DEV Community

Cover image for How I passed the Solutions Architect Professional with mostly free content🥇
Matt Lewis for AWS Heroes

Posted on

How I passed the Solutions Architect Professional with mostly free content🥇

First off, well done to anyone starting the journey to certification. Just being willing to study and take an exam puts you ahead of most others, so you should be rightly proud. For me, I like the goal of becoming certified and the structured content as a way to keep me motivated.

I was fortunate enough to pass the AWS SA Pro exam in the last month with an online proctored exam. I’ve had a few people ask what I thought of the course/exam, and also the online experience. Each individual has their own approach which works for them, so I’ll just set out what worked for me and how I found it.

Course

The AWS SA Pro is reputed to be toughest AWS exam but don't let that put you off. AWS is growing at such a rapid pace, there is no way you can have detailed knowledge about all services. Instead, I just focused on getting a good understanding of a number of core services, and then being able to understand use cases for many others. The exam is testing your understand of what makes a good architecture, and is not trying to catch you out on small technicalities.

I'm lucky to have a work subscription to ACloudGuru. For anyone studying for an exam there are a number of paid-for courses including from Linux Academy, WhizLabs and Exam Pro. There are some fantastic free resources available online such as AWS Training and FreeCodeCamp.

I found the practice exams were what helped most to get the right feel. I had a free voucher code so I also took the online AWS practice exam. I made a conscious decision I didn't want to get bogged down in detail, so for the online courses I tended to speed them up, and only make minimal notes. I also got huge value from watching re:Invent and re:Inforce videos on YouTube and reading a number of the AWS Whitepapers and Service FAQs.

Although the course content is broken down into 5 domains, many of it is cross-cutting, so the following is what I personally found most important, and this was reflected with the questions I had in the exam.

Network and VPC Design

A solid understanding of network and VPC design is crucial. This covers the different ways of connecting AWS to on-premises as well as connecting VPC to VPC. This also includes VPC design. By this stage, you need to understand differences between Security Groups, NACLs, public and private subnets, NAT Gateways, Internet Gateways and Egress-only internet gateways. It also includes basic knowledge of CIDR ranges and how to expand or change these in an existing VPC.

Video:

Whitepapers:

IAM

Another crucial topic is IAM. There is a common thread around being secure by design and applying least privilege, and this extends itself to understanding IAM and policies. You need to understand different policy types and their use cases. You also need to understand cross-account roles, the Security Token Service and federating identity either through SAML or web identity federation.

A useful tip is to remember the PARC model which stands for Principal, Action, Resource and Condition, and make sure you understand how each of them are used.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "effect",
            "Principal":"principal",
            "Action": "action",
            "Resource": "arn",
            "Condition":{
                "condition"{
                    "key":"value"
                }
            }
        }
    ]
}
Enter fullscreen mode Exit fullscreen mode

Conditions are particularly powerful. Common examples including enforcing SSL access only

      ...
      "Effect": "Deny",
      "Resource": [...],
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      ...
Enter fullscreen mode Exit fullscreen mode

and even restricting regions:

       ...
       "Condition": {
            "StringEquals": {
                "aws:RequestedRegion": [ "eu-west-1", "eu-west-2" ]
            }
        }
        ...
Enter fullscreen mode Exit fullscreen mode

Video:

Multi Account

The exam guide talks about designing a 'multi-account AWS environment for complex organizations'. This means look out for questions on AWS Organizations and how to use it. I set up AWS Organizations with a number of member accounts and applied different service control policies and looked at different options on consolidated billing and AWS Budgets, and it meant I could answer any of the questions I got on the exam.

Video:

Migration

Migration planning is called out as its own domain in the exam guide, and is another important topic. This covers migrating both applications and data, and choosing the most appropriate approach based on timescales, amount of data to transfer, type of application. There are useful sites that look at different options for hybrid cloud storage, online data transfer and offline data transfer:

Sites:

Videos:

Whitepapers:

New Solutions / Improving Existing Solutions

According to the guide, 60% of the exam content is on designing new solutions and improving existing solutions. This is when knowledge of modern application design and core AWS services is crucial, so get familiar with the AWS Well Architected Framework:

