Some Tips I Found When Sitting the AWS Solution Architect Test

Not only for solution architect professional, it is basically for all kinds of AWS services related questions.

Some Experiences to Share

• Anything related to cost-efficient,
  • Have an eye an s3. S3 as a cheapest storage solution, you deserve to try it.
  • Serverless solution (lambda, Api gateway) can help you save too
  • Or try ECS Fargate, pay as you go, a Kubernetes like AWS solution
• Availability or reliability
  • keep an eye on LB, ECS, Serverless (API Gateway, Lambda, Dynamo), RDS Multi AZ, Aurora

• Unpredictable amount of data to store
  • You only have two options left, S3 or Dynamo (Aurora, RDS they both have a maximum amount)

• You want something realtime?
  • Try Kinesis
  • CloudWatch logs some times can work too, (but not cloud trail, there is always a minutes delay of cloud trail)

Some Tips

I hope you understand, the tips below cannot help you to pass a cert test or help you gain huge amount of cloud architect/development experience, but it can help to easily detect the options which make no sense.

• lambda should not be used for creating snapsot
• s3 galcier expected retrieval 1~5 minutes
• no source ip filter for s3
• nat gateway not support ipv4, egress-only does
• health check
  • 2xx 3xx
• autora can scale automatically, no other lambda or event
• athena, query s3 through sql
• ebs limit 16tb
• snowmobile > 10pb
• cloudtrail logs are not real time 5-15min delay
• aws config rule is for monitor
• cloudformation, stck policy is used for update
• dynamo no max size limit
• aurora 64tb
• ebs 16tb 20k iops (general is 10k)
• firehose is more expensive than stream
• WAF on cloudfront not for auto scal group
• AWS shield on route 53
• kinesis cannot stream data from s3, source cannot be s3, target can
• target group helath check need http/s alb
• sqs worker can be another region
• DMS, by default engine will be innodb
• cannot update a sqs queue to fifo, if want, you have to delete then recreate one
• cognito identiy pool can use for auth aws resource, user pools just a users directory
• AWSBasePatch not AWS Windows Patch
• instacne can bem oved in a placementgroup without termination
• if want service limit from cloud watch you need aws business support plan
• certificate for elb cannot be cross region
• rds support sql server/oracle, but not db2
• dynamo is not supported by cloud watch event, you need cloud trails
• dynamo stream to record item change activities
• lambda can be uses to start/stop beanstalk env
• red shift cluster is single az
• cloud watch event do not suppport s3
• aws opsworks are not os patches
• video stream cannot save video to s3 directly
• enbaleDnsHostname to determine if whthin vpc or public
• enableDnsSupport id aws dns is supported in vpc
• ebs rds cross region copy
• (physical to virtual) p2v is not supported by servier migration service
• cache control header annot be set in cloudfront

P.S.

• Do use it (AWS services)
• Do design some architecture for a solution (from simple)
• Do play around it