If you’re aiming for the Amazon Web Services (AWS) Certified Solutions Architect Associate certification, you’ve made a brilliant decision.
Given the sheer amount of study materials, the difficulty of this exam, and the limited time you’ll have to prepare, it can be challenging to decide which AWS Certified Solutions Architect Associate items are the most important to review.
If you’re in this situation, our AWS Solutions Architect Associate cheat sheet will be convenient as both an overview and a refresher.
It goes over AWS compute, networking, storage, database, deployment, and management services and how they integrate into the exam.
Keep this AWS Solutions Architect cheat sheet handy by downloading it here.
If you’re ready, let’s dive in.
About AWS Solutions Architect
The AWS Certified Solutions Architect - Associate exam (SAA-C03) is a single test comprising 65 questions. The question formats are multiple-choice and multiple-response, and the exam lasts 130 minutes and has four domains:
- Design Secure Architectures (30%)
- Design Resilient Architectures (26%)
- Design High-Performing Architectures (24%)
- Design Cost-Optimized Architectures (20%)
The exam has no prerequisites, but familiarity with basic programming concepts and at least a year of hands-on experience designing cloud solutions that use AWS services would be an advantage.
Knowledge of AWS Cloud Practitioner also helps, and the passing score is 720 out of 1000. Each exam attempt costs $150 USD.
Although AWS Solutions Architect Associate isn’t a vendor-neutral certification, mastering the cloud computing services it encompasses will help you make the most out of AWS.
It is popular among many large companies such as Facebook, Netflix, Adobe, and BBC, and that’s what makes it such an in-demand certification in cloud computing.
- About AWS Solutions Architect
- AWS Solutions Architect Associate Domains
- AWS Solutions Architect Associate Cheat Sheet Search
- AWS Foundations and Services
- AWS Security and Costs
- AWS Cloud Services Overview
- AWS Storage Design
- Virtual Private Cloud (VPC)
- Compute Services Design
- Compute Services Implementation
- Compute Services Management
- Identity and Access Management (IAM)
- Auto Scaling Solutions
- Virtual Network Services
- AWS Application Deployment
- AWS Database Design
- Operational Excellence With AWS
- Conclusion
- Frequently Asked Questions
AWS Solutions Architect Associate Domains
This AWS Solutions Architect Associate cheat sheet arranges concepts to align with our AWS Solutions Architect course subtopics. Diagrams put concepts into a visual form, and tables compartmentalize information.
Here’s a key to finding items by domain:
Hashtag (remember to type the # symbol) | Domain |
#sec | Design Secure Architectures (30%) |
#res | Design Resilient Architectures (26%) |
#hp | Design High-Performing Architectures (24%) |
#co | Design Cost-Optimized Architectures (20%) |
AWS Solutions Architect Associate Cheat Sheet Search
Search our AWS Solutions Architect Associate cheat sheet to find the right cheat for the term you're looking for. Simply enter the term in the search bar and you'll receive the matching cheats available.
AWS Foundations and Services
Here are basic terms in AWS that recur throughout our cheat sheet:
Domain | Concept | Explanation |
#sec #res #hp #co | Region | Separate geographic area that AWS serves. |
#sec #res #hp #co | Availability Zone (AZ) | Multiple isolated locations in each Region. |
#sec #res #hp #co | Management Console | For managing and monitoring users, services, health, and billing. |
#sec #res #hp #co | AWS Direct Connect | An alternative to using the internet to connect to AWS. |
AWS Security and Costs
This section concerns who you allow to access your AWS services and how much it costs to use AWS.
Domain | Concept | Explanation |
#sec | Identity and Access Management (IAM) | Fine-grained access control system across all of AWS. |
#sec | Key Management Service (KMS) | For data encryption, to centrally manage and securely store your encryption keys. |
#co | Budgets | For setting budget alerts for your budgeted cost or usage amount. |
#co | Cost Explorer | Explore AWS costs and usage at high and detailed levels of analysis. |
AWS Cloud Services Overview
The following table is about cloud computing on AWS.
