Skip to main content

AWS Certification Preparation Guide

Comprehensive preparation guide for AWS certifications, covering foundational to professional levels. This guide consolidates study materials, practice questions, and exam strategies.

AWS Certification Overview

CertificationLevelDurationQuestionsCostFormat
Cloud Practitioner (CLF-C02)Foundational90 min65$100Multiple Choice
Solutions Architect Associate (SAA-C03)Associate130 min65$150Multiple Choice
Developer Associate (DVA-C02)Associate130 min65$150Multiple Choice
SysOps Administrator Associate (SOA-C02)Associate130 min65$150Multiple Choice
Solutions Architect Professional (SAP-C02)Professional180 min75$300Multiple Choice
DevOps Engineer Professional (DOP-C02)Professional180 min75$300Multiple Choice

Cloud Practitioner (CLF-C02)

The Cloud Practitioner exam is the foundational certification, ideal for those new to AWS. It tests basic cloud concepts and AWS service knowledge.

Exam Domains and Weights

DomainWeightTopics
Cloud Concepts24%Cloud models, advantages, types of cloud computing
Security and Compliance30%Shared responsibility, IAM, compliance, data protection
Cloud Technology and Services34%Core services (EC2, S3, RDS, Lambda, etc.)
Billing, Pricing, and Support12%Pricing models, cost optimization, support plans

Key Topics by Domain

Domain 1: Cloud Concepts (24%)

  • Cloud computing models (public, private, hybrid)
  • Benefits of cloud (scalability, flexibility, cost)
  • Types of cloud services: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS)
  • AWS Global Infrastructure (regions, availability zones, edge locations)

Domain 2: Security and Compliance (30%)

  • AWS Shared Responsibility Model
  • Identity and Access Management (IAM) basics
  • Data encryption (at rest and in transit)
  • Network security (security groups, NACLs)
  • Compliance and governance frameworks

Domain 3: Cloud Technology and Services (34%)

  • Compute: EC2, Lambda, Elastic Beanstalk
  • Storage: S3, EBS, EFS, Glacier
  • Database: RDS, DynamoDB, ElastiCache
  • Networking: VPC, CloudFront, Route 53
  • Application services: SNS, SQS, SES
  • Developer tools: CodeCommit, CodeBuild, CodeDeploy

Domain 4: Billing, Pricing, and Support (12%)

  • AWS Pricing models (on-demand, reserved, spot)
  • Cost optimization strategies
  • AWS Budgets and Cost Explorer
  • Support plans (Basic, Developer, Business, Enterprise)

Practice Questions: Cloud Practitioner

Question 1: A company is planning to migrate from on-premises data centers to AWS. Which cloud deployment model would provide the most flexibility while maintaining some on-premises infrastructure?

  • A) Public cloud
  • B) Private cloud
  • C) Hybrid cloud
  • D) Multi-cloud

Answer: C) Hybrid cloud Explanation: Hybrid cloud combines on-premises and cloud resources, providing flexibility while maintaining local infrastructure. This is ideal for phased migrations.

Question 2: What is the AWS Shared Responsibility Model?

  • A) AWS is responsible for all security
  • B) Customers are responsible for all security
  • C) AWS handles infrastructure security; customers handle application and data security
  • D) Responsibility is split 50/50

Answer: C) AWS handles infrastructure security; customers handle application and data security Explanation: AWS secures the infrastructure; customers are responsible for securing their data, applications, IAM, and configuration.

Question 3: Which AWS service provides a fully managed relational database?

  • A) DynamoDB
  • B) RDS
  • C) ElastiCache
  • D) Redshift

Answer: B) RDS Explanation: Amazon RDS (Relational Database Service) is fully managed, handling patches, backups, and maintenance automatically.

Question 4: A startup wants the lowest cost for a web application with predictable traffic. Which pricing model should they choose?

  • A) On-Demand
  • B) Spot Instances
  • C) Reserved Instances
  • D) Dedicated Hosts

Answer: C) Reserved Instances Explanation: Reserved Instances provide up to 72% discount for predictable workloads with 1 or 3-year commitments.

