DEV Community

Cover image for How I studied for the AWS Solutions Architect Associate certification exam
Meir Gabay for ProdOps

Posted on • Updated on • Originally published at

How I studied for the AWS Solutions Architect Associate certification exam

In this blog post, I'm going to share how I studied, step-by-step, for the AWS Solutions Architect Associate certification exam.

And of course, due to COVID19, AWS is taking care of its learners - AWS Certification FAQs


Make sure you cover all the topics that are in the official AWS Certified Solutions Architect Associate Exam Guide, read more about it here. I passed the exam in Sep-2019, and it might have changed a little bit since then.


  1. It took me about 2-3 weeks to study
  2. I studied for about 4-5 hours a day
  3. I had minor experience in AWS with EC2 and S3 before I started studying
  4. Skim through all the topics before you start studying. It took me time to realize the best way for me to study, but it doesn't mean that it's the best way for you
  5. Content switching - I didn't want to learn one topic, and then learn a whole new topic, which will probably make me forget the previous topic. So I learned all of the topics bit by bit, which also helped me realize how different services can work together
  6. Learning for this type of exam is difficult, so if you're having a hard time, don't worry about it, in your 2nd week of learning, it will get much easier
  7. Learn with your mobile phone - I found it best to read most of the FAQs and official docs using my mobile phone in my spare time
  8. Here's my Social Badge
  9. If you wonder how the badge looks like in a Linkedin profile, you can check mine -

Getting Started

  1. Create an AWS account
  2. Create an IAM admin role, from now on, use only this role to perform any future actions in your AWS account
  3. Register for AWS Certified Solutions Architect - Associate 2020 by Ryan Kroonenburg and Faye Ellis. Original price is 179 USD so wait for it to be on sale, you can get if for 14-18 USD
  4. Complete the above course, including the quizzes
    • The course duration is 14.5 hours (excluding quizzes and exams), so to save time, set the videos speed to
      • x1.25 - 11.6 hours
      • x1.5 - 9.7 hours
  5. (Optional) If you have prior knowledge, take the Practice Exam 1 to understand your knowledge gaps, it's under Good Luck & What's Next

This Guide's Structure

  1. Even though you've already completed the Udemy course, I'm still going to put references to specific lectures that you should watch again to strengthen your knowledge
  2. Legend
    • πŸ“š - Official AWS docs/tutorials
    • πŸ“˜ - Non-official docs/tutorials
    • πŸ“Ί - Watch lecture(s) in the Udemy course

VPC - Basics

  1. Create a custom VPC - go through the following scenarios
    1. πŸ“š Scenario 1: VPC with a Single Public Subnet
    2. πŸ“š Scenario 2: VPC with Public and Private Subnets (NAT)


  1. πŸ“Ί Route53 > all lectures
    1. Understand what are DNS records, notably: A, SOA, NS, CNAME, and MX
    2. Get familiar with all available Routing policies
    3. (Optional) Register your domain directly from the AWS Route53 console

VPC - Subnets

  1. πŸ“˜ Understanding IP Addresses, Subnets, and CIDR Notation for Networking
  2. Practice on Subnets by using the CIDR calculator at and create Subnets in your custom VPC
    1. How many IP addresses are reserved by AWS?


  1. πŸ“Ί EC2 > all lectures
  2. πŸ“š Read more about IAM and EC2 instance roles


  1. Create an IAM role and attach it to your EC2 instance
  2. SSH to an EC2 instance and install AWS CLI on your instance
  3. Run aws s3 ls on the instance and make sure that it works
  4. Use the instance’s meta-data to figure out from the instance to which security groups it belongs to, hint: curl 169. …

By now you are familiar with

  1. Launch and configure EC2 instances
  2. Elastic Block Store (EBS)
  3. Subnets, IP Addresses, CIDR and Subnetmask
  4. Route Tables
  5. Internet Gateway (igw)
  6. Elastic IP (eip)
  7. πŸ“š NAT Instances (bastion) (πŸ’¬ AMI name contains amzn-ami-vpc-nat)
  8. πŸ“š NAT Gateway (ngw)
  9. πŸ“š Security Group (sg) - this topic is very important, so make sure you do a lot of practice
  10. πŸ“š Network Access Control List (NACL)
  11. πŸ“š Identity Access Management (IAM) - Users, Groups, Roles, and Policies
  12. Route53 and DNS records

