Passed this weekend with 975/1000! Wish I knew which questions I had dropped! 🙂
Once again, I predominantly used the synonomous acloud.guru (ACG) course. After reviewing the course content and some people’s feedback in the ACG forums I gambled on having sufficient knowledge across some of the core areas and focussed on stuff that was new to me. I also used 20+ years of experience in IT to focus on content in Troubleshooting and Incident Response that was new to problems in AWS. In ACG this often meant going through the summary videos for each chapter first, then going back into content in detail as required for a more complete understanding. I definitely recommend the ACG course overall, IMHO they are better than most content in Pluralsight & Udemy and worth spending my own money on. They had updated content for 2019 based on feedback from users (I was studying in Sept 2019).
As well as the video learning, my key (pun intended) reading materials were
KMS FAQ and best practise whitepaper
I didn’t use any specific external labs for this certification. There are several practical labs in the ACG course which I clicked along with and headed off on tangents when I found interesting things.
Practice exams are essential to test what you know and to identify areas that needed further study. This is my biggest study tip – do mock exams and study what you get wrong!
My core areas:
Networking: VPCs, SGs, route tables, NACLs, gateways, etc
IAM & Identity Federation with STS
Organizations & SCPs
Logging (CloudWatch, CloudTrail, VPC flowlogs, etc)
All of these have content which is also covered by the Certified Solution Architect (CSA) track. If you have passed CSA Professional then you’re probably already up to speed. If you’ve done CSA Associate, then there’s more to learn.
New areas to cover which needed in-depth knowledge over and above the Certified Solution Architect Professional were primarily:
S3 policies, ACLs, encryption, pre-signed URLs, CRR/SRR
Glacier Vault Lock
Use of (and conflicts in) IAM and S3 policies
Key Management Service (KMS) including CMKs/DMKs, key rotation, key policies and grants
Amazon Certificate Manager (ACM)
Integrating ACM, CloudFront and ELB
Config (lots of recent changes here, get a refresher if you learnt it in 2018!)
On troubleshooting, real world experience integrating & debugging these services is invaluable:
KMS with anything
Lambda with S3, CloudWatch, etc
Cross Account access in IAM
SGs and NACLs
Why isn’t my _____ logging to CloudWatch?
Be really clear on the differences between:
Shield and WAF
TA and Inspector
Network packet logging and packet inspection
AWS public and private service endpoints and PrivateLink
Relatively new services which need to be understood, but not in-depth:
ECS and container security e.g. managing mutual auth certs with ACM
Most of the new services have appeared in the exam in 2019, so if you’re reading this in 2020 it’s likely that there’s more new things to learn about! Do some research online to find out what.
Where does it sit on the difficulty scale? I would say: more difficult/in-depth than the 3 x Associate exams but easier than the CSA Pro.
As with all certifications, go book a date in the calendar. Schedule an exam at a testing centre and then get studying. You can reschedule AWS exams upto 3 times without penalty upto 24 hours beforehand, so if you’re not ready it can always be deferred. Good luck!
Perfect, thanks for your tips!
Nicely done, congrats! That’s an exceptional score, and really well done for a Specialty exam! That’s also an amazing amount of brilliant tips for other students, and hopefully they find this useful too! The point about being able to reschedule the exam is handy too; it’s great to have a date to work towards, but also being able to shift it if things get too out of control.
Best of luck with what comes next on your cloud journey!