Question 5: What does IAM stand for and what is its primary purpose?

  • A) Infrastructure as Management; managing cloud resources
  • B) Identity and Access Management; controlling who can access AWS resources
  • C) Internet Access Management; managing network access
  • D) Infrastructure Automated Management; automating deployments

Answer: B) Identity and Access Management; controlling who can access AWS resources Explanation: IAM enables you to create users, groups, and roles with specific permissions to AWS resources.

Question 6: Which AWS service is a content delivery network (CDN)?

  • A) CloudFormation
  • B) CloudFront
  • C) CloudWatch
  • D) CloudTrail

Answer: B) CloudFront Explanation: CloudFront caches content at edge locations worldwide, improving performance and reducing latency.

Question 7: An application needs temporary credentials for EC2 instances to access S3. What should be used?

  • A) IAM Users
  • B) Access Keys
  • C) IAM Roles
  • D) Security Groups

Answer: C) IAM Roles Explanation: IAM Roles provide temporary credentials and are the recommended way for EC2 instances to access other AWS services.

Question 8: What is the primary benefit of using Auto Scaling?

  • A) Reduces application latency
  • B) Automatically adjusts capacity based on demand
  • C) Encrypts all data
  • D) Improves database performance

Answer: B) Automatically adjusts capacity based on demand Explanation: Auto Scaling launches or terminates instances based on metrics like CPU utilization, maintaining performance and controlling costs.

Question 9: Which storage service can be accessed from on-premises and should be used for frequently accessed file data?

  • A) Amazon Glacier
  • B) AWS Storage Gateway
  • C) Amazon S3
  • D) Amazon EBS

Answer: B) AWS Storage Gateway Explanation: Storage Gateway provides on-premises access to cloud storage, bridging hybrid environments.

Question 10: A company needs to ensure business continuity if a primary AWS region fails. What should they implement?

  • A) Auto Scaling in one region
  • B) CloudFront distribution
  • C) Multi-region deployment
  • D) Increased instance sizes

Answer: C) Multi-region deployment Explanation: Multi-region deployment ensures that if one region becomes unavailable, services continue in other regions.

Question 11: What is AWS Lambda?

  • A) A container orchestration service
  • B) A serverless compute service where you pay per execution
  • C) A virtual machine service
  • D) A database service

Answer: B) A serverless compute service where you pay per execution Explanation: Lambda lets you run code without provisioning servers, charging only for execution time.

Question 12: Which support plan includes access to AWS Trusted Advisor and architectural guidance?

  • A) Basic
  • B) Developer
  • C) Business
  • D) Enterprise

Answer: C) Business Explanation: The Business support plan includes full Trusted Advisor checks and architectural guidance.

Question 13: What is the primary purpose of VPC (Virtual Private Cloud)?

  • A) Validate Public Cloud resources
  • B) Create an isolated network environment in AWS
  • C) Version control for cloud applications
  • D) Virtual Personal Computing

Answer: B) Create an isolated network environment in AWS Explanation: A VPC provides network isolation, allowing you to define subnets, route tables, and security policies.

Question 14: Which of the following is a best practice for password management in AWS?

  • A) Store passwords in EC2 user data
  • B) Use IAM and AWS Secrets Manager
  • C) Hardcode credentials in application code
  • D) Share credentials through email

Answer: B) Use IAM and AWS Secrets Manager Explanation: AWS Secrets Manager securely stores and rotates credentials, integrating with IAM for access control.

Question 15: What is the main advantage of AWS Organizations?

  • A) Manages billing across multiple AWS accounts
  • B) Provides a user interface for AWS services
  • C) Compresses data in storage
  • D) Improves network performance

Answer: A) Manages billing across multiple AWS accounts Explanation: AWS Organizations enables centralized management of multiple accounts, consolidated billing, and policy enforcement.

Solutions Architect Associate (SAA-C03)

The Solutions Architect Associate exam validates the ability to design AWS solutions. It covers secure, resilient, performant, and cost-optimized architectures.

