use and how to build it.

Elasticity and scalability services you need to understand include AWS Auto Scaling, EC2 Auto Scaling, and how to implement these features at the application, storage, and database layers of your application using AWS technology.

Test Domain 3: Design Secure Applications and Architectures

This domain makes up 24% of the exam and includes the following 3 objectives:

• 3.1 Design secure access to AWS resources
• 3.2 Design secure application tiers
• 3.3 Select appropriate data security options

What you need to know

You need to understand how to use native AWS technologies and solution architecture to create secure applications. This includes configuring security controls for authentication, authorization, and access and applying encryption to data.

You need to know how to design isolation and separation through AWS service architecture, Amazon EC2 instance deployment options and Amazon VPC configuration.

It is also recommended to understand the best practices for implementing services in the most secure manner and best practices for creating users, groups, and roles using AWS IAM. Which services can use multi-factor authentication is also required knowledge and you should understand the available AWS Directory Services at a high-level and when to use them.

Questions often come up asking you to identify which technologies include DDoS mitigation and these include AWS Auto Scaling, Amazon CloudFront, and Amazon Route 53.

You should also know how to implement monitoring and logging using Amazon CloudWatch and AWS CloudTrail, when and what penetration testing you are allowed to perform within the AWS cloud and what compliance programs AWS comply with.

Technologies you need to know for domain 3 include Amazon VPC, AWS KMS, AWS CloudHSM, AWS IAM, Amazon Cognito, and AWS Directory Services.

Test Domain 4: Design Cost-Optimized Architectures

This domain makes up 18% of the exam and includes the following 3 objectives:

• 4.1 Identify cost-effective storage solutions
• 4.2 Identify cost-effective compute and database services
• 4.3 Design cost-optimized network architectures

What you need to know

This is an important area of the exam which requires architects to consider cost-effectiveness when deploying application on AWS. You need to understand the various cost models of compute and storage services, what you pay for and what the best choices would be given a specific scenario. You also need to know which services are free and be able to compare the cost of different services that may suit a specific scenario. You’ll definitely need to understand serverless technologies such as AWS Lambda, Amazon Aurora Serverless, and Amazon ECS Fargate.

2 — Detailed breakdown of New SAA-C02 topics

If you’re looking for a detailed breakdown of what new topics are included in the AWS Certified Solutions Architect Associate SAA-C02 exam — below are some recommendations for specific knowledge you should attain that is specifically relevant to the new exam. You can read the entire article on my beta SAA-C02 exam experience here.

Storage

• Know your different Amazon S3 storage tiers! You need to know the use cases, features and limitations, and relative costs; e.g. retrieval costs.
• Amazon S3 lifecycle policies is also required knowledge — there are minimum storage times in certain tiers that you need to know.
• For Glacier, you need to understand what it is, what it’s used for, and what the options are for retrieval times and fees.
• For the Amazon Elastic File System (EFS), make sure you’re clear which operating systems you can use with it (just Linux).
• For the Amazon Elastic Block Store (EBS), make sure you know when to use the different tiers including instance stores; e.g. what would you use for a datastore that requires the highest IO and the data is distributed across multiple instances? (Good instance store use case)
• Learn about Amazon FSx. You’ll need to know about FSx for Windows and Lustre.
• Know how to improve Amazon S3 performance including using CloudFront, and byte-range fetches — check out this whitepaper.
• Make sure you understand about Amazon S3 object deletion protection options including versioning and MFA delete.

Compute

• You need to have a good understanding of the options for how to scale an Auto Scaling Group using metrics such as SQS queue depth, or numbers of SNS messages.
• Know your different Auto Scaling policies including Target Tracking Policies.
• Read up on High Performance Computing (HPC) with AWS. You’ll need to know about Amazon FSx with HPC use cases.
• Know your placement groups. Make sure you can differentiate between spread, cluster and partition; e.g. what would you use for lowest latency? What about if you need to support an app that’s tightly coupled? Within an AZ or cross AZ?
• Make sure you know the difference between Elastic Network Adapters (ENAs), Elastic Network Interfaces (ENIs) and Elastic Fabric Adapters (EFAs).
• For the Amazon Elastic Container Service (ECS), make sure you understand how to assign IAM policies to ECS for providing S3 access. How can you decouple an ECS data processing process — Kinesis Firehose or SQS?
• Make sure you’re clear on the different EC2 pricing models including Reserved Instances (RI) and the different RI options such as scheduled RIs.
• Make sure you know the maximum execution time for AWS Lambda (it’s currently 900 seconds or 15 minutes).

