How I passed the AWS Professional Architect Certification (SAP C01) and others

Certifications include: Architect Professional, Security, SysOps.

Why Certify

Credential gathering is tedious. You can argue for or against certifications. I would argue they are important for the following reasons:

1-Demonstrates a commitment to the platform, given the time, money, effort needed to pass.

2-Should offer some proof of expertise in certain areas and a real zeal on your behalf to become good in that domain.

3-Provides a baseline to internal, external clients of knowledge, that cannot be argued against.

4-Does not mean you ‘the’ expert, but rather, that you comprehend the domain or area in question (eg. Magic DevOps).

5-Probably means you can do hands-on work which is vital to anyone in IT including Architects.

6-Money. Certs are usually translated into higher salaries or contract rates.

7-Authority – you should be able to participate in discussions on the platform and the related domains you are certified in with confidence and openness.

8-Creativity. With some deep knowledge you will be more inclined to innovate, add value, develop some new or novel approaches to solve complex use cases and work with other SMEs to accomplish project goals.

How to Pass

No magic needed. It will depend on who you are, how committed, your hands-on programming or scripting skills, the number of years in IT, and your affinity for IaaS and PaaS, along with past or current project related experience.

Path: A-Cloud Practitioner B-Solutions Associate C-S.A. Professional (SAP)

This path should be followed. Follow the program. Deep dive. Eat it, live it, love it.

Time: Depends on you. If you are new to Cloud, you will need 1 year including hands-on to really understand the platform and feel comfortable. You could pass the Cloud Practitioner without 1 year experience of course, but the point should be to really understand the platform, not just pass the certifications.

1-Take a standard introduction or intermediate course from or Cloud Academy.

2-Follow the free AWS training tutorials on Architecting. If you are new to AWS follow their path on gaining Certification in Cloud Practitioner first. AWS Training portal:

3-For AWS (true for Azure, Google), get an account and start using the services.

4-IaaS. Build a network, VPC, subnets, set up EC2 free-tier instances, deploy a dead simple app into your VPC and subnets. Examples of dead simple apps to deploy include can be found here: Really understand VPC, VPN, Direct Gateway and related architectures including DNS, DHCP, failover, latency, routing, high availability of networking. There are a lot of networking questions. It is worthwhile to spend a lot of time on networking. In the real world on any Cloud project, the first person you should hire is the network SME.

5-Use the simple app to get a feel for EC2, EBS, and Security. Build IAM users, profiles, roles and groups. Understand the IAM model and how central it is to AWS.

6-Take Deep Dives into IaaS – Compute, Servers on EC2, Migration to EC2, Networking, Storage, Security, CloudWatch, CloudTrail, AWS Config, S3 (a global objectstore). Large parts of the Architect exam are IaaS related and you need to know how to build and deploy backend and frontends within EC2.

7-Security. Use AWS documentation and resources to fully understand the many layers of Security from the Network to the Application level. Take some free courses on the same. IAM, WAF, Shield, Data Guard, Proxies, Proxy fleets, VPN Peering, NATs, Security Groups, NACLS. Build a security model. Eat, breathe, sleep IAM.

8-AWS Organisations. A central way to manage governance. Take deep dives into AWS Orgs and cost control. Follow the AWS documentation, videos on the same. This is a central feature of the exam. Plough through all the AWS Security services including the Security Hub, AWS Landing zone (provides out of the box templates for security, IaC).

9-Understand use cases for data. EFS (NFS protocol), FSx (EFS on steroids for Windows and Linux), EBS (device storage), S3, Glacier, and the differences in costs, durability, availability and the various use cases which support each.

10-Understand IaaS monitoring and logging really well. CloudWatch, CloudTrail, VPC flow logs, AWS Config, Lambda functions, integration of CloudWatch with Lambda, Lambda with S3 and SNS (notification service), SNS with CloudWatch. In real life monitoring and reporting (and centralising logs and analysis) is vital. Understand how logs can be deployed into S3 (Kinesis aggregation for eg.) and analysed by Athena. Try it yourself with hands on practice.

11-Datastore details and use cases including RDS, Redshift (OLAP), DynamoDB (NoSQL), and related costs for reads, writes, how to reduce write costs, the use of read-replicas, analysis of data with Athena, Quicksight and the ELK stack; how to use caching and when to use CloudSearch and ElaticSearch (web, mobile apps, also analysis of logs).

12-Deepen the IaaS skill set. Do not follow the expensive paid for AWS Training programs (1-3 days, $600-$2000 per student). Waste of money. Go the AWS Training portal, go to the paid deep dive Training for Architects, copy the syllabus, and put it into a word document. Go through each section of the syllabus yourself and read the AWS Whitepapers and follow AWS videos on each section.

13-Every part of your self education needs to be documented. Create a document with relevant sections. Infill every section with AWS documentation (the relevant bits) and your own experience with hands-on.

14-Use free-ware videos, training for AWS IaaS and do deep dives against the syllabus you copied from AWS.

15-Now move on to PaaS. Do the same. AWS has a long list of PaaS services. Start with RDS, Elastic Beanstalk, Opsworks, Kinesis, SQS. Understand use cases around each of them.

16-IaC and Cloud Formation Templates. Do hands-on with CFT. All Architects need to be CFT literate. You should be using them in real life. Take a simple app and deploy it with CFT (do it yourself). Take CFT courses and videos on AWS. Completely understand the sections of the CFT and what each section does. Compare and understand the differences between CFT, ElasticBeanstalk and Opsworks.

17-Web Apps – Cloudfront – S3 integration and web apps. Cloudfront-WAF. Cognito-AWS STS-LDAP. Building web (eg gaming) sites at scale (DynamoDB, API gateway).

18-Serverless. A lot of the exam assumes Serverless. Go through the services, use hands-on to really understand the use cases for API Gateway, Lambda, SAM, DynamoDB.

19-Practice exams. There are many free dumps on the Net for the exam. Keep in mind that 30-50% of the answers are wrong. Yes, wrong. Do not trust the dumps. They can be useful to get a feel for the type of questions you will be asked. But don’t believe the answers. You need to verify them yourself.

20-Take the AWS practice exam. If you get 60% plus you are getting ready to take the actual exam.


The key to passing is to have an intimate knowledge and real understanding of the services, of IaaS and PaaS and to truly understand what the question is asking, the use case involved and what the question’s main import is. For example, you will be given a use case scenario, ‘migrate an on-premise Oracle-Tomcat-Web app to AWS, in 2 weeks, with 20TB of related data, no Direct Connect, an ISP connection of 50 Mbps. What is the fastest and cheapest way?’

Make sure you answer the question (fastest, cheapest). Choose the answer which is the best one available. It might not be the ‘best way’ to do it, but given the 4 answers it is the best solution given to you. So don’t impose your own views on the answer. Accept what they give you, make sure you answer the problem statement.

Good luck.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.