Exam Domains and Weights

DomainWeightFocus
Design Secure Architectures30%IAM, encryption, network security, data protection
Design Resilient Architectures26%High availability, disaster recovery, auto-scaling
Design High-Performing Architectures24%Optimization, caching, databases, networking
Design Cost-Optimized Architectures20%Cost reduction, resource optimization, pricing

Key Topics by Domain

Domain 1: Design Secure Architectures (30%)

  • IAM policies, roles, and resource-based policies
  • Data encryption (KMS, SSL/TLS)
  • Secrets management
  • Network segmentation (VPC, subnets, NACLs)
  • VPN and Direct Connect
  • Web Application Firewall (WAF)
  • DDoS protection (Shield, Shield Advanced)

Domain 2: Design Resilient Architectures (26%)

  • Multi-AZ deployments
  • Auto Scaling and load balancing (ALB, NLB)
  • RDS Multi-AZ and read replicas
  • DynamoDB global tables
  • Backup and recovery strategies
  • Route 53 health checks and failover
  • Event-driven architectures

Domain 3: Design High-Performing Architectures (24%)

  • Choosing appropriate compute services
  • Database optimization and indexing
  • Caching strategies (ElastiCache, CloudFront)
  • Content delivery and edge computing
  • Networking optimization (VPC endpoints, CloudFront)
  • Monitoring and performance metrics

Domain 4: Design Cost-Optimized Architectures (20%)

  • Reserved Instances and Savings Plans
  • Spot Instances
  • Right-sizing instances
  • Storage optimization
  • Database cost optimization
  • Removing unused resources

Practice Questions: Solutions Architect Associate

Question 1: A company needs a highly available web application that auto-scales based on traffic. The application is stateless and serves dynamic content. Which architecture is most appropriate?

  • A) Single EC2 instance with EBS volume
  • B) EC2 instances behind an Application Load Balancer with Auto Scaling
  • C) Single RDS database with read replicas
  • D) Lambda functions with DynamoDB

Answer: B) EC2 instances behind an Application Load Balancer with Auto Scaling Explanation: ALB distributes traffic across instances, and Auto Scaling adds/removes instances based on demand. This is ideal for stateless applications.

Question 2: An application requires sub-millisecond latency for database queries. Which database service would provide the best performance?

  • A) RDS MySQL
  • B) DynamoDB with DynamoDB Accelerator (DAX)
  • C) Redshift
  • D) DocumentDB

Answer: B) DynamoDB with DynamoDB Accelerator (DAX) Explanation: DAX provides microsecond latency for DynamoDB queries by caching data in-memory.

Question 3: A company wants to ensure sensitive data is encrypted during transit and at rest. What combination should be used?

  • A) Security Groups only
  • B) TLS/SSL for transit and S3 encryption for rest
  • C) NACLs and Secrets Manager
  • D) VPN and key pairs

Answer: B) TLS/SSL for transit and S3 encryption for rest Explanation: TLS/SSL protects data during transmission; S3 server-side encryption (or KMS) protects data at rest.

Question 4: A multi-tier application requires Cross-AZ communication with minimal latency. What networking configuration is recommended?

  • A) Single VPC with subnets across multiple AZs
  • B) VPC peering across regions
  • C) Internet Gateway routing
  • D) NAT Gateway only

Answer: A) Single VPC with subnets across multiple AZs Explanation: Placing subnets in multiple AZs within the same VPC provides low-latency communication with automatic failover.

Question 5: A company wants to migrate a large database from on-premises to AWS with minimal downtime. What service should be used?

  • A) AWS DataSync
  • B) AWS Database Migration Service (DMS)
  • C) AWS Storage Gateway
  • D) AWS Snowball

Answer: B) AWS Database Migration Service (DMS) Explanation: DMS replicates data with minimal downtime, supporting heterogeneous databases (e.g., Oracle to RDS).

Question 6: An application processes thousands of image uploads daily. Processing is compute-intensive and can be delayed. What is the most cost-effective architecture?

