AWS Certified Solutions Architect - Associate (SAA-C03) Exam Guide: Aligned with the latest AWS SAA-C03 exam objectives to help you pass the exam on your first attempt

AWS Certified Solutions Architect - Associate (SAA-C03) Exam Guide

Copyright © 2024 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Authors: Michelle Chismon and Kate Gawron

Reviewer: Saibal Ghosh

Publishing Product Manager: Sneha Shinde

Senior Development Editor: Ketan Giri

Development Editor: Kalyani S.

Digital Editor: M Keerthi Nair

Presentation Designer: Salma Patel

Editorial Board: Vijin Boricha, Megan Carlisle, Simon Cox, Saurabh Kadave, Alex Mazonowicz, Gandhali Raut, and Ankita Thakur

First Published: November 2024

Production Reference: 1291124

Published by Packt Publishing Ltd.

Grosvenor House

11 St Paul’s Square

Birmingham

B3 1RB

ISBN: 978-1-83763-000-4

www.packtpub.com

Contributors

About the Authors

Michelle Chismon is a Senior Cloud Architect with a diverse background that spans the fields of bioinformatics, consulting, and education. After completing her Ph.D. in genetics and molecular medicine, Michelle transitioned into the world of cloud consulting, where she leveraged her unique background to provide innovative cloud infrastructure solutions for clients in various industries. Michelle’s dedication to continuous learning and improvement drove her to master the AWS ecosystem, and she subsequently became an AWS Authorized Instructor, delivering training on behalf of AWS worldwide.

During the 2020 pandemic and lockdown, Michelle trained a successful cohort of students in the AWS re/Start program, giving several people from disadvantaged backgrounds their jumpstart into the tech industry. She now works full-time at AWS working with some of the largest companies globally to solve their cloud infrastructure challenges.

LinkedIn profile: https://www.linkedin.com/in/beaumontmichelle/

Kate Gawron is a full-time Senior Cloud Consultant. She has worked with applications and databases for 18 years and AWS for 5 years. She holds four AWS certifications, including the AWS Certified Solution Architect–Associate certification, and two Google Cloud certifications. Kate currently works as a senior cloud architect, helping customers to migrate and refactor their applications and databases to work optimally within the AWS cloud. Kate has published a highly regarded exam guide for the AWS Certified Database – Specialty with Packt in 2022. She is also a part-time future racing driver. She was a competitor in Formula Woman, and she aspires to become a professional Gran Turismo (GT) racing driver.

LinkedIn profile: https://www.linkedin.com/in/katehollow

About the Reviewer

Saibal Ghosh is a seasoned professional with extensive expertise in Databases, Machine Learning, Cloud Security, Docker, Kubernetes, and the AWS Cloud.

He previously specialized as an Oracle DBA but has since expanded his expertise to include a broader range of databases beyond Oracle. His current focus also encompasses Data Engineering and Machine Learning.

As a Senior Technical Account Manager at Amazon Web Services, Saibal leverages his deep knowledge of cloud technologies to simplify AWS Cloud's complexities for customers, empowering them to effectively address their business challenges.

He is also the author of Docker Demystified published by BPB Publications, which underscores his ability to convey complex technological concepts clearly. Throughout his career, Saibal has embraced diverse roles, including developer, database administrator focused on performance tuning, trainer, and technical writer. His recent work deals with cloud technology, cloud security, telecommunications, and database management. With over two decades of experience combining technical expertise and business acumen, Saibal excels at delivering solutions that balance technical excellence with organizational goals.

Table of Contents

Preface

1

Understanding Cloud Fundamentals

Making the Most of This Book – Your Certification and Beyond

Cloud Computing

Cloud Deployment Models

Types of Cloud Services

The AWS Cloud

The Core AWS Services

AWS Global Infrastructure

AWS Architecture

Cloud Economics

Understanding Cloud Costs

Cost Optimization Strategies

Total Cost of Ownership (TCO) and Return on Investment (ROI)

