Hooray, I'm an AWS Certified Pro Architect. So what? - Medium

One does not simply pass the AWS Solution Architect Pro exam. You can't just watch some videos for 2 days and ace the test. Hooray,I’manAWSCertifiedProArchitect.Sowhat?KrisPeetersFollowOct24,2019·10minreadIsitworthittospendtimeandmoneycollectingadvancedcertifications?InthisblogIsharemyopinionandlessonslearned.TL/DR:Yes,youwillbecomequiteknowledgeableaboutthedetailsofAWS,andyesitwilllookgoodonyourCV.No,itwon’tmakeyouagreatarchitect.IfyouwanttoknowhowIstudied,scrollallthewaydown.Whatisthefuzzabout?OnedoesnotsimplypasstheAWSSolutionArchitectProexam.Youcan’tjustwatchsomevideosfor2daysandacethetest.Youactuallyhavetostudy.Inthemagicallandofcertifications,theProArchitectofAWShasaspecialringtoit.Therehavebeenafewblogspublisheddescribingitsdifficulty:HowtopassAWSSolutionsArchitectProfessionalExam?IstheSolutionsArchitect—ProfessionalCertTestAsHardasitsReputationSuggests?Thoughtsaftercompletingall7AWSCertificationsSoyeah,Iwaswarnedbeforedivingin.Ontheotherhand,I’mtheCEOofadataanalyticscompany,oftenadvisingclientsoncloudarchitecture,andwe’vebeenworkingonAWSsinceourstart,5yearsago.Thisshouldbeaminimumbarforme.Also,toadvanceinourpartnershiprelationwithAWS,weneededtocollectafewofthesecertifications.https://www.certmetrics.com/amazon/public/transcript.aspx?transcript=YCZ4MDQCKMBEQFC6Whywouldyoubother?Well,let’signoretheobligationtogetitforAWSpartnershipsreasons.Ithinkthereare2goodreasonswhyyoushouldmaketheeffort:BecauseyoureallywanttolearnaboutAWSin-depth:ThisiswhatIcall“HighROIeducation”.Thesedays,we’rebombardedwithblogs(likethisone),tweets,tutorials,…Youtouch5technologiesfor20minandyoumoveontothenextfad.Thisisthetypeofshallowlearningthatisusefulinadiscoveryphase.Butitnevergetscommittedtolong-termmemory.Atleastnotwithme.Incontrast,inmyfirstjobin2005,IhadtosqueezethelastbitofperformanceoutofMySQL,andIlearnedatonofthingsthatarerelevanteventoday.Eg.thedifferencebetweenMyISAMandInnoDBstorageengines.ThisisactuallysomethingthatcamebackinthisAWSexam.I’vebeenluckyenoughtohavedonesimilardeep-divesinmycareerintechnologiessuchasC++,C#,Postgres,Vertica,Hadoop,Spark,Python,….Youcanneverknow100%.Butyougettoalevelwhereyouareconfidentenoughtofaceanyproblemthetechthrowsatyou.Youknowyou’vegonedeepenoughwhenyoufindthedocumentationlimitingandyouroutinelyreadthesourcecode(whenavailable)tounderstandwhat’sgoingon.Andforsure,knowingonethingin-depthhelpsyouunderstandotherthings.OnceyouknowAWS,thesteptoAzureorGCPisnotthatscaryanymore.Sodivein,thewaterisrefreshing!BecauseitlooksgoodonyourCV:Therehasbeenalotofdiscussiononthevalueofcertificationsforjobroles.Icantellfrommyexperienceasanemployee,afreelancerandnowanemployer:itjustticksafewboxeswithpeopleindecisionroles.Hateitorloveit.It’sthewayitis.Veryoftentheorganisationlookingforhelphasnoin-depthknowledgeaboutthematter.Otherwise,theyprobablydon’tneedhelp.Butthenhowtojudgethatthenewhire/contractor/supplierisactuallyknowledgeable?Anybodycanmakefancyslides.Acertificationisanexternalentityvalidatingthatyou’reatleastknowledgeableenoughtopassatest.Certificationsalonewon’tgetyouthere.Infact,whenweseecandidateswhoputtheircertificationstooprominentontheirCV,likethat’stheirproudestachievement,that’saredflagtome.Butstill,mostengineersIknowareterribleatmarketing.Considercertificationsasaformofmarketing.You’lllearnatonaboutAWSTheProexamactuallycoversonlyabout20%oftheservicesinAWS.SoyoucansafelyignorethingslikeAWSDeviceFarm,AWSRobomaker,AWSEventBridge,AWSSumerian,AWSLumberyard,….ButgetreadytoseeeverynookandcrannyofEC2,ELB,AutoscalingGroups,VPC,SecurityGroups,NACLs,VGW,DirectConnect,EBS,IAM,S3,SQS,Lambda,Cloudfront,DynamoDB,Redshift,Fargate,StorageGateway,…IfyouworkonAWSforawhile,you’vecomeacrossmostthingsmentionedabove.ButIalwaysapproacheditona“need-to-know”basis.Nowitwastimetoreallygettoknowtheseservices.AnditgavemeamuchricherunderstandingofAWS.Herearemy3mainlessonslearned.Itmightbetrivialforsome,buthereitgoes:1.Federatedauthenticationisreallypowerful.AlthoughIAMallowsyoutocreateyourownusers,itisoftenmuchbettertouseanexternalidentityprovidersuchasOkta,Auth0orevenActiveDirectory.UsermanagementisreallybasicinAWSandinanyreasonablylargeenvironment,youwanttomanagethosecentrallysomewhere.EvenforasmallorganisationsuchasDataMinded,wearegoingtolookatanidentityprovider.AsweareonGoogleAppsforBusiness,maybeGoogleisgoodenough.AlthoughI’veseenOktabeingusedatclients,andI’vebeenprettyimpressedwithitscapabilities.WithFederatedAuthentication,auserislinkedtoanIAMRole,andthatrolewillgetaccesstocertainservices.Justlikeit’sbestpracticetocreaterolesforservicestotalktoeachother.YoucanaskAWSSTStogeneratetemporarycredentialsforyou,shouldyouneedthem.IfyouusesimpleIAMusersbycontrast,youwillgetpermanentcredentialsthatyouusuallystoreina~/.aws/credentialsfile.Feelssodirtycomparedtohavingacentralloginsystem.I’vealwaysbeenavoidingthetopicbecauseitlookedcomplex.Butreally,youonlyneedtolearntheflowonce.Andonceyouunderstandtheflow,it’srelativelysimple.https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html2.Thereisactuallyplentyofsupportforhybridcloud.I’llconfess,I’vebeenfrustratedbyclientswhodidn’twanttogoALLINoncloudafterwe’vedonea2weekProof-of-Concept.Silly,right?Butthat’snotreality.MostITdepartmentsareunderstaffedandoverworked.Havingfancyconsultantscominginandaskingforextensionsoftheirnetworktothecloud,andaccesstoabunchofproductiondatabases,whichcanbreakifyoulookattheminthewrongway,isreallynotsomethingontopoftheirmind.Idon’tblamethem.ITinfraisadepartmentjudgedbyhowstabletheycanrunthethingsthatarebuiltbyadepartment(dev)judgedbyhowfasttheycanshipthings.ServiceslikeStorageGatewayenableyoutograduallymovedatatothecloud,whileatthesametime,offeringareliablebackupservice.RDSdatabasescanbeextendedtothecloudwithread-replicas,andovertime,youcanmakethatread-replicathemaster.YoucanimportVMstoEC2andmanagethemthroughSystemsManager.Slowly,youcanmovetomanagedservices.Youdoneedareliableconnection.IdeallyaDirectConnectwitharedundantlineincasetheDirectConnectfails.AndtheBGPprotocolcanmagicallyroutetrafficoverthisredundantsetup.Prettycool.Although,honestly,I’venevertouchedanyofthesetechsinreallife,sowhatdoIknow?https://aws.amazon.com/answers/networking/aws-multiple-data-center-ha-network-connectivity/3.RPOandRTOareafactoflife.Dealwithit.IneverreallyknewthedifferencebetweenaMulti-AZRDSoranRDSwithread-replicas.WellaMulti-AZRDSisforhigh-availability.AnentireAZcangodownandyouwilllosenodataoravailability.Readreplicasontheotherhand,areasynchronous.Theysyncdatafromthemastertothereplica.Ifthemasterdies,youcanpromoteareadreplicatobecomethemaster.But…there’sabut.Youmightlosedata.Thereisalastpointatwhichyoureceiveddata.Andthenabitlateryoucrashed.Thenyourealiseyoucrashedandyoutaketimetorecover.TheRPOisthetimebetweenthelastdatareceiveandthecrash.AndtheRTOisthetimebetweenthecrashandtherecovery.Thisisrelevantforread-replicas,butalsoforsnapshots,andbasicallyanythingthatcancrash.Soyes,alsoyourMulti-AZRDSdatabase,whenyoucorruptthedatabecauseofabuginyourcode,orincaseofregionoutages.Theseareveryunlikelyevents,butnotimpossible.RememberwhenS3wasoutlastyear?Realityisthatdisastersdooccur.That’sok.Youjustneedtohavethatconversationwithbusinessaboutwhattheirexpectationsare,andwhatyourplanisfordisasterrecovery.https://www.cloudberrylab.com/resources/blog/rto-vs-rpo-difference/Itwon’tmakeyouagreatarchitectDespitelearningatonaboutAWS,thatdoesn’tmeanyou’llactuallybeagreatarchitect.TheexamisactuallysurprisinglyNOTopinionatedabouthowyoubuildstuff.AWSislikelego.Theyofferabunchofservices.Andyoupickandchoosewhatyouwant.Evenaboutsecurity,AWSisveryclearaboutyourresponsibilities.Intheirfamoussharedsecuritymodel,theyonlytakecareofthebottomlayers.Andtheythrowabunchoftoolsatyouforthetoplayers.Butintheend,it’sreallyuptoyouonhowtodesignasecuresystem.https://aws.amazon.com/compliance/shared-responsibility-model/Forhighly-scalablewebsites,Ijustsatbackandletitallin.Howdoescloudfrontwork?what’saWAF?HowdoyouconfigurehealthchecksonanELB?Butfordata&analytics,whichisourareaofexpertise,Ifoundthequestionsoftenlacking.“YouwanttomigrateanHPCsystemwith20PBofimagedataandmanycomputationaljobstothecloud.DoyouchooseEMRorFargate?”Theactualquestionislonger,butyougetthegist.Well,Idon’tknowwhatIwouldchoose.CanIassumethosecomputationaljobscanruninaDockercontainer,onasinglenode?CanIassumetheycanrunonSpark?Wouldn’tAWSBatchorevenEKSmakemoresense?Doweneed1long-runningEMRcluster,orcanwespinupdifferentclustersondemand?Whatarethelatencyrequirements?Ialsothinktheexamisoutdatedsometimes.Whiletheworldweworkin,isveryfocusedondevops,CICD,dockercontainers,…theexamhadabigemphasisontraditionalVMworkloads.“Whatdoyoudowhenyouhavetomaintain20Windows2016Serversthatalwaysneedlatestpatchinginstalledwithin24h?”Well,Iwouldquestionallmylifechoicesthatleduptothispoint.Butthatwasn’tanoption.ApparentlyithassomethingtodowithPatchGroups,PatchBaselinesandMaintenanceWindows.Igetit.Hybridcloudisareality,andIreallylikethesupport.Therewillbeplentyoftraditionalworkloadsrunninginthecloudforalongtime.ButIjustwould’veexpectedAWStopushusabitmoreintheotherdirection.Sono,it’snotbecauseanAWSProArchitectwalksintotheroomthathe/shewillactuallybuildastrong,modernarchitectureforyou.