Domain | Concept | Explanation |
#hp | Infrastructure as a Service (IaaS) | Provides access to an AWS global network, computers (virtual or on dedicated hardware), and data storage space. |
#hp | Platform as a Service (PaaS) | Provides supporting infrastructure, usually hardware and operating systems, to allow users to focus on deploying and managing applications. |
#hp | Software as a Service (SaaS) | The service provider runs and manages a completed product for end users. |
AWS Storage Design
We must know what storage services are available with AWS to choose the ones that best fulfill our needs.
Domain | Concept | Explanation |
#sec #res #hp #co | Simple Storage Service (S3) | Object-level storage in the cloud. Objects are files. |
#sec #res #hp #co | Glacier | For archival data (cold). |
#sec #res #hp #co | CloudFront | To bring data closer to end users. |
#sec #res #hp #co | Elastic Block Store (EBS) | Block-level, for rapid-access data (hot). |
#sec #res #hp #co | Storage Gateway | Quasi-VPN connection into the Amazon Cloud for data retrieval. |
#sec #res #hp #co | Snow family (Snowball, Snowball Edge, Snowmobile) | For mass data migration to the cloud. |
Virtual Private Cloud (VPC)
A VPC is your personal data center in the AWS cloud.
Domain | Concept | Explanation |
#sec #hp #co | Elastic IP Addresses (EIPs) | Public IP addresses from the VPC Region. |
#sec #hp #co | Elastic Network Interfaces (ENIs) | Virtual network interface attached to an instance. |
#sec #hp #co | Endpoints | AWS endpoints connect VPCs to different AWS services. |
#sec #hp #co | VPC Peering | Connects one VPC to another non-transitively. |
#sec #hp #co | Security Group | • Acts like a firewall • Defines allowed traffic flows - Ingress (entrance) - Egress (exit) • Implicit deny |
#sec #hp #co | Network Access Control Lists (NACLs) | • Applied on subnets • Stateless processing • Supports allow and deny rules |
#sec #hp #co | Network Address Translation (NAT) | Translates between private IP addresses and public IP addresses |
#sec #hp #co | Virtual Private Gateway (VPG) | • Connects local networks to the VPC • VPG is the VPN concentrator |
#sec #hp #co | Customer Gateway (CGW) | Physical device or software application that connects to the VPG. |
Compute Services Design
This section focuses on EC2 and how to use AWS to perform computing operations on data stored in the AWS cloud.
Domain | Concept | Explanation |
#sec #res #hp #co | Elastic Compute Cloud (EC2) | Virtual machine in the cloud |
#hp #co | EC2 Instance Types | • General Purpose • Compute Optimized • Memory Optimized • Storage Optimized • Advanced Computing |
#hp #co | General Purpose: T2, M5, M4, and M3 | • T2 provides burst performance • M5, M4, and M3 have no burst option - Good for development, staging, etc. |
#hp #co | Compute Optimized: C5, C4, and C3 | Useful for CPU- intensive applications - Media coding - Intensive batch jobs - Many concurrent users - Gaming servers - Anything compute-intensive |
#hp #co | Memory Optimized: X1e, X1, R4, and R3 | Useful for high memory requirements - Processing large data sets - In-memory databases - Big data processing |
#hp #co | Storage Optimized: H1, I3, and D2 | Useful for high sequential read/writes to local storage - Relational databases - Data warehousing - Image storage and processing |
#hp #co | Advanced Computing: P3, P2, G3, and F1 | Useful for specialty hardware compute requirements - Graphic Processing Unit (GPU) - Field Programmable Gate Array (FPGA) |
#co | EC2 Pricing Categories | • On-demand • Reserved • Spot |
#res #co | EBS Considerations | Persistent block storage. |
#hp #co | Compute Optimizer | AWS tool to reduce costs and improve performance. |
Compute Services Implementation
This section is about how to get EC2 instances up and running and various other considerations.
