SAA-C02 考点概要

Refer: https://jayendrapatil.com/aws-certified-solutions-architect-associate-saa-c02-exam-learning-path/

Networking

• Be sure to create VPC from scratch. This is mandatory.

• Create VPC and understand whats an CIDR and addressing patterns

• Create public and private subnets, configure proper routes, security groups, NACLs. (hint: Subnets are public or private depending on whether they can route traffic directly through Internet gateway)

• Create Bastion for communication with instances

• Create NAT Gateway or Instances for instances in private subnets to interact with internet

• Create two tier architecture with application in public and database in private subnets

• Create three tier architecture with web servers in public, application and database servers in private. (hint: focus on security group configuration with least privilege)

• Make sure to understand how the communication happens between Internet, Public subnets, Private subnets, NAT, Bastion etc.

• Understand difference between Security Groups and NACLs (hint: Security Groups are Stateful vs NACLs are stateless. Also only NACLs provide an ability to deny or block IPs)

• Understand VPC endpoints and what services it can help interact (hint: VPC Endpoints routes traffic internally without Internet)

• VPC Gateway Endpoints supports S3 and DynamoDB.

• VPC Interface Endpoints OR Private Links supports others

• Understand difference between NAT Gateway and NAT Instance (hint: NAT Gateway is AWS managed and is scalable and highly available)

• Understand how NAT high availability can be achieved (hint: provision NAT in each AZ and route traffic from subnets within that AZ through that NAT Gateway)

• Understand VPN and Direct Connect for on-premises to AWS connectivity

• VPN provides quick connectivity, cost-effective, secure channel, however routes through internet and does not provide consistent throughput

• Direct Connect provides consistent dedicated throughput without Internet, however requires time to setup and is not cost-effective

• Understand Data Migration techniques

• Choose Snowball vs Snowmobile vs Direct Connect vs VPN depending on the bandwidth available, data transfer needed, time available, encryption requirement, one-time or continuous requirement

• Snowball, SnowMobile are for one-time data, cost-effective, quick and ideal for huge data transfer

• Direct Connect, VPN are ideal for continuous or frequent data transfers

• Understand CloudFront as CDN and the static and dynamic caching it provides, what can be its origin (hint: CloudFront can point to on-premises sources and its usecases with S3 to reduce load and cost)

• Understand Route 53 for routing

• Understand Route 53 health checks and failover routing

• Understand Route 53 Routing Policies it provides and their use cases mainly for high availability (hint: focus on weighted, latency, geolocation, failover routing)

• Be sure to cover ELB concepts in deep.

• SAA-C02 focuses on ALB and NLB and does not cover CLB

• Understand differences between CLB vs ALB vs NLB

• ALB is layer 7 while NLB is layer 4

• ALB provides content based, host based, path based routing

• ALB provides dynamic port mapping which allows same tasks to be hosted on ECS node

• NLB provides low latency and ability to scale

• NLB provides static IP address

Security

• Understand IAM as a whole

• Focus on IAM role (hint: can be used for EC2 application access and Cross-account access)

• Understand IAM identity providers and federation and use cases

• Understand MFA and how would implement two factor authentication for an application

• Understand IAM Policies (hint: expect couple of questions with policies defined and you need to select correct statements)

• Understand encryption services

• KMS for key management and envelope encryption

• Focus on S3 with SSE, SSE-C, SSE-KMS

• Know SQS now provides SSE support

• AWS WAF integrates with CloudFront to provide protection against Cross-site scripting (XSS) attacks. It also provide IP blocking and geo-protection.

• AWS Shield integrates with CloudFront to provide protection against DDoS.

• Refer Disaster Recovery whitepaper, be sure you know the different recovery types with impact on RTO/RPO.

Storage

• Understand various storage options S3, EBS, Instance store, EFS, Glacier, FSx and what are the use cases and anti patterns for each

• Instance Store

• Understand Instance Store (hint: it is physically attached to the EC2 instance and provides the lowest latency and highest IOPS)

• Elastic Block Storage – EBS

• Understand various EBS volume types and their use cases in terms of IOPS and throughput. SSD for IOPS and HDD for throughput

• Understand Burst performance and I/O credits to handle occasional peaks

• Understand EBS Snapshots (hint: backups are automated, snapshots are manual)

• Simple Storage Service – S3

• Cover S3 in depth

• Understand S3 storage classes with lifecycle policies

• Understand the difference between SA Standard vs SA IA vs SA IA One Zone in terms of cost and durability

• Understand S3 Data Protection (hint: S3 Client side encryption encrypts data before storing it in S3)

• Understand S3 features including

• S3 provides a cost effective static website hosting

• S3 versioning provides protection against accidental overwrites and deletions

• S3 Pre-Signed URLs for both upload and download provides access without needing AWS credentials

• S3 CORS allows cross domain calls

• S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.

