Home >

AWS 2018 Exam Outline

AWS 2018 Exam Outline

Outline for the Amazon Certified Solutions Architect (Associate) exam

Posted on December 13, 2018 by Ernesto Garbarino


This is a rather rough outline that contains key points relevant to the Amazon Certified Solutions Architect (Associate) exam. My source material was primarily the A Cloud Guru course and the AWS documentation.

Note: Items with a bracketed exclamation mark (!) have consistently appeared on mock exams.

Installation of the AWS CLI tool

# install
pip install awscli

# authenticate
# create user on console to get Access Key Id/Secret
aws configure

Saved Configuration

$ cd ~/aws
$ ls -la

Application Services

(Simple Queue Service) SQS

Queue Types

Simple Workflow Service (SWF)

Amazon SNS

Elastic Transcoder

API Gateway


Kinesis Streams

Kinesis Firehose

Kinesis Analytics

Simple E-Mail Service (SES)

Similar to SendGrid

Cross Account Access

Cloud Front

CloudWatch & CloudTrail



CloudTrail is for auditing (e.g. user john created an S3 bucket) rather than monitoring and it is not the same as CloudWatch

Consolidated Billing



Amazon managed-service for in-memory caching:

Amazon RDS

For provisioned IOPS SSD Storage (io1), the following ranges apply:

Databases IOPS Storage
MariaDB, MySQL, PostreSQL 1k-40k 100GiB-32TiB
SQL Server Web/Express 1k-32k 100GiB-16TiB
SQL Server Standard/EE 1k-32k 20GiB-16TiB
Oracle 1k-40k 100GiB-32TiB

Automated Backups


Multi-AZ Replication

Read Replica


Troubleshooting Amazon RDS using Error Node responses

use XML::XPath; 
    my $xp = XML::XPath->new(xml =>$response); 
    if ( $xp->find("//Error") ) 
    {print "There was an error processing your request:\n", " Error code: ",
    $xp->findvalue("//Error[1]/Code"), "\n", " ",
    $xp->findvalue("//Error[1]/Message"), "\n\n"; }


Consistency Model (!)



Microsoft SQL Server

MySQL Connection Example from EC2

mysql -u ernie -p -h mydb.cugrv9uf52uw.eu-west-2.rds.amazonaws.com -D my_database

Direct Connect

Direct Connect vs VPN

EBS: Elastic Block Storage


RAID stands for Redundant Array of Independent Disks


EBS vs Instance Store


ECR: Amazon EC2 Container Registry

EC2: Elastic Compute Cloud

Reserved Instances

ECS: Elastic Container Service

Task Definitions

ECS Service

ECS Clusters

Scheduler types:



Running Apache on the Amazon AMI EC2 Instance

# after downloading key, remove access to group and others
chmod 400 myEC2.pem

# ssh into EC2 instance
ssh ec2-user@ -i myEC2.pem

# update packages on Linux AMI instance
sudo yum update -y

# install apache
sudo yum install httpd -y

# create page
echo "Hello World" > /var/www/html/index.html

# start httpd
sudo service httpd start

# always start at reboot
sudo chckconfig httpd on

Get Metadata (!)


Placement Groups


# Get EC2 Instances (including terminated ones)
$ aws ec2 describe-instances

# Get instance Ids
$ aws ec2 describe-instances | grep InstanceId

# aws ec2 terminate-instances --instance-ids 
aws ec2 terminate-instances --instance-ids i-0090856f1626a0928

EFS: Elastic File System

ELB: Elastic Load Balancer

EMR: Elastic Map Reduce

It allows root access (!)

IAM: Identity and Access Management


General Points



Load Balancing


An account management service that enables to consolidate multiple AWS accounts into an organisation that can be created and centrally managed.


Managed version of Chef / Puppet

Resource Groups

AWS Systems Manager

Route 53 & DNS

Top Level Domains

Domain Registrars

Start Of Authority Record (SOA)

Name Server Records

Name Server Records (NS) are used by Top Level Domain servers to point to the authoritative DNS that holds the DNS records.

