AWS Certified Solutions Architect

Introduction

The AWS Certified Solutions Architect – Associate exam is intended for individuals who perform a Solutions Architect role. This exam validates an examinee’s ability to:

Identify and gather requirements in order to define a solution to be built using architecture best practices.
Provide guidance on architectural best practices to developers and system administrators throughout the lifecycle of the project.
The knowledge and skills required at this level should include all of the following areas and objective components.

AWS Knowledge

• Hands-on experience using compute, networking, storage, and database AWS services
• Professional experience architecting large-scale distributed systems
• Understanding of elasticity and scalability concepts
• Understanding of the AWS global infrastructure
• Understanding of network technologies as they relate to AWS
• A good understanding of all security features and tools that AWS provides and how they relate to traditional services
• A strong understanding of client interfaces to the AWS platform
• Hands-on experience with AWS deployment and management services

General IT Knowledge
• Excellent understanding of typical multi-tier architectures: web servers, caching, application servers, load balancers, and storage
• Understanding of Relational Database Management System (RDBMS) and NoSQL
• Knowledge of message queuing and Enterprise Service Bus (ESB)
• Familiarity with loose coupling and stateless systems
• Understanding of different consistency models in distributed systems
• Knowledge of Content Delivery Networks (CDN)
• Hands-on experience with core LAN/WAN network technologies
• Experience with route tables, access control lists, firewalls, NAT, HTTP, DNS, IP and OSI Network
• Knowledge of RESTful Web Services, XML, JSON
• Familiarity with the software development lifecycle
• Work experience with information and application security concepts, mechanisms, and tools
• Awareness of end-user computing and collaborative technologies

These training courses or other equivalent methodologies will assist in exam preparation:

• Architecting on AWS (aws.amazon.com/training/architect)
• In-depth knowledge or training in at least one high-level programming language
• AWS Cloud Computing Whitepapers (aws.amazon.com/whitepapers)
o Overview of Amazon Web Services
o Overview of Security Processes
o AWS Risk & Compliance Whitepaper
o Storage Options in the Cloud
o Architecting for the AWS Cloud: Best Practices
• Experience deploying hybrid systems with on-premises and AWS components
• Use of the AWS Architecture Center website (aws.amazon.com/architecture)

Response Limits
The examinee selects—from four or more response options—the one or multiple options that best complete the statement or answer the question. Distracters, or wrong answers, are response options that examinees with incomplete knowledge or skill would probably choose, and are generally plausible responses that fit into the content area defined by the test objective.

Test item formats used in this examination are:

• Multiple-choice: Examinee selects one option that best answers the question or completes a statement. The option can be embedded in a graphic where the examinee “points and clicks” on their selection choice to complete the test item.
• Multiple-response: Examinee selects more than one option that best answers the question or completes a statement.
• Sample Directions: Examinee reads the statement or question and, from the response options, selects only the options that represent the most correct or best answers given the information.

Exam Syllabus

Domain 1.0: Designing highly available, cost-efficient, fault-tolerant, scalable systems
1.1 Identify and recognize cloud architecture considerations, such as fundamental components and effective designs.

• How to design cloud services
• Planning and design
• Monitoring and logging
• Familiarity with:
o Best practices for AWS architecture
o Developing to client specifications, including pricing/cost (e.g., on Demand vs. Reserved vs. Spot; RTO and RPO DR Design)
o Architectural trade-off decisions (e.g., high availability vs cost, Amazon RDS vs installing your own database on EC2)
o Hybrid IT architectures (e.g., Direct Connect, Storage Gateway, VPC, Directory Services)
o Elasticity and scalability (e.g., Auto Scaling, SQS, ELB, CloudFront)

Domain 2.0: Implementation/Deployment
2.1 Identify the appropriate techniques and methods using Amazon EC2, Amazon S3, AWS Elastic Beanstalk, AWS CloudFormation, AWS OpsWorks, Amazon Virtual Private Cloud (VPC), and AWS Identity and Access Management (IAM) to code and implement a cloud solution.

• Configure an Amazon Machine Image (AMI)
• Operate and extend service management in a hybrid IT architecture
• Configure services to support compliance requirements in the cloud
• Launch instances across the AWS global infrastructure
• Configure IAM policies and best practices

Domain 3.0: Data Security
3.1 Recognize and implement secure practices for optimum cloud deployment and maintenance.

• AWS shared responsibility model
• AWS platform compliance
• AWS security attributes (customer workloads down to physical layer)
• AWS administration and security services
• AWS Identity and Access Management (IAM)
• Amazon Virtual Private Cloud (VPC)
• AWS CloudTrail
• Ingress vs. egress filtering, and which AWS services and features fit
• “Core” Amazon EC2 and S3 security feature sets
• Incorporating common conventional security products (Firewall, VPN)
• Design patterns
• DoS mitigation
• Encryption solutions (e.g., key services)
• Complex access controls (building sophisticated security groups, ACLs, etc.)
• Amazon CloudWatch for the security architect
• Trusted Advisor
• CloudWatch Logs