#Aws

118 posts

AWS Certified Solutions Architect - Associate (SAA-C03) #8 Domain 2-3 Resilient Architectures — Backup Strategy
5 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #8 Domain 2-3 Resilient Architectures — Backup Strategy

The final post of the SAA-C03 resilience domain. It covers incremental storage of EBS snapshots and cross-Region , cross-account copy, snapshot automation with Data Lifecycle Manager, the difference between RDS automated backups and manual snapshots plus point-in-time recovery (PITR), AWS Backup and backup plans for centrally managing multiple services, and immutable backups (Vault Lock).

AWS Certified Solutions Architect - Associate (SAA-C03) #7 Domain 2-2 Resilient Architectures — DR Patterns
5 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #7 Domain 2-2 Resilient Architectures — DR Patterns

The second post of the SAA-C03 resilience domain. It covers the precise meaning of RTO and RPO, the cost and recovery-time trade-offs of the four disaster recovery (DR) strategies (Backup & Restore , Pilot Light , Warm Standby , Multi-Site Active/Active), and how to implement them with Route 53 failover routing and cross-Region replication (RDS , Aurora Global , DynamoDB global tables , S3 CRR).

AWS Certified Solutions Architect - Associate (SAA-C03) #6 Domain 2-1 Resilient Architectures — Multi-AZ , Auto Scaling , ELB
6 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #6 Domain 2-1 Resilient Architectures — Multi-AZ , Auto Scaling , ELB

The first post of the SAA-C03 resilience domain. It covers high-availability design using Availability Zones (AZ), the makeup of Auto Scaling groups and their scaling policies (target tracking , step , scheduled , predictive), the three types of ELB (ALB , NLB , GLB) and how to choose between them, the structure that automatically replaces failed instances via health checks, and cross-zone load balancing.

AWS Certified Solutions Architect - Associate (SAA-C03) #5 Domain 1-4 Secure Architectures — WAF , Shield , Cognito , Secrets Manager
6 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #5 Domain 1-4 Secure Architectures — WAF , Shield , Cognito , Secrets Manager

The final post of the SAA-C03 security domain. It covers application-layer protection and credential management: WAF web ACLs and rules (SQLi , XSS , rate , geo), the difference between Shield Standard and Advanced, the role distinction between Cognito User Pool (authentication) and Identity Pool (temporary AWS credentials), and a comparison of Secrets Manager and Parameter Store.

AWS Certified Solutions Architect - Associate (SAA-C03) #4 Domain 1-3 Secure Architectures — VPC Security
6 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #4 Domain 1-3 Secure Architectures — VPC Security

The third post of the SAA-C03 security domain. It covers network-boundary security: the difference between security groups and network ACLs (stateful vs. stateless) and how rules are evaluated, the two kinds of VPC Endpoint (Gateway , Interface) and how to choose between them, the structure for exposing a service privately with PrivateLink, bastion hosts and Systems Manager Session Manager, and VPC Flow Logs.

AWS Certified Solutions Architect - Associate (SAA-C03) #3 Domain 1-2 Secure Architectures — KMS and Encryption
7 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #3 Domain 1-2 Secure Architectures — KMS and Encryption

The second post of the SAA-C03 security domain. It covers KMS key types (AWS managed, customer managed, customer provided), how envelope encryption works, the difference between at-rest and in-transit encryption, the encryption options for S3, EBS, and RDS and how to encrypt resources that already exist, key policies and cross-account key sharing, and the difference from CloudHSM.

AWS Certified Cloud Practitioner (CLF-C02) #10: Full-Scale Mock Exam — 50 Questions with Explanations
19 min read

AWS Certified Cloud Practitioner (CLF-C02) #10: Full-Scale Mock Exam — 50 Questions with Explanations

The final post of the CLF-C02 series. Fifty questions sized to match the real exam domain weights (24/30/34/12%). Domain 1 (Cloud Concepts) 12 questions, Domain 2 (Security) 15 questions, Domain 3 (Cloud Technology) 17 questions, Domain 4 (Billing) 6 questions. The real exam is 65 questions in 90 minutes; this mock is scored over 50 questions, target 60–75 minutes, and 36+ correct (72%) puts you in safe passing territory. Each question is followed by the answer and an explanation.