Creating an AWS Account

Creating an IAM User and Access Keys

Installing the AWS CLI

Configuring the AWS CLI

Verify the Configuration

Summary

Exam Readiness Drill – Chapter Review Questions

2

Virtual Private Cloud

Introduction to AWS VPCs

Key Components of AWS VPCs

Stateful Versus Stateless

VPC Configuration Basics

CIDR Notation

IP Addressing and Subnetting in VPCs

Subnet Design Flexibility

AZs and Regions

Default VPC Versus Custom VPC

Security in AWS VPCs

Security Groups (SGs)

NACLs

VPC Connectivity

Internet Gateways

Network Address Translation (NAT) Gateways

Route Tables

Virtual Private Network (VPN) Connections

VPC Peering

AWS Transit Gateway

Hands-on Lab

Creating the First VPC

Creating Subnets for the First VPC

Setting up an Internet Gateway for the First VPC

Setting up a NAT Gateway for the First VPC

Configuring Route Tables for the First VPC

Repeating the Previous Steps for the Second VPC

Setting up VPC Peering

Creating the First VPC

Creating Subnets for the First VPC

Setting up an Internet Gateway for the First VPC

Setting up a NAT Gateway for the First VPC

Configuring Route Tables for the First VPC

Repeating the Previous Steps for the Second VPC

Setting up VPC Peering

Summary

Exam Readiness Drill – Chapter Review Questions

3

Identity and Access Management

An IAM Overview

Users, Roles, and Policies

Users

Groups

Roles

Policies

Identity Providers (IdPs)

IAM Access Analyzer

The IAM Policy Simulator

Hands-on Lab

Creating an IAM Group

Creating an IAM User

Creating a Custom Policy

Setting a Permissions Boundary for a User

Testing

Summary

Exam Readiness Drill - Chapter Review Questions

4

Compute

Introduction to Compute on AWS

Virtual Machines (VMs)

Containers

Elastic Compute Cloud (EC2)

Understanding EC2 Instance Types

Amazon Machine Images (AMIs)

Instance Store Versus Amazon Elastic Block Store (EBS)

Spot Instances

Reserved Instances (RIs)

Auto Scaling

AWS Elastic Beanstalk

Elastic Beanstalk Architecture

AWS Containers

ECS Architecture

ECS Optimization

EKS Architecture

EKS Optimization

AWS Fargate

AWS Batch

Working with AWS Batch

Instance and Container Security

EC2 Security

ECS or EKS Cluster Security

Hands-on Lab

EC2 Lab

ECS Lab

Summary

Exam Readiness Drill - Chapter Review Questions

5

Storage

Introduction to AWS Storage

Object Storage

Block Storage

File Storage

Amazon S3

Security Controls in Amazon S3

Versioning in Amazon S3

Lifecycle Policies and Storage Classes

S3 Replication

Amazon EBS

Storage Options

Data Persistence

EBS Snapshots

Amazon EFS

Lifecycle Policies and Storage Classes

Data Persistence

Performance

Amazon FSx

Amazon FSx for Windows File Server

FSx for Lustre

AWS Backup

Hands-on Lab

S3 Website

AWS Backup Plan

Summary

Exam Readiness Drill - Chapter Review Questions

6

DNS and Load Balancing

Overview of DNS

Domain Names

Anatomy of a DNS Name

DNS Resolution

Amazon Route 53

Route 53 DNS Resolution

Overview of Load Balancing

High Availability and Redundancy

ELB

Overview of Amazon CloudFront

Caching Rules

Security

Caching Content from an ALB

Caching Content from an Amazon S3 Origin

Summary

Exam Readiness Drill - Chapter Review Questions

7

Data and Analytics

Databases on AWS

Relational Databases

NoSQL Databases

Analytics on AWS

Amazon Redshift

Amazon EMR

Amazon QuickSight

AWS Glue

Amazon Athena

AWS Lake Formation

Machine Learning and Artificial Intelligence Tools

Amazon SageMaker

Amazon Rekognition

Amazon Comprehend

Data Ingestion and Streaming

Amazon Kinesis

Amazon Managed Streaming for Kafka

Hands-on Lab

Creating the Data Lake

Summary

Exam Readiness Drill - Chapter Review Questions

8

Migrations and Data Transfer

Storage Migration

AWS DataSync

AWS Transfer Family

AWS Storage Gateway

AWS Snow Family

Application Migration

Database Migration

Summary

Exam Readiness Drill - Chapter Review Questions

9

Serverless and Application Integration

Overview of Serverless

AWS Lambda

Application Integration Services

Amazon SQS

Message Deduplication

Amazon SNS

Amazon EventBridge

AWS Step Functions

Summary

Exam Readiness Drill - Chapter Review Questions

10

Security

Controlling Access

Encryption and Secrets Management

Encryption at Rest

Encryption in Transit

AWS Key Management Service (KMS)