Example of a NS record pointing to Amazon set up at a Registrar (e.g. GoDaddy)

mydomain.com. 86400 IN NS ns.awsdns.com

Common Record Types

Routing Policies


S3: Simple Storage Service

AWS CLI S3 commands

# list buckets
aws s3 ls

# list a bucket's files
aws s3 ls bucket1

# copy one bucket to another
aws s3 cp --recursive s3://bucket1 s3://bucket2

# copy static website under ./site to s3 and make public
aws s3 cp --recursive --acl public-read _site/ s3://garba-static

# dealing with InvalidRequest errors (specify EC2 region)
aws s3 cp s3://sao_paulo_bucket/cowboy.jpg /tmp/ --region eu-west-1

S3 Lifecycle Rules



The snowball software works similarly to the AWS cli tool. Software must be copied into “buckets” that will then end up in the proper cloud bucket when Amazon gets the appliance back:

./snowball cp hello.txt s3://my_bucket

Storage Gateway

STS: Security Token Service

It grants users limited and temporary access to AWS resources.

Users come from three sources:

  1. Regular Enterprise Federation
    • It typically uses Active Directory (AD)
    • It uses the Security Assertion Markup Language (SAML)
    • It relies on AD credentials
      • User does not need to be an IAM user
    • It allows single sign-on to the AWS console without IAM credentials
  2. Federation with Mobile Apps
    • OpenID providers
    • Examples:
      • Facebook
      • Google
  3. Cross Account Access
    • It lets users from one AWS account to access resources in another

Key terms

More facts

Support Plans

Property Basic Developer Business Enterprise
Customer Service 24x7 24x7 24x7 24x7
Trusted Advisor <= 7 checks <= 7 checks All checks All checks
Health notific. Dashboard Dashboard Dash. + API Dash. + API
Tech Support - E-mail 24x7+chat/phone 24x7+chat/phone
Who can do cases - primary contact all contacts all contacts
—general - <24h <24h <24h
—impaired - <12h biz hours <12h <12h
Severity resp.
— impaired - - <4h <4h
— down - - <1h <1h
— biz. down - - - <15m
Arch. support - gen. guidance contextualised per application
Launch support - + fee free
Cases via API - Yes Yes
3rd Party suppo. - - troubleshooting troubleshooting
Arch. review - - - WAF
Ops support - - - reviews
Training - - - online labs
Acc. assistance - - - concierge team
Dedicated AM - - - Yes
Pricing included $29/month+ $100/month+ $15k/month+

S3 Transfer Acceleration

Security Groups


Trusted Advisor

Security Checks (!)

VPC: Virtual Private Cloud

Amazon VPC is a capability that allows to provision a logically isolated section and network so that resources can be secured and grouped into trust areas.

ELBs and VPCs

Subnet Ranges

CIDR Prefix First IP Last IP Total
(10/8) 16,777,216
(182.16/12) 1,048,576
(192.168/16) 65,536


Creating a new VPC

Creating a new VPC results in the automatic creation of:

Unavailable IPs

For example, in a subnet with CIDR block, the following five IP addresses are reserved:

NAT Instances

NAT Instances are AMI virtual machines that work as a NAT router.

NAT Gateway

A NAT gateway is a cloud native managed service rather than a user-managed EC2 instance

Network ACL (NACL)

VPC Flow Logs

It allows capturing information about IP traffic going to and from network interfaces in a VPC using Amazon CloudWatch.

They can be created at three levels:

  1. VPC
  2. Subnet
  3. Network Interface Level



Two types

Internet Gateway

Online 1 Internet Gateway can be attached to a VPC

VPC Peering

General Q&A

You can conduct your own vulnerability scans within your own VPC without alerting AWS first? -> Answer is NO.

Well Architected Framework (WAF)

Introduction (Best Practices)

Cloud Benefits

Design for Failure



  1. Proactive cyclic scaling: (daily, weekly, etc)
  2. Proactive business event-based scaling (e.g. Christmas, product launch, etc.)
  3. Auto-scaling based on demand: based on metrics and triggers


File pillars

  1. Security
  2. Reliability
  3. Performance Efficiency
  4. Cost Optimisation
  5. Operational Excellence

General Design Principles


Design Principles

AWS Shared Responsibility Model

Security Best Practices

The key areas data protection, privilege management, infrastructure protection, and detective controls.

Data protection

Privilege management

Infrastructure protection

Detective controls


Design Principles

Best Practices

Key areas are foundations, change management, and failure management.


Change Management

Failure Management

Performance Efficiency

Design Principles

Best Practices

The four key areas are compute, storage, database, and space-time trade-off.



Space-Time Trade-off

Cost Optimisation

Design Principles

Best Practices

The four key areas are: matched supply and demand, cost-effective resources, expenditure awareness, and optimizing over time.

Matched Supply and Demand

Cost-effective Resources

Expenditure Awareness

Optimizing Over Time

Operational Excellence

Design Principles

Best Practices

The key areas are preparation, operation, and response.





General Last Points