AWS Certified Solutions Architect - Associate (SAA-C03) #2 Domain 1-1 Secure Architectures — IAM in Depth
8 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #2 Domain 1-1 Secure Architectures — IAM in Depth

The first post of the SAA-C03 security domain. After a quick review of the four IAM components (User/Group/Role/Policy), it covers the policy evaluation logic (explicit Deny wins), the difference between trust policies and permission policies, temporary credentials and AssumeRole via STS, cross-account access, and permission boundaries and SCPs at the SAA level. On the exam, the security domain carries the largest weight at 30%, and IAM is its core.

AWS Certified Cloud Practitioner (CLF-C02) #9 Exam Tips and Common Mistake Patterns
10 min read

AWS Certified Cloud Practitioner (CLF-C02) #9 Exam Tips and Common Mistake Patterns

A condensed read-once-more piece for the moments right before you walk into the CLF-C02 exam. Time management for 65 questions in 90 minutes; common pitfall question shapes like multiple-response and double negatives; pairs of services people confuse (S3 vs EBS, CloudTrail vs Config, ALB vs NLB, and so on); four techniques for narrowing down answers; and a final 30-minute pre-exam checklist. The next post, #10, is the full-scale mock exam.

AWS Certified Solutions Architect - Associate (SAA-C03) #1 Exam Introduction — Exam Structure and Study Roadmap
8 min read

AWS Certified Solutions Architect - Associate (SAA-C03) #1 Exam Introduction — Exam Structure and Study Roadmap

The opening post of the AWS Certified Solutions Architect - Associate (SAA-C03) series. It covers the structure of 65 questions, 130 minutes, and a 720 passing score; the weight and meaning of the four domains (Security 30% , Resilience 26% , High Performance 24% , Cost 20%); how it differs from Cloud Practitioner; and a study strategy that turns the intuition built on the hands-on [AWS track](/en/posts/aws-basics-1) and [CLF-C02](/en/posts/aws-clf-1-exam-introduction) into design-oriented exam answers. This 16-part series targets a SAA-C03 pass, wrapping up with a full-scale mock exam in #16.

AWS Certified Cloud Practitioner (CLF-C02) #8 Domain 4 Billing and Support — Pricing Models, Support Plans, TCO
8 min read

AWS Certified Cloud Practitioner (CLF-C02) #8 Domain 4 Billing and Support — Pricing Models, Support Plans, TCO

The final CLF-C02 domain — Billing, Pricing, and Support (12%). The weight is small, but the question patterns are formulaic, so this is a domain you can take near-full marks on. We cover the four EC2 pricing models (On-Demand, Reserved, Savings Plans, Spot), the free tier, AWS Pricing Calculator and TCO Calculator, Cost Explorer, AWS Budgets, Cost and Usage Report, Consolidated Billing, the four Support Plan tiers (Basic, Developer, Business, Enterprise), and the check coverage of Trusted Advisor.

AWS Certified Cloud Practitioner (CLF-C02) #7 Domain 3-2 Core Services — Networking and Databases
10 min read

AWS Certified Cloud Practitioner (CLF-C02) #7 Domain 3-2 Core Services — Networking and Databases

The second half of Domain 3. Networking (VPC, subnets, Route 53, CloudFront, the four ELB types, VPN, Direct Connect, Global Accelerator), databases (RDS, Aurora, DynamoDB, ElastiCache, Redshift, DocumentDB, Neptune), and ops/management services (CloudWatch, CloudTrail, Trusted Advisor, Systems Manager, CloudFormation). The volume looks heavy, but it compresses into a single workload-to-service mapping table. #8 picks up with Domain 4, Billing and Support.