AWS Secrets Manager

Threat Detection

Amazon Inspector

Amazon GuardDuty

Amazon Macie

AWS Security Hub

Protecting Applications

AWS WAF

AWS Shield

Hands-on Lab

Summary

Exam Readiness Drill - Chapter Review Questions

11

Management and Governance

Governance

AWS Organizations

AWS Control Tower

Provisioning and Orchestration

AWS CloudFormation

AWS Service Catalog

Centralized Operations

AWS Systems Manager

AWS Config

Logging and Monitoring

AWS CloudTrail

Amazon CloudWatch

Cost Management

AWS Budgets

AWS Cost Explorer

AWS Cost and Usage Reports

Hands-on Lab

Summary

Exam Readiness Drill - Chapter Review Questions

12

Design Secure Architectures

Design Secure Access to AWS Resources

Best Practices for Securing IAM Users

IAM Roles and RBAC

IAM Permissions at Scale

Design Secure Workloads and Applications

Threat Vectors: Detections and Mitigations

Application Network Security

Determine Appropriate Data Security Controls

Controlling Data

Encrypting Data

Summary

Exam Readiness Drill - Chapter Review Questions

13

Design Resilient Architectures

Designing Highly Available and/or Fault-Tolerant Architectures

Disaster Recovery Strategies

Designing Scalable and Loosely Coupled Architectures

Serverless Scalability

Summary

Exam Readiness Drill - Chapter Review Questions

14

Design High-Performing Architectures

High-Performing and Scalable Storage Solutions

Types of AWS Storage Services

Selecting Storage Services Based on Performance Demands

Designing Scalable Storage Solutions

High-Performing and Elastic Compute Solutions

AWS Compute Services Overview

Decoupling Workloads for Independent Scaling

Managing Compute Elasticity with Auto Scaling

Selecting Compute Resources Based on Business Requirements

High-Performing Database Solutions

Overview of Database Services

Performance Optimization in Databases

Selecting Database Engines and Configurations

High-Performing and/or Scalable Network Architectures

Overview of Network Services

Designing Scalable Network Architectures

Optimizing Network Performance

High-Performing Data Ingestion and Transformation Solutions

Overview of Data Ingestion Services

Designing Data Streaming Architectures

Data Transformation and Processing

Summary

Exam Readiness Drill - Chapter Review Questions

15

Design Cost-Optimized Architectures

Design Cost-Optimized Storage Solutions

Understanding AWS Storage Services and Cost Characteristics

Leveraging Storage Access Patterns for Cost Optimization

Design Cost-Optimized Compute Solutions

AWS Compute Service Pricing Models

Selecting the Appropriate Compute Service and Instance Type

Optimizing Compute Utilization

Leveraging the AWS Global Infrastructure for Cost Optimization

Design Cost-Optimized Database Solutions

Choosing the Right Database Service

Database Capacity Planning and Optimization

Leveraging Database Features for Cost Savings

Managing Database Backup and Retention Costs

Design Cost-Optimized Network Architectures

Network Connectivity Options and Their Costs

Optimizing Network Routing and Traffic Patterns

Utilizing AWS Cost Management Tools and Services

Summary

Exam Readiness Drill - Chapter Review Questions

16

Accessing the Online Practice Resources

Other Books You May Enjoy

Preface

The AWS Certified Solutions Architect - Associate (SAA-C03) exam is a key certification for IT professionals looking to demonstrate their ability to design and deploy scalable, highly available, and secure systems on AWS. This book is crafted to provide essential knowledge, practical exercises, and the insight needed to confidently pass the SAA-C03 exam. Whether you are an experienced professional or new to cloud computing, this guide will help you navigate the complexities of the exam with ease.

Why This Book?

