The Best AWS Solutions Architect Associate Cheat Sheet Ever

AWS Solutions Architect Associate Cheat Sheet

If you’re aiming for the Amazon Web Services (AWS) Certified Solutions Architect Associate certification, you’ve made a brilliant decision.

Given the sheer amount of study materials, the difficulty of this exam, and the limited time you’ll have to prepare, it can be challenging to decide which AWS Certified Solutions Architect Associate items are the most important to review.

If you’re in this situation, our AWS Solutions Architect Associate cheat sheet will be convenient as both an overview and a refresher. 

It goes over AWS compute, networking, storage, database, deployment, and management services and how they integrate into the exam.

Keep this AWS Solutions Architect cheat sheet handy by downloading it here

If you’re ready, let’s dive in.

About AWS Solutions Architect

The AWS Certified Solutions Architect - Associate exam (SAA-C03) is a single test comprising 65 questions. The question formats are multiple-choice and multiple-response, and the exam lasts 130 minutes and has four domains:

  • Design Secure Architectures (30%)
  • Design Resilient Architectures (26%)
  • Design High-Performing Architectures (24%)
  • Design Cost-Optimized Architectures (20%)
AWS Solution Architect Associate Domains

The exam has no prerequisites, but familiarity with basic programming concepts and at least a year of hands-on experience designing cloud solutions that use AWS services would be an advantage. 

Knowledge of AWS Cloud Practitioner also helps, and the passing score is 720 out of 1000. Each exam attempt costs $150 USD.

AWS Certifications
AWS Certification Pathway

Although AWS Solutions Architect Associate isn’t a vendor-neutral certification, mastering the cloud computing services it encompasses will help you make the most out of AWS. 

It is popular among many large companies such as Facebook, Netflix, Adobe, and BBC, and that’s what makes it such an in-demand certification in cloud computing.

AWS Solutions Architect Associate Domains

This AWS Solutions Architect Associate cheat sheet arranges concepts to align with our AWS Solutions Architect course subtopics. Diagrams put concepts into a visual form, and tables compartmentalize information. 

Here’s a key to finding items by domain:

Hashtag (remember to type the # symbol)Domain
#secDesign Secure Architectures (30%)
#resDesign Resilient Architectures (26%)
#hpDesign High-Performing Architectures (24%)
#coDesign Cost-Optimized Architectures (20%)

AWS Solutions Architect Associate Cheat Sheet Search

Search our AWS Solutions Architect Associate cheat sheet to find the right cheat for the term you're looking for. Simply enter the term in the search bar and you'll receive the matching cheats available.

AWS Foundations and Services

Here are basic terms in AWS that recur throughout our cheat sheet:

DomainConceptExplanation
#sec #res #hp #coRegionSeparate geographic area that AWS serves.
#sec #res #hp #coAvailability Zone (AZ)Multiple isolated locations in each Region.
#sec #res #hp #coManagement ConsoleFor managing and monitoring users, services, health, and billing.
#sec #res #hp #coAWS Direct ConnectAn alternative to using the internet to connect to AWS.

AWS Security and Costs

This section concerns who you allow to access your AWS services and how much it costs to use AWS.

DomainConceptExplanation
#secIdentity and Access Management (IAM)Fine-grained access control system across all of AWS.
#secKey Management Service (KMS)For data encryption, to centrally manage and securely store your encryption keys.
#coBudgetsFor setting budget alerts for your budgeted cost or usage amount.
#coCost ExplorerExplore AWS costs and usage at high and detailed levels of analysis.

AWS Cloud Services Overview

The following table is about cloud computing on AWS.

DomainConceptExplanation
#hpInfrastructure as a Service (IaaS)Provides access to an AWS global network, computers (virtual or on dedicated hardware), and data storage space.
#hpPlatform as a Service (PaaS)Provides supporting infrastructure, usually hardware and operating systems, to allow users to focus on deploying and managing applications.
#hpSoftware as a Service (SaaS)The service provider runs and manages a completed product for end users.

AWS Storage Design

We must know what storage services are available with AWS to choose the ones that best fulfill our needs.

