AWS

AWS Certified Solutions Architect - Associate (SAA-C03) #11 Domain 3-3 High-Performing Architectures — Choosing Storage
5 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #11 Domain 3-3 High-Performing Architectures — Choosing Storage

The third post of the SAA-C03 high-performing domain. It covers the distinction between block (EBS) , file (EFS , FSx) , object (S3) storage, EBS volume types (gp3 , io2 , st1 , sc1) and selection criteria, the use cases for EFS and FSx (Windows File Server , Lustre), and how to optimize cost with S3 storage classes (Standard , Intelligent-Tiering , IA , Glacier family) and lifecycle policies.

AWS Certified Solutions Architect - Associate (SAA-C03) #10 Domain 3-2 High-Performing Architectures — Caching
5 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #10 Domain 3-2 High-Performing Architectures — Caching

The second post of the SAA-C03 high-performing domain. It covers the difference between ElastiCache's Redis and Memcached, DAX for accelerating DynamoDB, CloudFront for caching content close to users (edge , OAC , signed URLs), cache strategies (lazy loading , write-through), and storing sessions externally for stateless design.

AWS Certified Solutions Architect - Associate (SAA-C03) #9 Domain 3-1 High-Performing Architectures — Choosing Compute
4 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #9 Domain 3-1 High-Performing Architectures — Choosing Compute

The first post of the SAA-C03 high-performing domain. It covers how to choose the compute that fits a workload: EC2 instance families (general , compute , memory , storage , accelerated) and selection criteria, the performance and cost trade-offs of purchasing options (On-Demand , Reserved , Savings Plans , Spot , Dedicated), and when to pick serverless compute (Lambda , Fargate).

AWS Certified Solutions Architect - Associate (SAA-C03) #8 Domain 2-3 Resilient Architectures — Backup Strategy
5 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #8 Domain 2-3 Resilient Architectures — Backup Strategy

The final post of the SAA-C03 resilience domain. It covers incremental storage of EBS snapshots and cross-Region , cross-account copy, snapshot automation with Data Lifecycle Manager, the difference between RDS automated backups and manual snapshots plus point-in-time recovery (PITR), AWS Backup and backup plans for centrally managing multiple services, and immutable backups (Vault Lock).

AWS Certified Solutions Architect - Associate (SAA-C03) #7 Domain 2-2 Resilient Architectures — DR Patterns
5 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #7 Domain 2-2 Resilient Architectures — DR Patterns

The second post of the SAA-C03 resilience domain. It covers the precise meaning of RTO and RPO, the cost and recovery-time trade-offs of the four disaster recovery (DR) strategies (Backup & Restore , Pilot Light , Warm Standby , Multi-Site Active/Active), and how to implement them with Route 53 failover routing and cross-Region replication (RDS , Aurora Global , DynamoDB global tables , S3 CRR).

AWS Certified Solutions Architect - Associate (SAA-C03) #6 Domain 2-1 Resilient Architectures — Multi-AZ , Auto Scaling , ELB
6 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #6 Domain 2-1 Resilient Architectures — Multi-AZ , Auto Scaling , ELB

The first post of the SAA-C03 resilience domain. It covers high-availability design using Availability Zones (AZ), the makeup of Auto Scaling groups and their scaling policies (target tracking , step , scheduled , predictive), the three types of ELB (ALB , NLB , GLB) and how to choose between them, the structure that automatically replaces failed instances via health checks, and cross-zone load balancing.

AWS Certified Solutions Architect - Associate (SAA-C03) #5 Domain 1-4 Secure Architectures — WAF , Shield , Cognito , Secrets Manager
6 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #5 Domain 1-4 Secure Architectures — WAF , Shield , Cognito , Secrets Manager

The final post of the SAA-C03 security domain. It covers application-layer protection and credential management: WAF web ACLs and rules (SQLi , XSS , rate , geo), the difference between Shield Standard and Advanced, the role distinction between Cognito User Pool (authentication) and Identity Pool (temporary AWS credentials), and a comparison of Secrets Manager and Parameter Store.

AWS Certified Solutions Architect - Associate (SAA-C03) #4 Domain 1-3 Secure Architectures — VPC Security
6 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #4 Domain 1-3 Secure Architectures — VPC Security

The third post of the SAA-C03 security domain. It covers network-boundary security: the difference between security groups and network ACLs (stateful vs. stateless) and how rules are evaluated, the two kinds of VPC Endpoint (Gateway , Interface) and how to choose between them, the structure for exposing a service privately with PrivateLink, bastion hosts and Systems Manager Session Manager, and VPC Flow Logs.

AWS Certified Solutions Architect - Associate (SAA-C03) #3 Domain 1-2 Secure Architectures — KMS and Encryption
7 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #3 Domain 1-2 Secure Architectures — KMS and Encryption

The second post of the SAA-C03 security domain. It covers KMS key types (AWS managed, customer managed, customer provided), how envelope encryption works, the difference between at-rest and in-transit encryption, the encryption options for S3, EBS, and RDS and how to encrypt resources that already exist, key policies and cross-account key sharing, and the difference from CloudHSM.

AWS Certified Cloud Practitioner (CLF-C02) #10: Full-Scale Mock Exam — 50 Questions with Explanations
19 min read

AWS Certified Cloud Practitioner (CLF-C02) #10: Full-Scale Mock Exam — 50 Questions with Explanations

The final post of the CLF-C02 series. Fifty questions sized to match the real exam domain weights (24/30/34/12%). Domain 1 (Cloud Concepts) 12 questions, Domain 2 (Security) 15 questions, Domain 3 (Cloud Technology) 17 questions, Domain 4 (Billing) 6 questions. The real exam is 65 questions in 90 minutes; this mock is scored over 50 questions, target 60–75 minutes, and 36+ correct (72%) puts you in safe passing territory. Each question is followed by the answer and an explanation.

AWS Certified Solutions Architect - Associate (SAA-C03) #2 Domain 1-1 Secure Architectures — IAM in Depth
8 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #2 Domain 1-1 Secure Architectures — IAM in Depth

The first post of the SAA-C03 security domain. After a quick review of the four IAM components (User/Group/Role/Policy), it covers the policy evaluation logic (explicit Deny wins), the difference between trust policies and permission policies, temporary credentials and AssumeRole via STS, cross-account access, and permission boundaries and SCPs at the SAA level. On the exam, the security domain carries the largest weight at 30%, and IAM is its core.

AWS Certified Cloud Practitioner (CLF-C02) #9 Exam Tips and Common Mistake Patterns
10 min read

AWS Certified Cloud Practitioner (CLF-C02) #9 Exam Tips and Common Mistake Patterns

A condensed read-once-more piece for the moments right before you walk into the CLF-C02 exam. Time management for 65 questions in 90 minutes; common pitfall question shapes like multiple-response and double negatives; pairs of services people confuse (S3 vs EBS, CloudTrail vs Config, ALB vs NLB, and so on); four techniques for narrowing down answers; and a final 30-minute pre-exam checklist. The next post, #10, is the full-scale mock exam.