Forallyouknow,you’restuckpatchingWindows2016serversforthenext5years.ButatleastyouhavePatchManager!;-)SohowdidIdoit?Forthosehereonlyinitforthetipsandtricks,thelinksinthebeginningofthearticleshouldhelpalready.Butthiswasmystrategy.Probablydoesn’tworkforeverybody,butitdidforme:Hoursspent:About80hours,allinall.That’smoretimespentthanmostofmyuniversityexams:Dacloud.guruforvideos.ThevideocourseonAWSProArchitectisreallyjustanindexofstuffyouneedtoknow.Andnotnearlyenoughtoactuallyknowitall.IrecommendalsowatchingtheAdvancedCloudformation,AWSNetworkingSpecialityandAWSSecuritySpecialityaswell.It’salotofvideo,soIusuallywatcheditat1.3xor1.5xspeed.Thereisapracticeexamonacloud.guruaswellbutitcompletelydidnotreflecttheactualexamforme.Ifailedtheacloud.guruexamprettyhardafewdaysbeforepassingtheactualexam.whizlabsforpracticeexams.Somemightconsiderthischeating.ButIhonestlythinkit’snot.Therewasnotasinglequestionofthe505questionsonWhizlabsthatIgotontheexam.Sonocopypastepossible.Whizlabsdidgivemetwoimportantthings:First,Ilearnedhowtodealwiththecrazylongquestionstyle:howtoquicklyruleoutbullshitanswersandhowtoquicklyidentifyimportantconstraintsinthequestions.Second,IlearnedonwhichtopicareasIwasstilllacking.Ifyoufail10questionsonOrganisationalUnitsandServiceControlPoliciesinarow,youdon’tknowthetopic,andyoushouldspendtimestudying.Intheend,Ididall6practiceexamsatleast3times.Eachhad80questions.Sothat’satonofquestions.ButmyfinalpracticeexamIscored79/80andtheonemistakeImadewasastupidone.Ididknowtheanswer.Sowhizlabswasaverygood,short,directfeedbackloopforme.AcleanAWSaccount:Youcan’tdowithout.Setupacloudfrontdistribution.Deployawebserverinanautoscalinggroup.ConfigureRoute53.Takedownaserver.Whathappens?Studybuddies:Icandefinitelyrecommendthis.Westudiedwiththe3ofusatDataMinded.EveryFridayfor4Fridays.Oneguyknewtonsaboutsecuritybecausehe’sbeeninvolvedinabankingprojectinthelast6months.Theotherknewaboutnetworkingquitewellbecauseacurrentclientneededit.IcouldbringinbitsandpiecesbecauseI’veseensomanydifferentdeploymentsbynow.Also,it’sgreatformorale.You’resufferingtogether,butyou’realsolearningtogether.WhatIdidn’tdo:Ibarelyreadanywhitepaper.Itisrecommendedtodoso.SomaybeI’vebeenstupid.ButIlikedmuchmoresmallvideosaboutatopic,someexperimentationintheAWSconsoleandtrialanderroronWhizlabs.datamindedbeBetterdataengineering4404AWSCertificationData440 claps4404datamindedbeBetterdataengineeringWrittenbyKrisPeetersFollowDatageekatheart.FounderandCEOofDataMinded.datamindedbeBetterdataengineeringMoreFromMediumTVshows,ImageprocessingandHighperformancemessagequeuingservices:anSQSand .NETcaseMajdiDhissiinTowardsAWSAfasterwaytoidentifytheSourceofValidationRules,LookupFilters,andEmailTemplatesGidiAbramovichinUseTheForceOpenSourceSEO:PHPandHTMLCodingStyleWeWantforMiamiSEOripoffmgnt98DaemonthreadsinpythonMichaelReznikVulnhub-Symfonos3.1£eIl'sUberForTruckingAppDevelopment:Features&CosttoIncludeEchoInnovateIT-LeadingAppDevelopmentCompanyCloudNativeCI/CDwithTekton — BuildingCustomTasksMartinHeinzinITNEXTDockerContainerSecurity:ChallengesandBestPracticesWhiteSource