DomainConceptExplanation
#sec #res #hp #coSimple Storage Service (S3)Object-level storage in the cloud. Objects are files.
#sec #res #hp #coGlacierFor archival data (cold).
#sec #res #hp #coCloudFrontTo bring data closer to end users.
#sec #res #hp #coElastic Block Store (EBS)Block-level, for rapid-access data (hot).
#sec #res #hp #coStorage GatewayQuasi-VPN connection into the Amazon Cloud for data retrieval.
#sec #res #hp #coSnow family (Snowball, Snowball Edge, Snowmobile)For mass data migration to the cloud.

Virtual Private Cloud (VPC)

A VPC is your personal data center in the AWS cloud. 

DomainConceptExplanation
#sec #hp #coElastic IP Addresses (EIPs)Public IP addresses from the VPC Region.
#sec #hp #coElastic Network Interfaces (ENIs)Virtual network interface attached to an instance.
#sec #hp #coEndpointsAWS endpoints connect VPCs to different AWS services.
#sec #hp #coVPC PeeringConnects one VPC to another non-transitively.
#sec #hp #coSecurity Group• Acts like a firewall
• Defines allowed traffic flows
- Ingress (entrance)
- Egress (exit)
• Implicit deny
#sec #hp #coNetwork Access Control Lists (NACLs)• Applied on subnets
• Stateless processing
• Supports allow and deny rules
#sec #hp #coNetwork Address Translation (NAT)Translates between private IP addresses and public IP addresses
#sec #hp #coVirtual Private Gateway (VPG)• Connects local networks to the VPC
• VPG is the VPN concentrator
#sec #hp #coCustomer Gateway (CGW)Physical device or software application that connects to the VPG.

Compute Services Design

This section focuses on EC2 and how to use AWS to perform computing operations on data stored in the AWS cloud.

EC2 Deployment
EC2 Deployment
DomainConceptExplanation
#sec #res #hp #coElastic Compute Cloud (EC2)Virtual machine in the cloud
#hp #coEC2 Instance TypesGeneral Purpose
• Compute Optimized
• Memory Optimized
• Storage Optimized
• Advanced Computing
#hp #coGeneral Purpose: T2, M5, M4, and M3• T2 provides burst performance
• M5, M4, and M3 have no burst option
- Good for development, staging, etc.
#hp #coCompute Optimized: C5, C4, and C3Useful for CPU- intensive applications
- Media coding
- Intensive batch jobs
- Many concurrent users
- Gaming servers
- Anything compute-intensive
#hp #coMemory Optimized: X1e, X1, R4, and R3Useful for high memory requirements
- Processing large data sets
- In-memory databases
- Big data processing
#hp #coStorage Optimized: H1, I3, and D2Useful for high sequential read/writes to local storage
- Relational databases
- Data warehousing
- Image storage and processing
#hp #coAdvanced Computing: P3, P2, G3, and F1Useful for specialty hardware compute requirements
- Graphic Processing Unit (GPU)
- Field Programmable Gate Array (FPGA)
#coEC2 Pricing Categories• On-demand
• Reserved
• Spot
#res #coEBS ConsiderationsPersistent block storage.
#hp #coCompute OptimizerAWS tool to reduce costs and improve performance.

Compute Services Implementation

This section is about how to get EC2 instances up and running and various other considerations.

The table below lists considerations with pros and cons:

DomainConceptExplanation
#coShared TenancyMultiple instances on a physical machine.
#sec #coDedicated HostsPhysical machines run the virtual machines.
#hpDedicated InstancesRuns singly on a physical machine.

The following table lists other concepts in this section: 

DomainConceptExplanation
#sec #res #hp #coAmazon Machine Image (AMI)• Blueprint with server configuration details
• AMI launch permissions:
- Public: Anyone
- Explicit: Specified
- Implicit: Owner
#coHardware Virtual Machine (HVM) AMIFully virtualizes the hardware.
#coParavirtual (PV) AMIRuns on hosts without specific support for virtualization.

