AWS Certification Exam Cheat Sheet

AWS Certification Exam Cheat Sheet

AWS Certification Exams cover a lot of topics and a wide range of services with minute details for features, patterns, anti patterns and their integration with other services. This blog post is just to have a quick summary of all the services and key points for a quick glance before you appear for the exam

AWS Global Infrastructure

AWS Region, AZs, Edge locations

  • Each region is a separate geographic area, completely independent, isolated from the other regions & helps achieve the greatest possible fault tolerance and stability
  • Communication between regions is across the public Internet
  • Each region has multiple Availability Zones
  • Each AZ is physically isolated, geographically separated from each other and designed as an independent failure zone
  • AZs are connected with low-latency private links (not public internet)
  • Edge locations are locations maintained by AWS through a worldwide network of data centers for the distribution of content to reduce latency.

AWS Local Zones

  • AWS Local Zones place select AWS services closer to end-users, which allows running highly-demanding applications that require single-digit millisecond latencies to the end-users such as media & entertainment content creation, real-time gaming, machine learning etc.
  • AWS Local Zones provide a high-bandwidth, secure connection between local workloads and those running in the AWS Region, allowing you to seamlessly connect to the full range of in-region services through the same APIs and tool sets.

AWS Wavelength

  • AWS infrastructure deployments embed AWS compute and storage services within the telecommunications providers’ datacenters and help seamlessly access the breadth of AWS services in the region.
  • AWS Wavelength brings services to the edge of the 5G network, without leaving the mobile provider’s network reducing the extra network hops, minimizing the latency to connect to an application from a mobile device.

AWS Outposts

  • AWS Outposts bring native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility.
  • AWS Outposts is designed for connected environments and can be used to support workloads that need to remain on-premises due to low latency, compliance or local data processing needs.

Refer details @ AWS Global Infrastructure

AWS Services

AWS Organizations

  • AWS Organizations offers policy-based management for multiple AWS accounts
  • Organizations allows creation of groups of accounts and then apply policies to those groups
  • Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes.
  • Organizations helps simplify the billing for multiple accounts by enabling the setup of a single payment method for all the accounts in the organization through consolidated billing

Consolidate Billing

  • Paying account with multiple linked accounts
  • Paying account is independent and should be only used for billing purpose
  • Paying account cannot access resources of other accounts unless given exclusively access through Cross Account roles
  • All linked accounts are independent and soft limit of 20
  • One bill per AWS account
  • provides Volume pricing discount for usage across the accounts
  • allows unused Reserved Instances to be applied across the group
  • Free tier is not applicable across the accounts

Tags & Resource Groups

  • are metadata, specified as key/value pairs with the AWS resources
  • are for labelling purposes and helps managing, organizing resources
  • can be inherited when created resources created from Auto Scaling, Cloud Formation, Elastic Beanstalk etc
  • can be used for
    • Cost allocation to categorize and track the AWS costs
    • Conditional Access Control policy to define permission to allow or deny access on resources based on tags
  • Resource Group is a collection of resources that share one or more tags


  • Promiscuous mode is not allowed, as AWS and Hypervisor will not deliver any traffic to instances this is not specifically addressed to the instance
  • IDS/IPS strategies
    • Host Based Firewall – Forward Deployed IDS where the IDS itself is installed on the instances
    • Host Based Firewall – Traffic Replication where IDS agents installed on instances which send/duplicate the data to a centralized IDS system
    • In-Line Firewall – Inbound IDS/IPS Tier (like a WAF configuration) which identifies and drops suspect packets

DDOS Mitigation

  • Minimize the Attack surface
    • use ELB/CloudFront/Route 53 to distribute load
    • maintain resources in private subnets and use Bastion servers
  • Scale to absorb the attack
    • scaling helps buy time to analyze and respond to an attack
    • auto scaling with ELB to handle increase in load to help absorb attacks
    • CloudFront, Route 53 inherently scales as per the demand
  • Safeguard exposed resources
    • user Route 53 for aliases to hide source IPs and Private DNS
    • use CloudFront geo restriction and Origin Access Identity
    • use WAF as part of the infrastructure
  • Learn normal behavior (IDS/WAF)
    • analyze and benchmark to define rules on normal behavior
    • use CloudWatch
  • Create a plan for attacks

AWS Services Region, AZ, Subnet VPC limitations

  • Services like IAM (user, role, group, SSL certificate), Route 53, STS are Global and available across regions
  • All other AWS services are limited to Region or within Region and do not exclusively copy data across regions unless configured
  • AMI are limited to region and need to be copied over to other region
  • EBS volumes are limited to the Availability Zone, and can be migrated by creating snapshots and copying them to another region
  • Reserved instances are limited to Availability Zone and (can be migrated to other Availability Zone now) cannot be migrated to another region
  • RDS instances are limited to the region and can be recreated in a different region by either using snapshots or promoting a Read Replica
  • Placement groups are limited to the Availability Zone
    • Cluster Placement groups are limited to single Availability Zones
    • Spread Placement groups can span across multiple Availability Zones
  • S3 data is replicated within the region and can be move to another region using cross region replication
  • DynamoDB maintains data within the region can be replicated to another region using DynamoDB cross region replication (using DynamoDB streams) or Data Pipeline using EMR (old method)
  • Redshift Cluster span within an Availability Zone only, and can be created in other AZ using snapshots