  • A) Dedicated EC2 instances running continuously
  • B) Lambda with S3 events triggering image processing
  • C) EC2 Spot Instances with Auto Scaling based on queue depth
  • D) On-Demand instances with reserved capacity

Answer: C) EC2 Spot Instances with Auto Scaling based on queue depth Explanation: Spot Instances cost 70-90% less for interruptible workloads. Queue-based scaling ensures processing matches demand.

Question 7: A company wants disaster recovery with RPO (Recovery Point Objective) of 1 hour and RTO (Recovery Time Objective) of 4 hours. What strategy is appropriate?

  • A) Backup-and-restore
  • B) Warm standby
  • C) Pilot light
  • D) Multi-site active/active

Answer: B) Warm standby Explanation: Warm standby maintains scaled-down resources in a secondary region, enabling recovery within 4 hours with 1-hour data loss acceptable.

Question 8: An application requires session persistence across multiple EC2 instances. What is the recommended approach?

  • A) Store sessions in EC2 instance memory
  • B) Use ElastiCache for distributed session storage
  • C) Configure sticky sessions on the load balancer
  • D) Use local EBS volumes

Answer: B) Use ElastiCache for distributed session storage Explanation: ElastiCache (Redis/Memcached) enables session sharing across instances, supporting true horizontal scaling.

Question 9: A company processes log files stored in S3 and needs real-time analysis. Which service provides serverless SQL querying?

  • A) Athena
  • B) Redshift
  • C) RDS
  • D) EMR

Answer: A) Athena Explanation: Athena enables SQL queries directly on S3 data without provisioning servers, paying only per query.

Question 10: An application needs to store large files with infrequent access. What storage class minimizes costs?

  • A) S3 Standard
  • B) S3 Intelligent-Tiering
  • C) S3 Glacier Deep Archive
  • D) S3 One Zone-IA

Answer: C) S3 Glacier Deep Archive Explanation: Glacier Deep Archive offers the lowest cost for rarely accessed data with retrieval time in hours.

Question 11: A company wants to control access to specific S3 bucket operations. Should they use a bucket policy or IAM policy?

  • A) Only bucket policy
  • B) Only IAM policy
  • C) Either works equally
  • D) Use bucket policy for public access, IAM for principal-based access

Answer: D) Use bucket policy for public access, IAM for principal-based access Explanation: Bucket policies are resource-based and work for public/cross-account access; IAM policies control AWS principals.

Question 12: An application spans multiple regions. How should DynamoDB be configured for low-latency access globally?

  • A) Single table with cross-region replication
  • B) DynamoDB Global Tables
  • C) Separate tables per region with Lambda replication
  • D) CloudFront caching DynamoDB responses

Answer: B) DynamoDB Global Tables Explanation: Global Tables enable multi-region replication with automatic syncing and local read/write access.

Question 13: A company wants to reduce data transfer costs for inter-AWS communication. What should be used?

  • A) CloudFront
  • B) VPC Endpoints (Gateway or Interface)
  • C) Direct Connect
  • D) VPN connections

Answer: B) VPC Endpoints (Gateway or Interface) Explanation: VPC Endpoints route traffic privately within AWS, avoiding internet gateway charges and improving security.

Question 14: An organization needs to enforce encryption for all EBS volumes. What is the best approach?

  • A) Manually select encryption for each volume
  • B) Use AWS Config rules to audit and CloudFormation for new volumes
  • C) Enable EBS encryption by default in the account
  • D) Only encrypt production volumes

Answer: C) Enable EBS encryption by default in the account Explanation: This account-level setting automatically encrypts all new EBS volumes without manual intervention.

Question 15: A company runs batch processing jobs with variable resource requirements. What compute option provides the best cost efficiency?

  • A) On-Demand EC2
  • B) Reserved Instances
  • C) Spot Instances with On-Demand fallback
  • D) Dedicated Hosts

Answer: C) Spot Instances with On-Demand fallback Explanation: Spot Instances are 70-90% cheaper for interruptible workloads; fallback to On-Demand maintains availability.