The table below lists considerations with pros and cons:
Domain | Concept | Explanation |
#co | Shared Tenancy | Multiple instances on a physical machine. |
#sec #co | Dedicated Hosts | Physical machines run the virtual machines. |
#hp | Dedicated Instances | Runs singly on a physical machine. |
The following table lists other concepts in this section:
Domain | Concept | Explanation |
#sec #res #hp #co | Amazon Machine Image (AMI) | • Blueprint with server configuration details • AMI launch permissions: - Public: Anyone - Explicit: Specified - Implicit: Owner |
#co | Hardware Virtual Machine (HVM) AMI | Fully virtualizes the hardware. |
#co | Paravirtual (PV) AMI | Runs on hosts without specific support for virtualization. |
Compute Services Management
AWS supports up-and-running instances in the following ways:
Domain | Concept | Explanation |
#sec | Security Groups | Network Load Balancer (NLB) collection on which you enforce access control policies. |
#res #hp | Elastic Container Service (ECS) | Allows you to run Docker containers without virtual machine builds. |
#res | Elastic Beanstalk | Automatically handles the deployment details of an uploaded application. |
#res #hp #co | Advanced EC2 management methods | • Resource optimization recommendations • Host recovery • Traffic mirroring |
#hp | Batch | Easily and efficiently runs batch computing jobs en masse. |
Identity and Access Management (IAM)
AWS IAM is a web service that helps you securely control access to AWS resources. It appears on every AWS exam, involving services taking on different IAM roles. A deep understanding of IAM will lay a solid foundation for the rest of your educational journey in AWS.
Domain | Concept | Explanation |
#sec | User | Person or service with permissions |
#sec | Group | Collection of IAM users on which you manage permissions |
#sec | Role | Temporary security credential |
#sec | Root user | • Email address used to create the AWS subscription • Capability to delete AWS account |
#sec | Authentication | • Validation of credentials • Credentials provide identity • Single-factor • Multi-factor • Authentication of persons • Authentication of processes |
#sec | Shared Responsibility Model | - AWS provides security of the cloud. - You provide security in the cloud. |
#sec | Identity-based authorization policies | Used with users, groups, or roles. |
#sec | Resource-based authorization policies | Used for cross-account access (multiple AWS accounts and subscriptions). |
#sec | Key Rotation | The recurring creation of new access keys to replace the ones in use. |
#sec | CloudTrail | Logging services - Governance - Compliance - Auditing Event histories - Management Console - AWS SDK - Command line - Additional AWS services |
Auto Scaling Solutions
This section is about AWS’s built-in dynamic scaling capabilities for your instances there.
Domain | Concept | Explanation |
#res #hp #co | Auto Scaling Groups | Collection of instances with similar characteristics. |
#res #hp | Scaling out | Adding instances. |
#res #hp | Scaling in | Removing instances. |
#hp #co | Auto Scaling termination policies | Control the instances you prefer to terminate first. |
#res #hp #co | Load balancing categories | • Sender initiated • Receiver initiated |
#res #hp #co | Load balancing algorithms | • Round robin • Randomized • Centrally managed • Threshold-based |
#res #hp #co | Elastic Load Balancing (ELB) | Automatic web traffic distribution system. |
Virtual Network Services
Here’s what you need to know about networking in the AWS cloud environment.
Domain | Concept | Explanation |
#sec #res #co | DNS (Domain Name System) | Provides name to IP address mapping. |
#res | Route 53 | Amazon DNS service. |
#sec | Access Control List (ACL) | Rules that allow or deny access to a system. Also see NACL. |
#sec #co | Flow Log | Allows you to log traffic flows at network interfaces in your VPC. |
AWS Application Deployment
A fantastic aspect of AWS is its serverless architecture, as exemplified by its Lambda and API Gateway services.