VPC - Peering

  1. Go over the following scenarios
    1. πŸ“š Example: Sharing Public Subnets and Private Subnets
    2. πŸ“š Example: Services Using AWS PrivateLink and VPC Peering

IMPORTANT! Don't skip the above topic; it may appear in the exam


  1. πŸ“š Elastic Network Interface (ENI)

Note: No need to practice on adding a secondary ENI to your instance, if you do, make sure you take a snapshot before doing it

VPC - Flow Logs

  1. πŸ“š VPC Flow Logs


  1. πŸ“š Publish Flow Logs to CloudWatch, and keep in mind that it takes up to 10 minutes to get the initial Log Stream, so be patient
  2. (Optional) πŸ“š Install the Agent on a Running EC2 Linux Instance
    1. πŸ“š SSH to your EC2 instance, install and configure AWS Logs
    2. View the Log stream in CloudWatch Logs, what’s the name of the FlowGroup?
    3. Stop the awslogs service and remove the FlowGroup from the file /var/awslogs/etc/awslogs.conf

Storage - S3

  1. πŸ“š Simple Storage Service (S3)
  2. πŸ“Ί S3 > Identity Access Management > from IAM 101 to Transfer Acceleration


  1. Create a bucket in S3 and Publish Flow Logs
    1. SSH to your EC2 instance
    2. Copy one of the logs from your S3 bucket to the EC2 instance
    3. Extract the log from gz and read it, cool, huh? :)
  2. πŸ“š Creating a Trail
    1. πŸ“š Logging Amazon CloudWatch API Calls with AWS CloudTrail
    2. Turn off the Logging in the trail
    3. Disable AWS Cloudwatch alarm and delete VPC Flow Log - do it without removing the alarm, hint: possible only with aws-cli

VPC - Nat Gateway

  1. πŸ“š Nat Gateway


  1. πŸ“š Implement Scenario 2 and apply the NATSG: Recommended Rules
  2. SSH to private instance and run: curl, the returned IP should be the NAT Gateway Elastic IP (EIP)
  3. Delete the Nat Gateway and release the Nat Gateway's EIP

VPC - Direct Connect and VPC End Points

  1. πŸ“Ί VPCs > Direct Connect
  2. πŸ“Ί VPCs > VPC End Points

Storage - Storage Gateway

  1. πŸ“Ί Identity Access Management & S3 > Storage Gateway
    1. File Gateway
    2. Stored Volumes and Cached Volumes
    3. Tape Gateway

Storage - Snowball

  1. πŸ“Ί Snowball Overview and Snowball Lab
    1. Snowball
    2. Snowball Edge
  2. Know the answer to - when should I use it?

EC2 - Placement Groups

  1. πŸ“Ί EC2 > EC2 Placement Groups
  2. πŸ“š Placement Groups
    1. Clustered Placement Group
    2. Partition Placement Group
    3. Spread Placement Group

EC2 - Bootstrap Scripts and instance Meta Data

  1. πŸ“Ί EC2 > Using Boot Strap Scripts
  2. πŸ“Ί EC2 > EC2 Instance Meta Data


  1. πŸ“Ί Databases On AWS > all lectures
  2. Understand the difference between Multi-AZ vs. Read Replicas
  3. Get a deeper understanding of the following types of databases
    1. DynamoDB
    2. Redshift and Redshift Spectrum
    3. Aurora
    4. Elasticache
  4. Understand how to increase the performance of each DB
  5. Understand the basics of high availability architecture of DBs

VPC - Load Balancers

  1. πŸ“Ί HA Architecture > from Load Balancers Theory to Advanced Load Balancer Theory
  2. Understand the differences between Classic/App/Net Load Balancers
  3. Make sure you know the answer to - what are Health checks?

Theoretical - High Availability Architecture

  1. πŸ“Ί HA Architecture > from Autoscaling Groups Lab to HA Architecture Quiz
  2. πŸ“š Autoscaling Groups

Theoretical - Other Services

Get familiar with the following applications and services.