SysOps Administrator Associate (SOA-C02)

The SysOps exam focuses on deployment, management, and operations of AWS systems.

Key Domains

DomainWeightTopics
System Manager and Monitoring18%CloudWatch, Systems Manager, monitoring
Reliability and Business Continuity16%Auto Scaling, RDS backup, disaster recovery
Deployment, Provisioning, Automation18%CloudFormation, CodeDeploy, Config
Security and Compliance16%IAM, encryption, audit logging
Networking, Content Delivery, DNS18%VPC, Route 53, CloudFront, load balancing
Performance Tuning, Optimization14%Right-sizing, caching, cost optimization

Key Topics

  • CloudWatch metrics, alarms, dashboards, and logs
  • AWS Systems Manager for patch management and automation
  • CloudFormation for infrastructure as code
  • Auto Scaling policies and lifecycle hooks
  • RDS backup strategies and Multi-AZ failover
  • AWS Config for compliance tracking
  • VPC configuration, security groups, NACLs
  • Route 53 routing policies (simple, weighted, latency-based, geolocation, failover)
  • CloudFront distributions and caching behaviors
  • Cost optimization and reserved capacity

Practice Questions: SysOps Administrator

Question 1: A company needs to monitor CPU utilization across 100 EC2 instances and automatically restart instances if CPU remains above 90% for 10 minutes. What combination of services is needed?

  • A) CloudWatch + Auto Scaling
  • B) CloudWatch + Systems Manager
  • C) CloudWatch alarms + Lambda
  • D) CloudWatch + EC2 Status Checks

Answer: C) CloudWatch alarms + Lambda Explanation: CloudWatch alarms can trigger Lambda functions to restart instances based on custom logic.

Question 2: How should AWS Systems Manager be used for patching a large fleet of EC2 instances?

  • A) Manually log in to each instance
  • B) Use Patch Manager for automated patching on a schedule
  • C) Store patches in S3 and copy manually
  • D) Use SSH to apply patches across instances

Answer: B) Use Patch Manager for automated patching on a schedule Explanation: Systems Manager Patch Manager automates patching across instances based on patch groups and schedules.

Question 3: A CloudFormation stack deployment failed. How can the stack be rolled back?

  • A) Manually delete resources
  • B) Use aws cloudformation cancel-update-stack or delete the stack for automatic rollback
  • C) Modify the template and update again
  • D) Restart the CloudFormation service

Answer: B) Use aws cloudformation cancel-update-stack or delete the stack for automatic rollback Explanation: CloudFormation automatically rolls back failed deployments to the previous stable state.

Question 4: An application requires database backups to be retained for 35 days. What RDS backup strategy achieves this?

  • A) Manual snapshots only
  • B) Automated backups with 35-day retention (within max 35 days)
  • C) Automated backups + periodic manual snapshots
  • D) Copy backups to another region

Answer: B) Automated backups with 35-day retention (within max 35 days) Explanation: RDS automated backups support retention up to 35 days, meeting the requirement.

Question 5: A company wants to ensure all S3 buckets have versioning enabled for compliance. What AWS service should monitor and report non-compliance?

  • A) CloudTrail
  • B) AWS Config
  • C) CloudWatch
  • D) AWS Trusted Advisor

Answer: B) AWS Config Explanation: AWS Config tracks resource configuration changes and compliance against rules, ideal for compliance auditing.

Solutions Architect Professional (SAP-C02)

The Professional exam covers advanced architecture patterns, organizational complexity, and large-scale solutions.

Key Focus Areas

  • Complex Multi-Tier Architectures: Designing applications with multiple layers, microservices, and interdependencies
  • Migration Strategies: Understanding the 6 R's framework (rehost, replatform, refactor, repurchase, retire, retain)
  • Cost Control at Scale: Managing costs across thousands of resources and multiple teams
  • High-Availability and Disaster Recovery: Multi-region, multi-AZ, and active/passive architectures
  • Organizational Complexity: Multiple teams, accounts, regions, and governance models
  • Security at Scale: Implementing security across enterprise environments with compliance requirements
  • Performance Optimization: Large-scale caching, database optimization, and network performance

Practice Questions: Solutions Architect Professional

Question 1: A multinational company wants to migrate a legacy monolithic application to AWS using the 6 R's framework. Which migration strategy involves purchasing a SaaS alternative?

