In this blog article, I (Salim Masani) would like to share my exam experience along with strategies that helped me to clear the AWS Certification Exam. This blog article was originally written by Bhavesh Goswami and I have updated the article to match with latest exam trends.
AWS Certification Exam Levels
Below is the illustration for AWS Certification tracks currently open for professionals to take up.
AWS offers 9 certifications, which has 2 Professional, 3 Associate, 3 Specialty and 1 Cloud Essential certification as part of their certification tracks.
Recently Amazon has also introduced AWS Cloud Practitioner Essentials which is a foundation level program. This program covers some important Cloud concepts, AWS services limited to EC2, S3, VPC & RDS, security model, architecture, pricing and support plans. This certification gives an overall understanding of the AWS Cloud and is focused towards educating sales, marketing, project managers, business analyst and other IT professionals.
AWS has 3 Certification Tracks for Associate Level:
- AWS Certified Solutions Architect – Associate Level
- AWS Certified Developer – Associate Level
- AWS Certified SysOps Administrator – Associate Level
AWS has 2 Certification Tracks for Professional Level:
- AWS Certified Solutions Architect – Professional Level (Architect Associate Certification is a prerequisite)
- AWS Certified DevOps Engineer – Professional Level (Developer or SysOps Associate Certification is a prerequisite)
AWS offer following Specialty Certifications which can be taken up after clearing any of the Associate Certifications.
- Advanced Networking
- Big Data
About Professional Level Certification Exam
According to Amazon, “The AWS Certified Solutions Architect – Professional Level exam validates advanced technical skills and experience in designing distributed applications and systems on the AWS platform“. In my experience, it was a very comprehensive and advanced exam with a lot of real-world use cases being converted to exam questions. If you have not worked on projects which involves architecting infrastructure on AWS, it might be quite difficult to answer some of the questions. Below we break down the exam objectives and the kind of questions that you can expect from this certification exam.
The pre-requisites for appearing for this certification exam are:
- Cleared AWS Certified Solutions Architect – Associate Level certification. To know more about the AWS Solutions Architect – Associate Level Certification, click here.
- Although not strictly a pre-requisite, hands-on experience with AWS and/or some training will be required for clearing this certification. You must have experience architecting solutions fairly involving many services on AWS.
- The cost of the certification exam is $300.
- The exam has about 80 multiple choice questions. There is no hands-on tasks or writing needed as part of the exam. The duration of the exam is 170 minutes. It’s a fairly long exam, so go properly rested to be able to have the energy to keep going for three hours.
- The passing percentage is not disclosed and AWS says it is derived by “statistical analysis and are subject to change“. Although many LinkedIn discussions believe it to be around 65%, but nobody can really guarantee that.
- The results are obtained immediately after the exam and the certification is valid for two years.
- In case you fail, the retake policy mentions that you can take the exam again after a month. Maximum three attempts are allowed in a year and each attempt is charged separately.
Below are the exam domains and the extent to which they are represented in the exam.
1.0 High Availability and Business Continuity (15%)
This section deals with the ability to architect high availability solutions on AWS infrastructure. One needs to first understand the availability guarantee of each service and how they can be designed to provide higher availability than individual service does. For example, a single EBS volume has 99.95% uptime SLA and annual failure rate (AFR) which is 10 times more durable compared to commodity disk drives. But if storage in EBS requires higher durability compared to what EBS volumes natively provide, what kind of strategies can one use? Some of the examples are creating multiple volumes of the same size and creating a software raid on top of it and using that as a storage solution. Another solution can be taking frequent snapshots, as snapshots are stored in S3, the snapshots now get 99.99999999% durability.
The exam will have case scenarios to test your skills and understanding of various services to provide high availability. You can expect scenario based questions which will test your knowledge around deployments which need to survive availability zone or an entire region failure. So, you need to understand different kinds of DR scenario like pilot light, warm standby and high availability that is active-active case scenarios.
You may also have questions which will have RTO and RPO requirements and you may have to select appropriate services to achieve the same.
2.0 Costing (5%)
Detailed information about cost parameters of each service is needed to be remembered for this section. It might not be required to remember the exact cost, but the pricing parameters. Ways to reduce costs are the main part of this section. For example, the pricing parameters for S3 are bandwidth, storage and number of requests. Ways to reduce costs in S3 are using Reduce Redundancy Storage when applicable, reduce the bandwidth requirement by storing zipped content, etc.
Scenario-based question on consolidated billing and tagging can be expected in this section. Be ready to answer questions around cost optimization for EC2 instance. To answer such question, you need to be aware of different family types and their naming conventions. Understanding of reserved, on demand and spot instance is required to respond to questions in this section.
3.0 Deployment Management (10%)
Topics here include life cycle management of applications deployed on AWS. Strategies to have proper deployment for dev, testing, staging and production environments based on the given use case. Deep understanding of three main deployment services on AWS: CloudFormation, OpsWorks and Elastic BeanStalk is required.
For example, you might have an application deployed through AWS Beanstalk that is deployed first to testing, then to staging and later to production. The application has separate database for each. What are the best ways to manage the database connection strings? Also to consider things like how deployment strategies for the application that changes only once every few months will be different compared to applications updated multiple times a day.
