Well it’s been a bit since my last update but that’s mostly because of travel. I have not let up on the AWS SAA study. In this post I’ll provide an update on a few things I find interesting.
Areas of Study
I thought it would be nice to share the outline I am following while I prepare. I’m using a mix of the course by Adrian Cantrill, practice exams by WhizLabs, the SAA-CO2 Exam Guide, the AWS Well Architected Framework, and lots of lab time in the AWS Console.
- AWS Accounts
- Reviewed a bunch of Tech Fundamentals
- OSI Model
- Several AWS Fundamentals
- Public vs. Private Services
- AWS Global Infrastructure
- Default VPC
- DNS and Route53
- IAM, Accounts, and Organizations
- Containers & ECS
- ELB, ALD, NLB, ASG, GLB
- AWS Lambda
- API Gateway
- Amazon Cognito
- Direct Connect
- Transit Gateway
- Storage Gateway
- AWS Secrets Manager
- AWS WAF & Shield
- AWS Config
- Amazon Macie
- Amazon Inspector
- Amazon GuardDuty
- Amazon DynamoDB
- Amazon Athena
- Amazon RedShift
I know there is a lot there, but this is not an exhaustive list. There are several other topics that fit in this outline and if you take a training course you’ll pick all those bits up.
Points of Interest
So far I have come across some really interesting things. On thing I like is the application of resource-based policies. A resource-based policy is just that, a policy attached to a resource that lets you specify who has access to the resource and what actions they can perform on it. You can attach resource-based policies to things like S3 buckets, VPC endpoints and AWS Secrets Manager.
This is a simple example of how resource policies work. For example, When you look at the user policies, its pretty simple to see that User A only has list/read on Resource A. A resource policy could change that, but in this example it doesn’t. However for User B you can see they can list/read on both resources B and C, however the resource policy on Resource C says otherwise. Since this is an explicit deny on the resource policy it doesn’t matter what the identity-based policy says. Also, User D will have full access to Resource C since there is no explicit policy that negates the resource-based policy.
To get a more complete sense of how these policies work and what services support them have a look at the Identity-based policies and resource-based policies page.
One other little bit I picked up that I want to explore in a bit more detail is how to encrypt data in an S3 bucket with Server-Side encryption and KMS.
Next On the Agenda
Next on my agenda is a dive into EC2 followed by Containers and ECS.
I’ll be back next week with another update. In the mean time, if you are new to cloud networking have a look at the Getting Started with AWS page where you’ll find some tutorials that you can follow to get some hands on experience.
Until next week, Happy Labbing!
2 thoughts on “AWS Solutions Architect Associate Study Update # 3”
Would love to get an update on your journey! I will be following a similar path this soon and am very interested.
Update Posted! Thanks for your comments. Let me know if you have specific questions. I’d be happy to try to answer them.