Compute Services Management

AWS supports up-and-running instances in the following ways:

DomainConceptExplanation
#secSecurity GroupsNetwork Load Balancer (NLB) collection on which you enforce access control policies.
#res #hpElastic Container Service (ECS)Allows you to run Docker containers without virtual machine builds.
#resElastic BeanstalkAutomatically handles the deployment details of an uploaded application.
#res #hp #coAdvanced EC2 management methods• Resource optimization recommendations
• Host recovery
• Traffic mirroring
#hpBatchEasily and efficiently runs batch computing jobs en masse.
Comparison Between Security Group and Network ACL

Identity and Access Management (IAM)

AWS IAM is a web service that helps you securely control access to AWS resources. It appears on every AWS exam, involving services taking on different IAM roles. A deep understanding of IAM will lay a solid foundation for the rest of your educational journey in AWS.

DomainConceptExplanation
#secUserPerson or service with permissions
#secGroupCollection of IAM users on which you manage permissions
#secRoleTemporary security credential
#secRoot user• Email address used to create the AWS subscription
• Capability to delete AWS account
#secAuthentication• Validation of credentials
• Credentials provide identity
• Single-factor
• Multi-factor
• Authentication of persons
• Authentication of processes
#secShared Responsibility Model- AWS provides security of the cloud.
- You provide security in the cloud.
#secIdentity-based authorization policiesUsed with users, groups, or roles.
#secResource-based authorization policiesUsed for cross-account access (multiple AWS accounts and subscriptions).
#secKey RotationThe recurring creation of new access keys to replace the ones in use.
#secCloudTrailLogging services
- Governance
- Compliance
- Auditing
Event histories
- Management Console
- AWS SDK
- Command line
- Additional AWS services
How AWS CloudTrail Works

Auto Scaling Solutions

This section is about AWS’s built-in dynamic scaling capabilities for your instances there.

How AWS Auto Scaling Works
How AWS Auto Scaling Works
DomainConceptExplanation
#res #hp #coAuto Scaling GroupsCollection of instances with similar characteristics.
#res #hpScaling outAdding instances.
#res #hpScaling inRemoving instances.
#hp #coAuto Scaling termination policiesControl the instances you prefer to terminate first.
#res #hp #coLoad balancing categories• Sender initiated
• Receiver initiated
#res #hp #coLoad balancing algorithms• Round robin
• Randomized
• Centrally managed
• Threshold-based
#res #hp #coElastic Load Balancing (ELB)Automatic web traffic distribution system.

Virtual Network Services

Here’s what you need to know about networking in the AWS cloud environment.

DomainConceptExplanation
#sec #res #coDNS (Domain Name System)Provides name to IP address mapping.
#resRoute 53Amazon DNS service.
#secAccess Control List (ACL)Rules that allow or deny access to a system. Also see NACL.
#sec #coFlow LogAllows you to log traffic flows at network interfaces in your VPC.

AWS Application Deployment

A fantastic aspect of AWS is its serverless architecture, as exemplified by its Lambda and API Gateway services.

DomainConceptExplanation
#res #hpServerless architectureTransfers data and processes functions across the cloud without instances.
#secReference ArchitecturesExamples:
- HIPAA
- PCI-DSS
- UK-OFFICIAL
#res #hpLambdaAWS compute service that runs code without servers.
#res #hpAPI GatewayAPI management in the cloud.
#sec #res #hp #coCross-Origin Resource Sharing (CORS)Allow client web applications loaded in one domain to interact with resources in a different domain.
#sec #hpKinesisProcesses streaming data with real-time analytics.
#res #hp #coCloudFrontAmazon’s Content delivery network (CDN).
#secWeb Application Firewall (WAF)Controls access to HTTP and HTTPS servers.
#res #hpSimple Queue Service (SQS)Breaks applications into separate processing tasks which, combined, give the complete solution.
#res #hpSimple Notification Service (SNS)Paging in the cloud.
#resSimple Workflow (SWF)Defines the sequence of events required to achieve a workflow in decoupled applications.
#resStep FunctionsReplacement for SWF.
#secCognitoUser identity and data synchronization service.
#hpElastic MapReduce (EMR)Distributes processing across user-defined clusters, pulls data from S3 buckets, and uses EC2 instances.
#resCloudFormationUses templates to build entire solutions in AWS rapidly.
#sec #resCloudWatchMonitors the cloud and on-premises systems.
#sec #coTrusted AdvisorScans the AWS cloud for recommendations on security and other issues.
#sec #coAWS OrganizationsCentralized management interface for AWS accounts.