You also need to understand different deployment models i.e. blue-green deployment, rolling deployment, etc
4.0 Network Design (10%)
This is fundamentally VPC, Direct Connect based network architecture for large AWS infrastructure. This includes judgement of what pieces of infrastructure goes into public vs private subnets, what are use cases that require NAT and such technologies, determination of Network ACL and Routing rules for given subnets. This also includes use cases of when a VPC should have Public Internet Gateway attached to it vs. only Virtual Private Gateway attached to it, or both at the same time. Hybrid deployments with VPNs are a big part of the use cases.
For example, a given system architecture relies on network-based IP blacklisting to protect against DDOS. When a DDOS in underway, where is it more efficient to blacklist the offending IP addresses? At Security Group, ELB, Network ACL, application layer or by modifying Routing rules.
You can expect a question around IPS and IDS deployment on AWS. A question on mitigation of DDOS attack and importance of WAF around it is also common. Understanding of https vs SSL listeners for ELB is required. There can be case scenarios around VPN, direct connect and VPC peering. Understanding of dynamic routing using BGP is a must. You may also get questions involving service endpoint for VPC and direct connect.
The exam may also test your knowledge on subnetting and IP reservation by Amazon VPC.
5.0 Data Storage (15%)
This section deals with object stores like S3, archive-storage like Glacier and block storage like EC2′s ephemeral storage and EBS. Questions are mostly use cases where the objective is to find the appropriate data storage method for that use case. Understanding the capabilities and cost associated with each of the services to replicate data within the region and across regions. You need to understand different types of storage options with S3. Also services, tools and technologies to replicate data from in-house to AWS infrastructure and vice versa (for example AWS Storage Gateway).
For example, you can get a case for raid 0 and 1 with EBS. Comprehensive understanding of the difference between general purpose and provisioned IOPS in EBS is required. You can get a scenario on how to backup for your ephemeral storage using DRBD.
Automated and manual snapshots for RDS and case scenarios for read replicas are common in the exam. It is advisable to go through the storage options whitepaper published by AWS.
6.0 Security (20%)
This topic is on how to secure infrastructure and applications hosted on AWS. With 20% weight, this is the meatiest section that can fetch you good scores. One needs to understand the concepts of STS service thoroughly along with IAM concepts. Service level security features e.g. encryption at block level for EBS, encryption for data at rest in S3, fine grained access control for DynamoDB, etc. can come in handy for questions related to compliance regarding data security & access. Network level security is another important area that needs to be understood well e.g. stateful vs stateless nature of firewall at security group/network ACL level. In addition, it will be a good idea to read about KMS and Hardware Security Module (HSM) & how it can interact with other services like RedShift, etc. to provide better management of your encryption keys.
For example, your case scenario might involve federation for Corporates that has active directory users or federation for web identity providers like Google and Facebook. You can expect at least one question around cross-account access.
Auditing will also be involved in case scenarios, so you need to understand CloudWatch, CloudTrail and AWS config.
7.0 Scalability & Elasticity (15%)
This section includes questions on how to scale applications on AWS, including making sure that it scales well horizontally and there is no single point of failure. Also, how to make sure application deployments are elastic so that it scales up and down automatically with the load. You can expect a case scenario with DynamoDB and SQS buffering, static website for video distribution using S3 and CloudFront. For this, you need to understand 2 different distribution protocols which are offered by CloudFront. You also need to understand case scenarios, where Cognito servers are better over federation for web users. You can expect case scenario involving multiple services like DynamoDB, SQS, SNS, ELB, CloudFront and Kinesis.
8.0 Cloud Migration & Hybrid Architecture (10%)
Although this section is weighted at only 10%, throughout the exam you might encounter multiple scenarios based questions that talk about Hybrid Architecture where AWS VPC is connected to your corporate data-center through a VPN tunnel. A deep understanding of setting up a VPN tunnel using Virtual Private Gateway & Customer Gateway using either static routing or dynamic BGP routing is required. There can be some scenarios where your knowledge will be checked on when to use static vs dynamic routing, when & where to use DirectConnect service. For example, the use case might involve VPN connections as well as DirectConnect and how would one divide traffic among both.
In addition to this, there could be use cases about migrating of in-house application stack to Cloud while minimizing the downtime using strategies like replicating your in-house database to the cloud using data-pipeline, DMS or other third party tools before the scheduled time window to perform switchover, etc. Use cases involving VM export-import and read replica for your DB which is running on premises to RDS. Understanding of Storage gateway cached volumes and gateway stored volume is also required.
Overall the exam is comprehensive and hands-on experience with AWS is a must. You get 170 minutes to respond to close to 80 questions. I had 77 questions in my exam. 90% of the questions are scenario based and you need to respond to them within 2 minutes each; which is very challenging. So, my advise is; if it is a very lengthy question which is not understood within 2 minutes; select a random answer; just mark it for review and proceed. If you spend too much of time behind one single question you may run out of time.
Here is some additional information that can help while planning for this exam.
- Read my blog post about Clearing AWS Solutions Architect – Associate Level
- Here is the exam blueprint by AWS
- AWS recommends 2 years of hands-on AWS experience
- AWS Whitepapers
- Reference architectures on AWS
We are also offering this course to help with preparation for this certification, click here to know more. If you would like us to contact you with more info, please fill out this form and we will get back to you.
If you have not already cleared Associate Level Certification, do it now. Check out the sample questions for AWS Solutions Architect Certification – Associate Level here.
How to Register
To register, click this link for exam registration. You will need to create an account before you register for the test.
Good luck!! If you have any questions, please mention them below and I will try to answer them. Also if you like the article please share it with others.