The SAA-C03 exam covers a wide array of topics, from fundamental AWS services to advanced architectural concepts. This book simplifies these topics into digestible sections, providing real-world examples and hands-on labs to ensure that you can not only understand the material but also apply it effectively. By the end of this book, you will be well prepared to take the exam and implement your skills in real-world scenarios.

What This Book Covers

Chapter 1

, Understanding Cloud Fundamentals, helps you get a clear understanding of the fundamentals of cloud computing.

Chapter 2

, Virtual Private Cloud, teaches you about the intricacies of VPCs, giving you an in-depth understanding of their structure and functionality.

Chapter 3

, Identity and Access Management, provides you with a comprehensive understanding of IAM’s capabilities and mechanisms.

Chapter 4

, Compute, explores the diverse compute options available, ranging from traditional instances to modern container services.

Chapter 5

, Storage, delves deeper into the specifics of AWS’s storage options, ensuring that you are able to choose the most appropriate solution for your needs.

Chapter 6

, DNS and Load Balancing, covers the core concepts of DNS, Route 53, load balancing, and ELB to help you make optimal design decisions when architecting highly available applications on AWS.

Chapter 7

, Data and Analytics, explores the various AWS data and analytics services, teaching you how to evaluate the choices available.

Chapter 8

, Migrations and Data Transfer, teaches you about the processes and tools for migrating and transferring data to AWS.

Chapter 9

, Serverless and Application Integration, delves deep into the core principles and services that underpin the serverless paradigm, focusing on equipping you with the skills required to design and implement efficient, cost-effective, and resilient serverless applications.

Chapter 10

, Security, provides an overview of the key AWS security services.

Chapter 11

, Management and Governance, explains how to create compliance rules so that you can be alerted when rules are broken, how to auto-remediate broken rules, and how to enforce permissions across an entire cross-region, multi-account platform, among other things.

Chapter 12

, Design Secure Architectures, shows you how the services covered in previous chapters fit into the Design Secure Architectures exam domain.

Chapter 13

, Design Resilient Architectures, covers the two task statements from the Design Resilient Architectures exam domain.

Chapter 14

, Design High-Performing Architectures, focuses on the Design High-Performing Architectures exam domain and explores the key considerations across various components that contribute to building solutions that not only perform well under current loads but are also scalable.

Chapter 15

, Design Cost-Optimized Architectures, covers the four task statements from the Design Cost-Optimized Architectures exam domain.

How to Get the Most Out of This Book

This book is crafted to equip you with the skills necessary to excel in the SAA-C03 exam through practical explanations of major domain topics. It covers the core domains critical to the expertise that candidates need to pass the exam. For each domain, you will work through content that reflects real-world challenges and also complete hands-on labs for some. At the end of each chapter, you will assess your understanding by taking chapter-specific quizzes. This not only prepares you for the SAA-C03 exam but also allows you to dive deeper into the topics.

Online Practice Resources

With this book, you will unlock unlimited access to our online exam-prep platform (Figure 0.1). This is your place to practice everything you learn in the book.

How to access the resources

To learn how to access the online resources, refer to Chapter 16

, Accessing the Online Practice Resources, at the end of this book.

Figure 0.1 – Online exam-prep platform on a desktop device

Sharpen your knowledge of AWS SAA-C03 concepts with multiple sets of mock exams, interactive flashcards, and exam tips accessible from all modern web browsers.

Download the Color Images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book.

You can download it here: https://packt.link/SAAC03graphicbundle

Conventions Used

Code words in the text, database table names, folder names, filenames, file extensions, screen text, pathnames, dummy URLs, user input, and X handles are shown as follows: Type aws—version in the Terminal.

A block of code is set as follows:

aws ec2 create-vpc --cidr-block 10.0.0.0/16

New terms and important words are shown like this: In its early days, it offered Simple Storage Solution (S3) for storage and Elastic Compute Cloud (EC2) for computing power.

Tips or important notes

Appear like this.

Get in Touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected]

.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata

, selecting your book, clicking on the Errata Submission Form link, and entering the details. We ensure that all valid errata are promptly updated in the GitHub repository, with the relevant information available in the Readme.md file. You can access the GitHub repository at https://packt.link/SAAC03github

.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected]

with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com

.