  • A) Rehost
  • B) Replatform
  • C) Repurchase
  • D) Refactor

Answer: C) Repurchase Explanation: Repurchase involves switching to a different product, often a SaaS solution (e.g., replacing on-premises email with AWS WorkMail).

Question 2: An organization spans 10 AWS accounts across 3 regions with centralized logging. What is the recommended architecture for log aggregation?

  • A) Each account logs to its own CloudWatch Logs
  • B) All accounts stream logs to a centralized logging account via Kinesis
  • C) Use CloudTrail Organization Trail with S3 central bucket
  • D) Configure S3 cross-account replication for all logs

Answer: C) Use CloudTrail Organization Trail with S3 central bucket Explanation: CloudTrail Organization Trail centrally logs API activity from all accounts to a single S3 bucket.

Question 3: A company needs to implement a disaster recovery strategy with RPO of 15 minutes and RTO of 1 hour across regions. What architecture is most suitable?

  • A) Backup and restore with daily backups
  • B) Pilot light with database replication
  • C) Warm standby with cross-region failover
  • D) Multi-site active/active

Answer: C) Warm standby with cross-region failover Explanation: Warm standby maintains scaled-down resources in a secondary region, enabling 1-hour recovery with 15-minute replication lag.

Question 4: A large organization requires cost allocation across 15 teams managing shared infrastructure. What combination should be used?

  • A) CloudWatch metrics per team
  • B) AWS Cost Allocation Tags + Cost Explorer analysis
  • C) Separate AWS accounts per team
  • D) CloudFormation resource tagging only

Answer: B) AWS Cost Allocation Tags + Cost Explorer analysis Explanation: Cost allocation tags enable detailed cost breakdown by team, department, or project within Cost Explorer.

Question 5: An application with global users requires sub-100ms latency for API responses. What architecture achieves this?

  • A) Single region with CloudFront
  • B) Multi-region with API Gateway in each region and Route 53 latency-based routing
  • C) Single global RDS instance with read replicas
  • D) ElastiCache in a single AZ

Answer: B) Multi-region with API Gateway in each region and Route 53 latency-based routing Explanation: Multi-region deployment with latency-based DNS routing ensures users connect to the nearest API endpoint.

General Exam Tips and Strategies

15+ Exam Strategies

  1. Elimination Strategy: Eliminate obviously wrong answers first. In AWS exams, answers often include distractors (services that sound relevant but don't fit).

  2. Read the ENTIRE Question: Don't stop at the first sentence. AWS questions often have crucial details in the latter half (e.g., "...with minimal operational overhead...").

  3. Watch for Key Keywords:

    • "Most cost-effective" → Spot Instances, Reserved Instances, or serverless
    • "Least operational overhead" → Serverless (Lambda, Managed services)
    • "Highest availability" → Multi-AZ, multi-region, Auto Scaling
    • "Minimal latency" → CloudFront, DAX, ElastiCache
    • "Compliance" → AWS Config, CloudTrail, encryption
    • "Secure" → VPC, security groups, NACLs, KMS, IAM

  4. Flag and Return: If a question takes too long, flag it mentally and move on. Return to it with remaining time.

  5. Time Management:

    • Cloud Practitioner: ~1.4 min per question (90 min / 65 Q)
    • Associate exams: ~2 min per question (130 min / 65 Q)
    • Professional: ~2.4 min per question (180 min / 75 Q)
    • Save 10-15 minutes for review

  6. Understand the Well-Architected Framework: AWS exams align with the Framework's five pillars:

    • Operational Excellence
    • Security
    • Reliability
    • Performance Efficiency
    • Cost Optimization