  • One of the design principles for performance efficiency is to "use serverless architectures" so pay particular attention to AWS Lambda, X-Ray, API Gateway, Cognito and DynamoDB amongst other services.
  • You need to understand how to use services like SQS, SNS, Kinesis and EventBridge to decouple consumers from producers.
  • You need to understand how to use Route53 and Load Balancers to increase availablility and support failover.
  • With best practice also being infrastructure as code, you will also need to understand CloudFormation. This includes the basic template anatomy, and what a valid template may look like, for example creating an EC2 instance from an AMI
Resources:
  MyEC2Instance:
    Type: "AWS::EC2::Instance"
    Properties:
      ImageId: "ami-0ff8a91507f77f867"
Enter fullscreen mode Exit fullscreen mode
  • Repeatable builds and deployments are crucial, so understand how CodePipeline, CodeBuild, CodeDeploy and ElasticBeanstalk can support various different deployment approaches such as A/B and canary.
  • You need to understand at a high level the different EBS volume types and EC2 instance types. Personally, I didn't feel I needed to know the exact network performance or volume size, but just understand the differences between general purpose, compute optimised, memory optimised and so on
  • You need to understand when to use a relational vs key-value vs columnar vs ledger database

This is also where it's important to understand some of the key service limits. For example, if processing will take longer than 15 mins then AWS Lambda is not appropriate. If you need a FIFO SQS queue then you need to know that you can't convert an existing standard queue.

Videos:

Whitepapers:

Taking the Exam Online

It was a different experience taking the exam online. To start off with, you need to have some software installed which also checks there is nothing else running. You then have to take pictures of your workspace, and you end up sitting there for around 15 minutes, waiting for these to be checked, before you can start the exam. It also felt different taking the exam at home, rather than a specific venue, but once I started it didn't have any effect.

It's important not to rush the questions and make sure you think through the approach for your chosen answer. For any question I was unsure on, I focused on the different possible answers, and it was often clear that they differentiated in one small aspect e.g. one suggested S3 and another EFS, one suggested SQS and another Kinesis. This really helped to focus on what the question was targetting, as it is very easy to get bewildered by the length of some of the questions. Where the answer was not obvious, I used a process of elimation, which is why it was good to remember some of the key service limits and what services integrate with what. This at least increased the chances of selecting the right answer.

I had flown through all of the practice exams, and expected to finish with plenty of time left. This didn't happen, but mainly as I was taking my time and making sure I didn't throw away any easy marks by rushing. You do need to keep track of the time, to make sure you don't spend so long on one question it forces you to speed up. After a number of minutes, if you still aren't sure, I always put my best answer down and marked for review so I could come back at the end.

Conclusion

So that was it. I'd managed to gain a sought after certification but more importantly increased my knowledge of AWS that can only make me better in my role. I genuinely enjoy learning and testing myself. Hopefully this has helps some of you, and encourages others to give it a go. Reach out if you have any questions.

Top comments (6)

Collapse
 
aronjohnson profile image
Aron Johnson

Thanks for compiling these resources and sharing. Much appreciated!

Collapse
 
diliprk profile image
Dilip Rajkumar • Edited

Thank you for the informative post Matt. I am going through the Cloud Architect nanodegree from Udacity. Do you recommend taking the AWS Cloud Solutions Architect Professional exam directly (skipping the associate level exam) for the very first AWS Certificate exam just by going through online courses from AIcloudGuru, resources listed in your post and taking 3 practice tests?

Collapse
 
mlewis7127 profile image
Matt Lewis

I personally took the Solutions Architect Associate exam first. It used to be a requirement though you can now go straight to Professional. Without knowing personal circumstances, I would recommend taking the associate first, as it gets you used to AWS exam conditions and you should be ready to take that earlier. It acts as a good spring board. I have friends who then went to broaden knowledge and took Developer or SysOps Associate. I took the Security Speciality next as it was an area I wanted to go deeper in. Good luck whatever you choose to do.

Collapse
 
robincher profile image
Robin Cher

Or alternatively, take the SA Associate course and have a strong foundation before attempting to take SA Pro.

I am currently preparing for my AWS Pro, and despite having a year of AWS experience for my day-to-day job, i still think i am pretty green when trying some AWS pro practice paper. Ultimately, i decide to go through a full SA course and some practice papers first :).

I do have a colleague that go AWS pro directly with 4-5 days of preparation (and he did passed the exams), so just have your own learning path that you think suits you best.

Collapse
 
sunilc_ profile image
Sunil Kumar • Edited

Very well written Matt!

I bought a course on gumroad a couple of weeks back and loved it. This is created by Daniel Vassalo and Josh Pschorr who have worked inside AWS for 11+ years. This is a must have course to learn the intricate details of AWS concepts.

Checkout it out here:
Single License: gumroad.com/a/238777459/MsVlG
Team License: gumroad.com/a/238777459/EpUED

Collapse
 
nivesh002 profile image
Nivesh

thanks for sharing your info.