Technical Requirements

To fully engage with the content and exercises in this book, you will need to meet the following technical requirements:

AWS account with root access:

You will need an AWS account with root access to complete the exercises in this book. Most of the services and examples fall under the AWS Free Tier, allowing you to experiment without incurring costs, provided your account is within the first 12 months of creation.

If you do not have an AWS account, you can create one at https://aws.amazon.com/free/

.

Command-line interface (CLI) access:

The AWS CLI will be used frequently throughout this book for interacting with AWS services from the command line.

To set up the AWS CLI, do the following:

Download the AWS CLI: Get the latest version from the CLI Installpage: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html

.

Create an IAM user: Follow the steps in the User Creation Guide, https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html

, to create an IAM user with administrative access and generate an access key.

Configure the AWS CLI: Use the aws configure command to set up your CLI profile with the necessary credentials. Detailed instructions can be found in the AWS CLI Configuration Guide: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html

.

A basic understanding of AWS services: While this book will teach you everything you need to know for the SAA-C03 exam, having a basic understanding of core AWS services such as EC2, S3, RDS, and IAM will be beneficial.

In addition to these technical requirements, it is important to have hands-on practice. Passing the SAA-C03 exam requires not just theoretical knowledge but also practical experience. Be sure to complete the exercises, experiment with AWS services, and apply your learning to real-world scenarios.

With these technical requirements met, you will be ready to begin your journey toward passing the AWS Certified Solutions Architect - Associate (SAA-C03) exam. Let’s dive in and unlock your full potential in cloud architecture, starting with an overview of the exam.

AWS Certified Solutions Architect - Associate (SAA-C03) Exam Overview

To assist in your preparations for the exam, it is worth looking at both the format of the exam and the topics that will be covered. This can guide you through your revision by allowing you to focus on the areas you are least confident in.

In this section, you are going to read about the following:

Exam format: What type of questions here are and how long you will have during the exam

Exam domains: The areas you will be tested on during the exam

First, let’s look at the exam format so you know what to expect after you have booked the exam.

Exam Format

All AWS exams are taken electronically, either at a test center or remotely via an online proctoring session.

The exam lasts 130 minutes and there will be 65 questions. If English is your second language or you have a disability that may impact your ability to complete the exam in 130 minutes, you can request an additional 30 minutes of exam time.

The pass mark will vary slightly between each exam, but the minimum will always be 720 out of 1,000. This variation is due to the questions being rated with varying difficulty, so they are weighted for fairness. As a rough guide, a pass should be obtained by answering 50 questions correctly.

Each exam has 15 questions that are not scored. These are used to evaluate questions for future versions of the exam. These unscored questions are not identified in the exam, so you should answer every question.

You are not penalized for incorrect answers and therefore you should attempt to answer all questions, even if you do not know the answer.

When you start the exam, you will first need to confirm your details, check that you have the right exam, and then sign a Non-Disclosure Agreement (NDA) that you will not share the exam questions. Once this is done, you will be given a brief overview of the exam and shown how to navigate through the screens.

The majority of the questions are situational, requiring you to be able to interpret the question to work out the correct answer.

The questions are all multiple choice, with two different styles:

Multiple choice: One correct answer and three incorrect answers.

Multiple answer: Two or more correct answers out of five or more options. The question will state how many answers are expected.

You can mark any questions for review at the end.

At the end of the exam, there is a survey about the exam and your preparation for it. You must complete this before receiving your exam result.

You will not typically receive your pass or fail result immediately, and you will only receive your full results and score once they have been verified. This verification normally takes three working days. Once the verification is complete, you will receive an email to your registered address and you will be able to obtain your full score report, which shows you how well you performed in each domain. This is particularly useful if you do not meet the passing grade as you will be given areas to focus your studies on for the next attempt.

You have learned the exam format and style of the questions. Now, take a look at the topics that will be covered in the exam, which this book will guide you through.