  7. Service Decision Trees: Know when to use what:

    • If it says "serverless" → Lambda, DynamoDB, Fargate, SQS/SNS
    • If it says "relational database" → RDS (MySQL, PostgreSQL, MariaDB, Oracle, SQL Server)
    • If it says "NoSQL" → DynamoDB or DocumentDB
    • If it says "data warehouse" → Redshift
    • If it says "real-time streaming" → Kinesis or Kafka

  8. Know the Differences: Study comparison matrices:

    • RDS vs DynamoDB vs Aurora
    • ECS vs EKS vs Fargate
    • CloudFormation vs CDK vs Terraform

  9. Price Optimization Mindset: In cost-optimization questions:

    • Reserved Instances (RI) > On-Demand (for predictable workloads)
    • Spot Instances > RI (for interruptible, non-critical workloads)
    • Savings Plans > RIs (for multi-service flexibility)
    • S3 Glacier > S3 Standard (for archival)

  10. Multi-AZ vs Multi-Region: Know the difference:

    • Multi-AZ: High availability within a region (synchronous replication)
    • Multi-Region: Disaster recovery across regions (asynchronous replication)

  11. Stateless Design: Most AWS questions favor stateless architectures → Use Auto Scaling, load balancing, managed databases.

  12. Managed vs Unmanaged: Always prefer managed services when available:

    • RDS > EC2 + MySQL
    • DynamoDB > EC2 + MongoDB
    • ElastiCache > EC2 + Redis
    • Lambda > EC2 (for event-driven workloads)

  13. Security First: If the answer includes encryption, VPC isolation, or IAM controls, it's likely correct for secure architecture questions.

  14. Avoid Over-Engineering: Don't choose overly complex solutions:

    • Don't use RDS for simple caching (use ElastiCache)
    • Don't use Kinesis for one-off events (use SNS/SQS)
    • Don't use multi-region for single-region requirements

  15. Practice Exams: Take at least 3-5 full-length practice exams. AWS offers free practice exams via AWS Skill Builder.

  16. Understand Failure Modes: Know what happens when components fail:

    • If an AZ fails → Multi-AZ deployments stay online
    • If a region fails → Need multi-region setup
    • If a database instance fails → RDS Multi-AZ auto-failover

  17. Review Weak Areas: After practice exams, spend extra time on domains where you score below 75%.

Study Resources

Official AWS Resources

ResourceTypeCostURL
AWS Skill BuilderTraining PlatformFree tier / Paidaws.amazon.com/skillbuilder
AWS Certified Cloud Practitioner - Official Study GuideeBook$40-50AWS Press via O'Reilly
AWS Architecture Learning PathsInteractive TrainingFreeaws.amazon.com/training
AWS Well-Architected FrameworkWhitepaperFreeaws.amazon.com/architecture/well-architected
AWS Certification Exam GuidesPDF GuidesFreeaws.amazon.com/certification

Third-Party Resources

ResourceTypeCostNotes
A Cloud GuruVideo Courses + Labs$30-40/monthHands-on labs included
Linux AcademyVideo Courses$35/monthCloudFormation and infrastructure focus
WhizlabsPractice Exams$10-20/examExcellent exam simulations
TutorialsDojoPractice Exams$10-15/examDetailed explanations
Adrian CantrillVideo Courses$12-15/courseComprehensive, exam-focused

Community Resources

  • AWS Certified Developer - Associate (DVA-C02) exam repo on GitHub
  • r/AWS subreddit for community discussions
  • AWS Forums for specific technical questions

Service Comparison Quick Reference

Use this section to quickly identify when to use each service.