  1. πŸ“Ί Watch the lectures in Udemy
  2. CloudFormation
  3. Elastic Beanstalk - get familiar with
  4. Lightsail
  5. SQS - Super important, especially the short/long polling
  6. MQ
  7. SWF
  8. SNS - Make sure you know the πŸ“š limits
  9. Elastic Transcoder
  10. API Gateway - Super important
  11. Kinesis - What are the differences between
    1. Kinesis Streams
    2. Kinesis Firehose
    3. Kinesis Analytics
  12. Web Identity Federation and Cognito
    1. User pools
    2. Identity pool
  13. CloudFront and Edge Locations - Super important
  14. Macie
  15. ElasticSearch - πŸ“˜ Use Case 1, πŸ“˜ Use Case 2
  16. And any other services that appear in the Udemy course

Theoretical - Serverless

  1. πŸ“Ί Serverless > all lectures
  2. Make sure you fully understand how the following services work
    1. S3
    2. Lambda Functions
    3. DynamoDB
    4. Aurora Serverless


  1. Create a Lambda Function and invoke functions with HTTP requests by using API Gateway
  2. Which triggers are available for Lambda Functions?
  3. πŸ“š Create an API Gateway and a Lambda

Storage - S3, EBS and EFS

Even though you read about S3, go over it again, it's a huge topic, and there are lots of questions about this topic

  1. πŸ“Ί S3 > from S3 101 to Transfer Acceleration
    1. Different classes of S3 - Standard, IA, IA-Zone, Intelligent tiering
    2. Glacier and Glacier Deep Archive
    3. Security and encryption
      1. SSE - S3
      2. SSE - KMS
      3. SSE - C
    4. Client-side encryption and upload to S3
    5. Version control + MFA Delete
    6. Lifecycle management
    7. Cross-Region Replication
    8. Transfer Acceleration - Uses CloudFront
    9. πŸ“š S3 FAQ
  2. πŸ“Ί EC2 > from EBS 101 to AMI Types (EBS vs Instance Store) and Elastic File System


This exercise only covers KMS, since it's a difficult topic, but feel free to also practice the other topics

  1. Create another IAM user, call it developer, grant this user full admin access (don’t switch to this user)
  2. Create a key in KMS and allow only to your current admin user to use this key (developer can’t use it)
  3. Create a Lambda Function from scratch and add random environment variables
  4. Encrypt the environment variables with the key you’ve created earlier
  5. Login with your developer user and view the Lambda Function, can you see the environment variables?

Theoretical - Well-Architected Framework

It's best to go over all the official AWS Docs, but since it's time-consuming, skim through the Well-Architected Framework whitepaper

Exams - Practice

  1. Make sure you completed all the quizzes in the Udemy course
  2. Take the practice exams Practice 1 and Practice 2 in the Udemy course
  3. Register for AWS Certified Solutions Architect Associate Practice Exams, Original price is about 40 USD , but you can get it for sale at 14-18 USD
    1. Take as many exams as you can (the more, the merrier)
    2. Make sure you review the answers and explanations for each question, even if you answered correctly

Useful Resources

Skim through the following resources

  1. πŸ“š AWS Certification Preperation
  2. πŸ“˜ aws-cheat-sheet
  3. πŸ“˜ A Complete Guide to AWS Certified Solutions Architect Associate Exam
  4. πŸ“˜ Do Your Homework: 7 AWS Certified Solutions Architect Exam Tips

AWS Solutions Architect Associate certification exam

By now you should be ready to take the exam!

  1. πŸ’ͺ Take the AWS official practice exam (20 USD)
  2. ❓ If there's any topic that you're still not comfortable with, read the docs and FAQs. Feel free to comment to this blog post with questions!
  3. πŸŽ‰ Take the official AWS certification exam (150 USD)

Final words

Once you get the hang of it, it's fun to learn about AWS and use its services. I hope that this blog post helped you to design your learning path for this exam, and if it did, then πŸ‘/πŸ’Ÿ/🐴 and share!

Top comments (0)