Exam Domains

The AWS Certified Solutions Architect – Associate (SAA-C03) exam covers four high-level topics encompassing a wide range of subjects and AWS services and solutions. These are as follows:

Table 0.1: The four exam domains in the SAA-C03 exam

The percentage refers to the most likely number of questions that will be asked in the exam. You can expect roughly the following number of questions in each domain:

Table 0.2: Rough number of questions from each domain

The AWS Certifications team provides a high-level description of each domain, including the key AWS services and technologies you will need to know to pass the exam. However, this exam expects you to be able to use multiple services to architect solutions based on scenarios, so simply knowing the names of AWS services is unlikely to be enough to earn a pass. In the next section, you are going to learn what each domain really means and the key topics within each. This can be used to help guide you while you study and prepare for the exam. Let’s begin with domain 1: Design Secure Architectures.

Domain 1: Design Secure Architectures

Building secure AWS architectures is vital for protecting data, applications, and infrastructure from threats. This requires knowledge of AWS services, infrastructure, and security best practices, including access control, identity services, and flexible authorization. In this section, we will cover three key task statements for designing secure systems:

Design Secure Access to AWS Resources

Design Secure Workloads and Applications

Determine Appropriate Data Security Controls

Design Secure Access to AWS Resources

Designing secure access to AWS resources requires understanding access controls, federated identity services, AWS infrastructure, security best practices, and the shared responsibility model. Key skills include applying IAM best practices, creating flexible authorization models, implementing role-based access control, managing security for multiple accounts, using resource policies effectively, and integrating directory services with IAM roles when needed.

You will need to know how to design and appropriately apply the following:

Adhering to AWS security best practices for IAM users and root users, which includes the use of multi-factor authentication (MFA) when appropriate.

Designing a flexible authorization model. This includes IAM users, groups, roles, and policies.

Creating a role-based access control strategy that incorporates AWS Security Token Service (AWS STS), role switching, and cross-account access.

Creating a security strategy for multiple AWS accounts, including AWS Control Tower and service control policies (SCPs).

Deciding the right use of resource policies for AWS services.

Deciding when to integrate a directory service with IAM roles.

Design Secure Workloads and Applications

Designing secure workloads and applications requires understanding application security, AWS service endpoints, protocols, network traffic, secure access, and external threats. Key skills include creating secure VPC architectures, planning network segmentation, integrating AWS security services, and securing external connections to and from AWS.

This includes the following topics:

Creating virtual private cloud (VPC) architectures with security components, including security groups, route tables, network access control lists (NACLs), and network address translation (NAT) gateways.

Planning network segmentation strategies, which involves determining how to structure your network using public and private subnets.

Integrating various AWS services to enhance the security of applications. This includes AWS Shield, AWS Web Application Firewall (AWS WAF), AWS Single Sign On (AWS SSO), and AWS Secrets Manager.

Securing external network connections to and from the AWS cloud, including VPN and AWS Direct Connect.

Determine Appropriate Data Security Controls

Determining appropriate data security controls requires knowledge of data access, governance, recovery, retention, classification, and encryption with key management. Key skills include meeting compliance requirements with AWS technologies, encrypting data at rest and in transit, managing access policies for encryption keys, implementing backups and data lifecycle policies, rotating encryption keys, and renewing certificates.

The following areas are covered in this section:

Aligning AWS technologies to meet compliance requirements

Using AWS Key Management Service (KMS) to encrypt data stored on AWS

Encrypting data in transit using AWS Certificate Manager (AWS ACM) and Transport Layer Security (TLS)

Setting up access policies for encryption keys

Setting up automated backup and data replication strategies

Implementing policies for data access, lifecycle, and protection

Regularly rotating encryption keys and renewing certificates to maintain security

In conclusion, domain 1 of the SAA-C03 exam covers the design of secure architectures on AWS. It requires knowledge of various AWS services, security best practices, and the shared responsibility model. It also tests your skills in designing secure access to AWS resources and secure workloads and applications. To succeed in this domain, you will need to have a deep understanding of AWS security, networking, and identity and access management.

Let’s now look at the second domain in the exam, Design Resilient Architectures.