Message Queuing: SQS vs SNS vs EventBridge vs Kinesis

ServicePatternUse CaseLatencyDelivery
SQSPoint-to-Point QueueAsync job processing, decoupling~100msAt-least-once
SNSPub/Sub MessagingFanout to multiple subscribers~10msAt-most-once
EventBridgeEvent RouterEvent-driven workflows, multi-service integration~1sAt-least-once
KinesisReal-Time StreamHigh-throughput data streaming, analytics~100msOrdered per shard

Decision Guide:

  • Need a queue for async work? → SQS
  • Need fanout to multiple services? → SNS
  • Need event-driven automation across services? → EventBridge
  • Need real-time streaming with high throughput? → Kinesis

Databases: RDS vs DynamoDB vs Aurora vs Redshift

DatabaseTypeScalingUse CaseLatency
RDSRelational (SQL)Vertical scaling, read replicasTraditional applications, transactions~5-50ms
AuroraRelational (SQL)Auto-scaling, multi-AZHigh performance, MySQL/PostgreSQL compatible~1-5ms
DynamoDBNoSQL (Key-Value)Horizontal auto-scalingWeb apps, mobile apps, high throughput~10ms
RedshiftData WarehouseMassive scale for analyticsOLAP, big data analytics, BI reports~100ms+

Decision Guide:

  • Need traditional SQL with low operational overhead? → Aurora
  • Need fully managed SQL database? → RDS
  • Need infinite horizontal scaling? → DynamoDB
  • Need to query terabytes of analytical data? → Redshift

Storage: S3 vs EBS vs EFS

StorageTypeAccessUse CasePricing
S3Object StorageHTTP/HTTPSData lakes, backups, static websitesPay-per-GB
EBSBlock StorageEC2 InstanceOperating system volumes, databasesPay-per-GB allocated
EFSFile SystemNFS ProtocolShared file systems, Big Data analyticsPay-per-GB used

Decision Guide:

  • Need scalable object storage? → S3
  • Need a volume for an EC2 instance? → EBS
  • Need shared file access from multiple instances? → EFS

Network Security: Security Groups vs NACLs

FeatureSecurity GroupsNACLs
LevelInstance levelSubnet level
StatefulYes (return traffic automatic)No (explicit rules for both directions)
ScopeEC2, RDS, etc.Subnets
RulesAllow only (no explicit deny)Allow and Deny
Typical UseInstance-level securityNetwork-wide policy

Decision Guide:

  • Need to restrict traffic to specific instances? → Security Groups
  • Need subnet-wide filtering? → NACLs

IAM: Roles vs Users vs Policies

FeatureIAM RoleIAM UserPolicy
Identity TypeTemporary identityPermanent identityPermissions
Access KeysOptional, short-livedPermanent access keysN/A
Use CaseEC2, Lambda, cross-accountHuman users, applicationsDefines permissions
Best PracticeUse for servicesUse for human loginsAttach to roles/users

Decision Guide:

  • Need to give EC2 access to S3? → IAM Role
  • Need to create a human user? → IAM User
  • Need to define permissions? → Policy (attach to role or user)

Infrastructure as Code: CloudFormation vs CDK vs Terraform

ToolLanguageLearning CurveAWS SupportMulticloud
CloudFormationYAML/JSONLowNative (built-in)AWS only
CDKPython/TypeScript/GoMediumFirst-party AWS toolAWS only
TerraformHCLMediumCommunity-supportedYes (AWS, Azure, GCP)

Decision Guide:

  • Need the easiest AWS-native option? → CloudFormation
  • Need programmatic infrastructure in TypeScript? → CDK
  • Need multicloud support? → Terraform

Next Steps

  1. Choose Your Certification Path: Start with Cloud Practitioner if new to AWS; jump to Solutions Architect Associate if you have foundational knowledge.

  2. Hands-On Labs: AWS Skill Builder and A Cloud Guru provide sandboxed environments to practice with real AWS services.

  3. Take Practice Exams: Use Whizlabs or TutorialsDojo exams to identify weak areas. Target 80%+ on practice exams before attempting the real exam.

  4. Study in Sprints: Plan 4-6 weeks of study:

    • Week 1-2: Learn fundamental services and domains
    • Week 3-4: Deep dive on weak domains
    • Week 5: Practice exams and review
    • Week 6: Final review and exam day

  5. Review the Well-Architected Framework: This is foundational to all AWS exams and real-world architecture.

  6. Join AWS Communities: Participate in AWS forums and subreddits to learn from others' questions and experiences.

Good luck with your AWS certification journey!