Exam structure

  • There are 65 questions within the exam and are multiple-choice
  • requiring you to select either a single or multiple answers for each question
  • The scoring is based out of 1000, with a minimum passing score of 720 (72%)
  • You get 130 minutes to answer these questions.

The exam is split into 4 different domains that you will be assessed against, each carrying a different percentage weighting, these are identified as:

  • Domain 1: Design Resilient Architectures 30%
  • Domain 2: Design High-Performing Architectures 28%
  • Domain 3: Design Secure Applications and Architectures 24%
  • Domain 4: Design Cost-Optimized Architectures 18%


EC2 (Elastic Compute Cloud)

Amazon Machine Images

AMI is an image baseline that will include an operating system and applications along with any custom configuration

Instance types

An instance type simply defines the size of the instance based on a number of different parameters, these being ECUs. This defines a number of EC2 compute units for instance, vCPUs this is the number of virtual CPUs on the instance. Physical processor, this is the process speed used on the instance. Clock speed, it’s clock speed in gigahertz.

  • Micro instances
  • General-purpose
  • Compute optimized
  • GPU
  • FPGA


  • Ephemeral: meaning temporary
  • Persistent storage: is available by attaching elastic block storage EBS volumes

Payment plans

  • On-demand instances
  • Reserved instances
  • Scheduled instances
  • Spot instances
  • Capacity reservations


  • Shared tenancy
  • Dedicated instances
  • Dedicated Hosts

User data

commands which run at start up. Like for software update.

ECS (Elastic Container Service)

This allows you to run Docker-enabled applications packaged as containers across a cluster of EC2 instances without requiring you to manage a complex and administratively heavy cluster management system

AWS Fargate: is an engine used to enable ECS to run containers without having to manage and provision instances and clusters for containers.

Docker is piece of software that allows you to automate the installation and distribution of applications inside Linux Containers.

A Container holds everything that an application requires to enable it to run from within it’s isolated container package. This may include system libraries, code, system tools, run time, etcetera. But it does not include an operating system like a virtual machine does, and so reduces overhead of the actual container itself.

Cloud Watch is used for monitoring.

Launch methods

  • Fargate launch
  • EC2 launch

EKS - Elastic Container Service for Kubernetes

Kubernetes is an open-source container orchestration tool designed to automate, deploy, scale, and operate containerized applications. It is designed to grow from tens, thousands, or even millions of containers. Kubernetes is also container-runtime agnostic, which means you can actually use Kubernetes to run rocket and docker containers.

AWS Batch

EC2 Auto Scaling

Elastic Load Balancer (ELB)

SSL Server Certificates

Application Load Balancers

Network Load Balancers

Classic Load Balancers

Using ELB and Auto Scaling Together

AWS Lambda

Understanding Event Source Mapping

Monitoring and Common Errors


Amazon S3

Storage Classes


Server-Access Logging

Static Website Hosting

Object-Level Logging

Transfer Acceleration

Using Policies to Control Access

Managing Public Access to Your Buckets

Cross Origin Resource Sharing (CORS) with S3

Amazon Elastic File System

Storage Classes and Performance Options

EFS Security

Importing Data

EC2 Instance Storage

Amazon Elastic Block Store (EBS)

Amazon FSx

AWS Storage Gateway

AWS Backup




Network Access Control Lists (NACLs)

Security Groups

NAT Gateway

Bastion Hosts

VPN & Direct Connect

VPC Peering

Transit Gateway

Elastic IP Addresses (EIPs)

Elastic Network Interfaces (ENIs)

EC2 Enhanced Networking with the Elastic Network Adaptor (ENA)