Domain | Concept | Explanation |
#res #hp | Serverless architecture | Transfers data and processes functions across the cloud without instances. |
#sec | Reference Architectures | Examples: - HIPAA - PCI-DSS - UK-OFFICIAL |
#res #hp | Lambda | AWS compute service that runs code without servers. |
#res #hp | API Gateway | API management in the cloud. |
#sec #res #hp #co | Cross-Origin Resource Sharing (CORS) | Allow client web applications loaded in one domain to interact with resources in a different domain. |
#sec #hp | Kinesis | Processes streaming data with real-time analytics. |
#res #hp #co | CloudFront | Amazon’s Content delivery network (CDN). |
#sec | Web Application Firewall (WAF) | Controls access to HTTP and HTTPS servers. |
#res #hp | Simple Queue Service (SQS) | Breaks applications into separate processing tasks which, combined, give the complete solution. |
#res #hp | Simple Notification Service (SNS) | Paging in the cloud. |
#res | Simple Workflow (SWF) | Defines the sequence of events required to achieve a workflow in decoupled applications. |
#res | Step Functions | Replacement for SWF. |
#sec | Cognito | User identity and data synchronization service. |
#hp | Elastic MapReduce (EMR) | Distributes processing across user-defined clusters, pulls data from S3 buckets, and uses EC2 instances. |
#res | CloudFormation | Uses templates to build entire solutions in AWS rapidly. |
#sec #res | CloudWatch | Monitors the cloud and on-premises systems. |
#sec #co | Trusted Advisor | Scans the AWS cloud for recommendations on security and other issues. |
#sec #co | AWS Organizations | Centralized management interface for AWS accounts. |
AWS Database Design
Here are some essential concepts for designing secure databases on AWS.
Domain | Concept | Explanation |
#res #hp #co | Relational Database Service (RDS) | Quickly and easily launch relational databases such as: - Aurora MySQL - Aurora PostgreSQL - Oracle - SQL Server - MySQL - PostgreSQL - MariaDB |
#res #hp | Flat file databases | One line per record. |
#res #hp | Relational databases | Unique identifiers connect tables containing data. |
#sec #res #hp #co | Redshift | Data warehouse database optimized for Online Analytical Processing (OLAP). |
#res #hp #co | DynamoDB | Non-relational database on AWS. |
#hp #co | Normalization | Process for evaluating and correcting relational database structures in stages called normal forms (NF). |
#hp #co | Database hosting methods | - EC2 instance-based - AWS service-based |
#hp #co | High availability solutions | - Clustering - Standby instances - Single AZ deployment - Multiple AZ deployment |
#hp #co | Read replica | A read-only copy of the database offloads read-only traffic from the maindatabase. |
#sec | At rest encryption of RDS databases | Enable upon creation or manually upon recovery. |
#sec | Compliance | External (what) - Government regulations - Industry requirements - Partner agreements |
#sec | Policy | Internal (how) - Data creation - Data management - Data destruction |
#sec | Backups | Centrally manage and automate backups across AWS services and third-party applications. |
Operational Excellence With AWS
Getting the best performance at the lowest cost is the hallmark of a great AWS Certified Solutions Architect. This section covers relevant concepts.
Domain | Concept | Explanation |
#co | Well‐Architected Framework | • Operational Excellence • Security • Reliability • Performance Efficiency • Cost Optimization |
#co | Operational Excellence Process | • Prepare • Operate • Evolve |
#co | Prepare | • Understand workloads and expected behaviors • Considerations • Operational priorities • Design for operations • Operational readiness |
#co | Operate | • Monitor • Environment health • Discover business and technical insights • Respond • Security • Reliability • Performance • Cost |
#co | Evolve | • Learn from experience • Share learning • Improve • Scale |
#res | Resilient Design | • Provides reliability • Automation • Recovery • Scaling • Backups • Automatic recovery from failures • Data recovery from effective backup plans |
#hp | Performant Design | • Consume advanced technologies managed in the cloud • Deploy to multiple regions • Use serverless architectures • Experiment with game days |
#sec | Secure Design | • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data in transit and at rest |
#co | Cost Optimization | • Consumption model • Measure overall efficiency • Stop spending on data center operations • Analyze and attribute expenditure • Use managed services |
Conclusion
As you can see, the AWS Certified Solutions Architect Associate certification helps prove to employers your competence in using AWS services like a pro.
This AWS Solutions Architect Associate cheat sheet gives you an overview of key AWS topics to remember, but we also offer a complete course—listed below—to help you prepare for the AWS Certified Solutions Architect Associate exam.
Don’t forget to check out our StationX Membership to access a wide range of cloud computing, security, and related courses.
No matter how you prepare for the AWS Certified Solutions Architect Associate exam, we wish you great success and a bright future!