Domain 2: Design Resilient Architectures

Designing resilient architectures is crucial for organizations utilizing AWS to ensure their systems can withstand failures and maintain high availability. Resilient architectures are designed to be scalable, fault-tolerant, and capable of handling disruption, allowing businesses to deliver reliable services to their users. In this section, you will explore two task statements within the domain of designing resilient architectures:

Design Scalable and Loosely Coupled Architectures

Design Highly Available and/or Fault-Tolerant Architectures

Design Scalable and Loosely Coupled Architectures

Creating scalable and loosely coupled architectures involves designing systems that can handle varying workloads and adapt to changing demands. It entails building components that can scale independently, enabling resource adjustments based on specific requirements. Important considerations in this area include the following:

Leveraging AWS services such as Auto Scaling to automatically scale resources based on workload fluctuations

Implementing loosely coupled architectures using services such as AWS Lambda, Amazon Simple Queue Service (SQS), or Amazon Simple Notification Service (SNS) to decouple components and enhance flexibility and scalability

Utilizing services such as Amazon Elastic Container Service (ECS) or Amazon Elastic Kubernetes Service (EKS) to manage containerized workloads efficiently and facilitate scaling

Design High Availability and/or Fault-Tolerant Architectures

Designing highly available and fault-tolerant architectures ensures system operability even in the face of failure or disruption. It involves implementing redundancy, fault isolation, and automated failover mechanisms. Key considerations in this area include the following:

Deploying solutions such as AWS Elastic Load Balancer (ELB) or Amazon Route 53 to distribute traffic across multiple instances or regions, ensuring continuous availability

Utilizing AWS services such as Amazon RDS Multi-AZ, which provides automated synchronous replication of databases to ensure data availability during failures

Incorporating fault isolation principles using concepts such as Availability Zones (AZs) or multi-region deployments to mitigate the impact of failures

Implementing automated failover mechanisms through services such as Amazon Route 53 DNS failover or AWS Elastic Beanstalk rolling deployments

In summary, domain 2 of the SAA-C03 exam focuses on designing resilient architectures on AWS. It requires expertise in designing multi-tier architectures for high availability and fault tolerance, as well as ensuring business continuity through disaster recovery and failover strategies. To succeed in this domain, you will need to have a thorough understanding of AWS services such as EC2, ELB, Route 53, and CloudFormation, as well as experience in designing highly available and fault-tolerant architectures.

Let’s now learn what domain 3, Design High-Performing Architectures, covers.

Domain 3: Design High-Performing Architectures

Designing high-performance architectures is vital for ensuring the smooth and efficient functioning of workloads on AWS. It involves identifying and selecting the right compute, storage, and networking solutions for your workload. To design high-performance architectures, you need to be familiar with various AWS services and understand their capabilities and limitations.

In this section, you will read about the five task statements related to designing high-performance architectures:

Determine High-Performance and/or Scalable Storage Solutions

Design High-Performance and Elastic Compute Solutions

Determine High-Performance Database Solutions

Determine High-Performance and/or Scalable Network Architectures

Determine High-Performance Data Ingestion and Transformation Solutions

Determine High-Performance and/or Scalable Storage Solutions

Selecting the right storage solutions is essential to achieve high performance and scalability in your architecture, ensuring efficient data storage, retrieval, and durability. When designing high-performance architectures, you need to consider the specific requirements of your workload, including data volume, access patterns, latency needs, and durability expectations.

You will need to understand how to do the following:

Evaluate AWS storage services such as Amazon S3, Amazon EBS, and Amazon EFS based on the specific performance needs of your workload

Implement caching mechanisms using services such as Amazon ElastiCache and Amazon CloudFront to enhance storage performance

Utilize sharding or partitioning techniques to distribute data across multiple storage instances for improved scalability

Design High-Performance and Elastic Compute Solutions

Designing high-performance and elastic compute solutions involves a careful evaluation of various compute resources provided by AWS and optimizing their performance to meet the requirements of your workload. This includes considering factors such as computational power, memory capacity, storage options, and networking capabilities.

You will be tested on your knowledge of the following:

Choosing AWS compute services such as Amazon EC2, AWS Lambda, and AWS Fargate based on workload characteristics and performance requirements

Implementing auto-scaling configurations to dynamically adjust compute resources based on workload demands

Leveraging AWS services such as Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS) to efficiently manage containerized workloads and enhance performance

Determine High-Performance Database Solutions

Selecting the right database solutions is crucial for achieving high performance and scalability in your architecture, enabling efficient data storage, retrieval, and