VPC Endpoints

AWS Global Accelerator

Amazon Route 53

Amazon CloudFront


Amazon Relational Database Service

Amazon DynamoDB

Amazon ElastiCache

Amazon Neptune

Amazon Redshift

RDS Instance Purchasing Options

Database Storage and I/O Pricing

Backup Storage Pricing

Backtrack Storage Pricing

Snapshot Export Pricing

Data Transfer Pricing

AWS Global Infrastructure

Availability Zones,


Edge Locations,

Regional Edge Caches

High Availability

Backup and DR Strategies

High Availability vs Fault Tolerance

Considerations when planning an AWS DR Storage Solution

Using Amazon S3 as a Data Backup Solution

Using AWS Snowball for Data Transfer

Using AWS Storage Gateway for On-premise Data Backup

RDS Multi AZ

Read Replicas

Amazon Aurora HA Options

Aurora Single Master - Multiple Read Replicas

Aurora Single Master - Multiple Read Replicas DEMO

Aurora Multi Master

Aurora Multi-Master Setup and Use DEMO

Aurora Serverless

Aurora Serverless Database Cluster DEMO

High Availability in DynamoDB

AWS DynamoDB HA Options

AWS DynamoDB HA Options Demo

On-Demand Backup and Restore

Point in Time Recovery

Point in Time Recovery Demo

DynamoDB Accelerator

DynamoDB Accelerator (DAX)


What is a Decoupled and Event-Driven Architecture? Application services Introduction to the Simple Queue Service Introduction to the Simple Notification Service Streaming Data Fundamentals of Stream Processing Amazon Kinesis Overview A Streaming Framework Design a Multi-Tier Solution Architecture Basics What is Multi-Tier Design and When Should We Use it? When Should We Consider Single-Tier Architecture? Designing a Multi-Tier Solution Connectivity Within The VPC Design considerations Serverless Design Patterns Micro Service Design Patterns


What is Identity and Access Management? IAM Features Managing user identities with long term credentials in IAM Overview of the User Dashboard Creating IAM Users Managing IAM Users Managing access using IAM user groups & roles Managing Multiple Users with IAM User Groups IAM Roles Using AWS Service Roles to Access AWS Resources on Your Behalf Using IAM User Roles to Grant Temporary Access for Users Using Roles for Federated Access Using IAM policies to define and manage permissions IAM AWS Policy Types Examining the JSON Policy Structure Creating an AWS IAM Policy Policy Evaluation Logic Cross-account access Implementing Cross-Account Access Using IAM AWS Web Application Firewall An Overview of AWS WAF Understanding Rules and Rule Groups Creating a Web ACL Demo AWS Firewall Manager AWS Firewall Manager and Prerequisites Policies AWS Shield What is AWS Shield? Configuring Shield Amazon Cognito Overview of Amazon Cognito The Basics of Cognito User Pools User Pools Authentication Flow Identity Pools Identity Pools Authentication Flow Identity Federation Using AWS Identity Federation to Simplify Access at Scale


What is Amazon CloudWatch? Audit Logs The Benefits of Logging AWS CloudTrail What is AWS CloudTrail? AWS CloudTrail Operations AWS Config What is AWS Config? Key Components of AWS Config AWS Organizations AWS Organizations Implementing AWS Organizations Securing Your Organizations with Service Control Policies AWS Logging CloudWatch Logging Agent CloudTrail Logging Monitoring CloudTrail with CloudWatch CloudFront Access Logs VPC Flow Logs Cost Management Bills and Cost Drivers Credits Cost Explorer Reports Cost and Usage Reports Budgets


What is KMS? Components of KMS Understanding Permissions & Key Policies Key Management CloudHSM What is CloudHSM? Understanding AWS CloudHSM Architecture & Implementation Using CloudHSM as a Custom Key Store in KMS S3 Encryption Mechanisms Overview of Encryption Mechanisms Encryption Mechanisms Server-Side Encryption with S3 Managed Keys (SSE-S3) Server-Side Encryption with KMS Managed Keys (SSE-KMS) Server-Side Encryption with Customer Provided keys (SSE-C) Client-Side Encryption with KMS Managed Keys (CSE-KMS) Client-Side Encryption with Customer Provided Keys (CSE-C)