• Understand Glacier as an archival storage with various retrieval patterns

• Glacier Expedited retrieval now allows object retrieval within mins

• Understand Storage gateway and its different types.

• Cached Volume Gateway provides access to frequently accessed data, while using AWS as the actual storage

• Stored Volume gateway uses AWS as a backup, while the data is being stored on-premises as well

• File Gateway supports SMB protocol

• Understand FSx easy and cost effective to launch and run popular file systems.

• FSx provides two file systems to choose from: Amazon FSx for Windows File Server for business applications and Amazon FSx for Lustre for high-performance workloads.

• Understand the difference between EBS vs S3 vs EFS

• EFS provides shared volume across multiple EC2 instances, while EBS can be attached to a single volume within the same AZ.

• Understand the difference between EBS vs Instance Store

• Would recommend referring Storage Options whitepaper, although a bit dated 90% still holds right

Compute

• Understand Elastic Cloud Compute – EC2

• Understand Auto Scaling and ELB, how they work together to provide High Available and Scalable solution. (hint: Span both ELB and Auto Scaling across Multi-AZs to provide High Availability)

• Understand EC2 Instance Purchase Types – Reserved, Scheduled Reserved, On-demand and Spot and their use cases

• Choose Reserved Instances for continuous persistent load

• Choose Scheduled Reserved Instances for load with fixed scheduled and time interval

• Choose Spot instances for fault tolerant and Spiky loads

• Reserved instances provides cost benefits for long terms requirements over On-demand instances

• Spot instances provides cost benefits for temporary fault tolerant spiky load

• Understand EC2 Placement Groups (hint: Cluster placement groups provide low latency and high throughput communication, while Spread placement group provides high availability)

• Understand Lambda and serverless architecture, its features and use cases. (hint: Lambda integrated with API Gateway to provide a serverless, highly scalable, cost-effective architecture)

• Understand ECS with its ability to deploy containers and micro services architecture.

• ECS role for tasks can be provided through taskRoleArn

• ALB provides dynamic port mapping to allow multiple same tasks on the same node

• Know Elastic Beanstalk at a high level, what it provides and its ability to get an application running quickly.

Databases

• Understand relational and NoSQLs data storage options which include RDS, DynamoDB, Aurora and their use cases

• RDS

• Understand RDS features – Read Replicas vs Multi-AZ

• Read Replicas for scalability, Multi-AZ for High Availability

• Multi-AZ are regional only

• Read Replicas can span across regions and can be used for disaster recovery

• Understand Automated Backups, underlying volume types

• Aurora

• Understand Aurora

• provides multiple read replicas and replicates 6 copies of data across AZs

• Understand Aurora Serverless provides a highly scalable cost-effective database solution

• DynamoDB

• Understand DynamoDB with its low latency performance, key-value store (hint: DynamoDB is not a relational database)

• DynamoDB DAX provides caching for DynamoDB

• Understand DynamoDB provisioned throughput for Read/Writes (It is more cover in Developer exam though.)

• Know ElastiCache use cases, mainly for caching performance

Integration Tools

• Understand SQS as message queuing service and SNS as pub/sub notification service
• Understand SQS features like visibility, long poll vs short poll
• Focus on SQS as a decoupling service
• Understand SQS Standard vs SQS FIFO difference (hint: FIFO provides exactly once delivery both low throughput)

Analytics

• Know Redshift as a business intelligence tool
• Know Kinesis for real time data capture and analytics
• Atleast know what AWS Glue does, so you can eliminate the answer

Management Tools

• Understand CloudWatch monitoring to provide operational transparency
• Know which EC2 metrics it can track. Remember, it cannot track memory and disk space/swap utilization
• Understand CloudWatch is extendable with custom metrics
• Understand CloudTrail for Audit
• Have a basic understanding of CloudFormation, OpsWorks