Network

• Understand what AWS Global Accelerator is and its use cases.
• Understand when to use CloudFront and when to use AWS Global Accelerator.
• Make sure you understand the different types of VPC endpoint and which require an Elastic Network Interface (ENI) and which require a route table entry.
• You need to know how to connect multiple accounts; e.g. should you use VPC peering or a VPC endpoint?
• Know the difference between PrivateLink and ClassicLink.
• Know the patterns for extending a secure on-premises environment into AWS.
• Know how to encrypt AWS Direct Connect (you can use a Virtual Private Gateway / AWS VPN).
• Understand when to use Direct Connect vs Snowball to migrate data — lead time can be an issue with Direct Connect if you’re in a hurry.
• Know how to prevent circumvention of Amazon CloudFront; e.g. Origin Access Identity (OAI) or signed URLs / signed cookies.

Database

• Make sure you understand Amazon Aurora and Amazon Aurora Serverless.
• Know which RDS databases can have Read Replicas and whether you can read from a Multi-AZ standby.
• Know the options for encrypting an existing RDS database; e.g. only at creation time otherwise you must encrypt a snapshot and create a new instance from the snapshot.
• Know which databases are key-value stores; e.g. Amazon DynamoDB.

Management and Governance

• You’ll need to know about AWS Organizations; e.g. how to migrate an account between organizations. Check out this article.
• For AWS Organizations, you also need to know how to restrict actions using service control policies attached to OUs.
• Understand what AWS Resource Access Manager is.

Application Integration

• Make sure you know the use cases for the Amazon Simple Queue Service (SQS), and Simple Notification Service (SNS).
• Understand the differences between Amazon Kinesis Firehose and SQS and when you would use each service.
• Know how to use Amazon S3 event notifications to publish events to SQS — here’s a good “How To” article.

3 — Check out our FREE Training resources

Click here to access free Video Tutorials, Practice Questions and other certification training resources for the AWS Solutions Architect exam. One of these great learning tools are the FREE online Training Notes on the Digital Cloud Training website which provide a deeper level of detail for all test domains of the Solutions Architect exam. All of our training resources are being fully updated with new content for the AWS Solutions Architect SAA-C02 exam.

Test your knowledge with these free AWS Certified Solutions Architect Associate SAA-C02 practice questions!

Learn more about our popular AWS practice exams that will help you fast-track your exam success!

4 — Enroll in our hands-on video training course

Whether you’re just getting started with AWS Certification Training, have on-the-job experience, or are continuing your education after taking other AWS exams, you will need to cover both the theory and practical aspects of Amazon Web Services in your journey.

Check out the AWS Certified Solutions Architect Associate Hands-On Labs course from Digital Cloud Training. With this instructor-led course, you’ll be fully equipped to ace your SAA-C02 exam for the AWS Certified Solutions Architect. This is the best way to learn AWS! Delivered through guided practice labs, our Hands-On Labs course teaches you AWS from creating a Free Tier account right through to building complex applications. No other course gives you so much hands-on experience with the AWS Cloud. No more death-by-powerpoint — this is about actually building architectures on AWS.

5 — Use practice tests to smash your AWS exam

The AWS Certified Solutions Architect Associate Practice Exams from Digital Cloud Training are designed to be representative of the question format and difficulty of the actual AWS exam. A great way not just of assessing your exam readiness, but also for learning the concepts as we provide detailed explanations and reference links for every question. But don’t leave it until the last minute, get started with AWS Certified Solutions Architect Associate Practice Exams early so you can ensure you’re on track.