AWS Database Design

Here are some essential concepts for designing secure databases on AWS.

DomainConceptExplanation
#res #hp #coRelational Database Service (RDS)Quickly and easily launch relational databases such as:
- Aurora MySQL
- Aurora PostgreSQL
- Oracle
- SQL Server
- MySQL
- PostgreSQL
- MariaDB
#res #hpFlat file databasesOne line per record.
#res #hpRelational databasesUnique identifiers connect tables containing data.
#sec #res #hp #coRedshiftData warehouse database optimized for Online Analytical Processing (OLAP).
#res #hp #coDynamoDBNon-relational database on AWS.
#hp #coNormalizationProcess for evaluating and correcting relational database structures in stages called normal forms (NF).
#hp #coDatabase hosting methods- EC2 instance-based
- AWS service-based
#hp #coHigh availability solutions- Clustering
- Standby instances
- Single AZ deployment
- Multiple AZ deployment
#hp #coRead replicaA read-only copy of the database offloads read-only traffic from the maindatabase.
#secAt rest encryption of RDS databasesEnable upon creation or manually upon recovery.
#secComplianceExternal (what)
- Government regulations
- Industry requirements
- Partner agreements
#secPolicyInternal (how)
- Data creation
- Data management
- Data destruction
#secBackupsCentrally manage and automate backups across AWS services and third-party applications.

Operational Excellence With AWS

Getting the best performance at the lowest cost is the hallmark of a great AWS Certified Solutions Architect. This section covers relevant concepts.

Choosing Performant Storage on AWS
DomainConceptExplanation
#coWell‐Architected Framework• Operational Excellence
• Security
• Reliability
• Performance Efficiency
• Cost Optimization
#coOperational Excellence Process• Prepare
• Operate
• Evolve
#coPrepare• Understand workloads and expected behaviors
• Considerations
• Operational priorities
• Design for operations
• Operational readiness
#coOperate• Monitor
• Environment health
• Discover business and technical insights
• Respond
• Security
• Reliability
• Performance
• Cost
#coEvolve• Learn from experience
• Share learning
• Improve
• Scale
#resResilient Design• Provides reliability
• Automation
• Recovery
• Scaling
• Backups
• Automatic recovery from failures
• Data recovery from effective backup plans
#hpPerformant Design• Consume advanced technologies managed in the cloud
• Deploy to multiple regions
• Use serverless architectures
• Experiment with game days
#secSecure Design• Implement a strong identity foundation
• Enable traceability
• Apply security at all layers
• Automate security best practices
• Protect data in transit and at rest
#coCost Optimization• Consumption model
• Measure overall efficiency
• Stop spending on data center operations
• Analyze and attribute expenditure
• Use managed services

Conclusion

As you can see, the AWS Certified Solutions Architect Associate certification helps prove to employers your competence in using AWS services like a pro. 

This AWS Solutions Architect Associate cheat sheet gives you an overview of key AWS topics to remember, but we also offer a complete course—listed below—to help you prepare for the AWS Certified Solutions Architect Associate exam. 

Don’t forget to check out our StationX Membership to access a wide range of cloud computing, security, and related courses. 

No matter how you prepare for the AWS Certified Solutions Architect Associate exam, we wish you great success and a bright future!

Frequently Asked Questions

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Cassandra Lee

    Cassandra is a writer, artist, musician, and technologist who makes connections across disciplines: cyber security, writing/journalism, art/design, music, mathematics, technology, education, psychology, and more. She's been a vocal advocate for girls and women in STEM since the 2010s, having written for Huffington Post, International Mathematical Olympiad 2016, and Ada Lovelace Day, and she's honored to join StationX. You can find Cassandra on LinkedIn and Linktree.

>