What worked for me passing the AWS Certified Solution Architect Professional Exam

Some thoughts on the exam. Unfortunately the odds where not in my favor the first time I sat it my score was ( 645 — but needed 750 to pass)

Second time I done it I passed with a score in 900

Again biggest is around time management and again the keywords “LEAST Effort, MOST Cost Efficient, LEAST Impact/Disruption” — real test being around eliminating 2 incorrect answers and narrowing in on the remaining 2.

In terms of questions presented and topics on the exam while still fresh in my mind.

• AWS Cognito
• CIDR Ranges
• Making VPC secure
• Direct Connect
• VPN
• Snowmobile Vs Storage Gateway
• AWS Batch
• ECS Vs Fargate and When to use Spot Instances, Spot Fleet, Reserved Instance and On Demand Instances & use cases.
• Incorporating SSO from corporate AD restricting access to a designated S3 Bucket

One of the questions from memory was around you are presented a Networking Diagram with 3 VPCs — VPCA / VPCB / VPCC — In between them there is a router — Question is specifically asking if you should set up a transit gateway, a VPC peering connection and what security groups you need to ensure are open / closed etc / this also includes the default route table with IGW.

Collecting instance logs before the EC2 instance dies (Selections on answers were around CW Logs Agent, Cron scripts, CW Events rules with Lambdas).

One question from memory also was around you have 24 hours to migrate 16TB of data, you have a Direct Connect connection also that had an overall internet bandwidth left of 30%. Database migration service and when to use AWS Server Migration Service

Direct Connect VIF — know what this is!

• Centralised logging with using Kinesis streams with Cloudwatch — Cheapest solution was asking
• IPSec tunnels
• One question was around migrations and gave a scenario if you should ReFactor / Rehost / RePlatform.
• One question was around you need to increase an extra 3000 IOPS and asked which was going to be the MOST cost effective

EFS mounting on EC2 instances and the cost comparisons in hosting on S3 or new EBS volumes

Security teams storing last preapproved AMIS in Dynamo DB and only wanting to use these and how to prevent teams from launching

AWS Macie — know what this is!

AWS Config — know what this is!

One question from memory also was around setting up a call centre and asked which services would allow you set up a call centre (AWS Connect) — From there the question was asking about how to separate the calls, also some interaction would need to be queried at the application level and responded back to the caller on the phone, Lambda, LEX and SQS was listed in the question ( I choose LEX, Connect and Lambda because of the return of information back to the caller however I reallllly wanted to pick SQS because of the different queues needed, wasn’t sure if this was able to be done with Connect itself) :/

Know about SSM Manager for patching Windows machines that they need to occur to 2 different groups established via tags and not to cause any downtime or overlap to both groups. (AWS-RunPatchBaseline document ) (AWS-DefaultPatchBaseline)

• Route 53 , latency routing, geolocation and health checks.
• Proxy Protocols
• Dynamo DB Global Tables
• Read Replicas / Elasticache

Understand VPCs in the same account for test and development purposes and only allowing Developers accessing resources in specific accounts.

Further services to be aware of.

When to use VM Import / Export if converting on-premises web server to an AMI.
X-Ray and path based troubleshooting 5xx errors
SCP’s and whether you should apply these specifically to an entire AWS Organisations OU or create individual team IAM users with customer managed policies.
Lambda@Edge
Analysing logs in S3
Athena and CW Logs.
Pre-warming Elastic Load Balancers
Lambda functions to reuse containers