Disaster Recovery Whitepaper

  • RTO is the time it takes after a disruption to restore a business process to its service level and RPO acceptable amount of data loss measured in time before the disaster occurs
  • Techniques (RTO & RPO reduces and the Cost goes up as we go down)
    • Backup & Restore – Data is backed up and restored, within nothing running
    • Pilot light – Only minimal critical service like RDS is running and rest of the services can be recreated and scaled during recovery
    • Warm Standby – Fully functional site with minimal configuration is available and can be scaled during recovery
    • Multi-Site – Fully functional site with identical configuration is available and processes the load
  • Services
    • Region and AZ to launch services across multiple facilities
    • EC2 instances with the ability to scale and launch across AZs
    • EBS with Snapshot to recreate volumes in different AZ or region
    • AMI to quickly launch preconfigured EC2 instances
    • ELB and Auto Scaling to scale and launch instances across AZs
    • VPC to create private, isolated section
    • Elastic IP address as static IP address
    • ENI with pre allocated Mac Address
    • Route 53 is highly available and scalable DNS service to distribute traffic across EC2 instances and ELB in different AZs and regions
    • Direct Connect for speed data transfer (takes time to setup and expensive then VPN)
    • S3 and Glacier (with RTO of 3-5 hours) provides durable storage
    • RDS snapshots and Multi AZ support and Read Replicas across regions
    • DynamoDB with cross region replication
    • Redshift snapshots to recreate the cluster
    • Storage Gateway to backup the data in AWS
    • Import/Export to move large amount of data to AWS (if internet speed is the bottleneck)
    • CloudFormation, Elastic Beanstalk and Opsworks as orchestration tools for automation and recreate the infrastructure


57 thoughts on “AWS Certification Exam Cheat Sheet

  1. Hello Jayandera

    You are my role model. I am following your foot path as I completed two certifications (SA and Sys-Ops) earlier. Now I am also targeting professional. Your inputs are really helpful.

    If you post sample professional exam questions would be really helpful to me to aware where am I.


  2. hey jay – amazing work..i am reading yours after cloud academy course drill. really superb recap and refreshing. targeting for aws arc associate cert. good job!!

  3. Hi, Is this cheat sheet for both exams (SA)?

    Last date for extended exam is Apr 12, 2017, does it mean AWS is changing contents of the exam, if it does, exam content after this date will change entirely or partial, your comments please.

    1. its an overall cheat sheet for AWS services as it just captures the important concepts for each topics.
      Not sure of the exam, but if they change it would change about 40% as quite a lot of services have been updated and a lot of them introduced and the exam is still date around 2015.

  4. HI Jayendra,
    You have done an awesome job in creating the cheat-sheet, which acts as a refresher after completing the actual courses. I have done all 3 associate certs and will be writing Architect pro soon. Thanks again for helping all by publishing nice information around the courses. It is very helpful.


    1. i think its still over 95% accurate ….. given there are few very latest enhancements which impact some concepts but are surely not reflected in exam.

      1. Thank you! Bless you man, really appreciate the hard work on this to pave the way for the rest of us.

        THANK YOU!

  5. Jayendra- You walk on water. Do you have any plans for covering the AWS Security Specialty exam?

  6. Thanks for a brief summary of major services. Would be reading more of your post before my SA professional exams. Well done.

  7. Just curious if you’re in the “still thinking about this phase” or have sat the exam and putting together notes/blogs. Only ACG seems to have material out at this time. Thanks for all the great effort that you’ve done – its a terrific community service that you’ve provided..

  8. My “Just curious..” was in reference to the AWS Security Specialty exam – I thought I was replying to your “Very soon” thread above

    1. Hi Maureen, frankly not yet started. In plans but seems it will take time.

  9. Hello Jayendra …Any good resources for AWS Security Specialist .. when it comes to peparing Questions ?

  10. Hey Jay,
    Can you post some questions for Security Specialty exam. I’ve read your blog for SAA and it was really helpful.
    Would be really great if you can include some.

    1. Haven’t checked on the Security Speciality yet, so not much idea. Will keep you posted.

  11. Really good consoldiated summary on how to prep for the AWS Certs. Thank You and great thumbs up!

  12. Hi Jayendra! I virtually met you on stackoverflow. Thanks so much for the cheatsheet! Question – does this cover the latest AWS SA Associate Syllabus released in Feb 2018?

    1. Nice to meet you again here 🙂
      Cheatsheets are mostly updated. If a topic is not covered you can refer to the service page. Am in the process of adding new topics to the cheatsheet.

  13. Thanks for writing this. I’m yet to finish reading. However read this and found it to be incorrect. //Communication between regions is across the public Internet//

    Amazon documentation says:
    AWS Regions are connected to multiple Internet Service Providers (ISPs) as well as to a private global network backbone, which provides lower cost and more consistent cross-region network latency when compared with the public internet.

    Please refer

    1. thanks vimala, this is valid if you use AWS managed networks for Non-AWS managed networks it is still through internet.

  14. Super work mate! I was looking around the virtual world for a properly curated cheat sheet for AWS SA and I am glad that search landed me to your blog space. I am writing the paper next week and hope this cheat sheet comes handy during last min. prep.
    Keep up the good work. Looking forward to more posts from you.

    BTW got your blog reference from an article in Kickdrum written by Pranav Khambayatkar.

  15. Hi, Thanks for all your efforts and really its a very quick refreshments. I am just curious all the contents are up to date or there will be any update on this blog soon. I will write my AWS professional exam in April 2019.

  16. These tips were really become handy while doing the exam. Thanks Jayendra for sharing this valuable information!

  17. Hi jayendra,

    your study guide was extremely useful for consolidating all the info for the exam. It was invalubale for my last minute cramming. Appreciate it and keep up the good work

  18. This is awesome! Here is a nice jQuery code to make this page into readable / printable format. Use this across the cheatsheets.

    Thanks a lot for this Jay.

    jQuery(‘body’).css({‘font-size’: ’13px’});
    jQuery(‘h2’).css({‘font-size’: ’20px’, ‘margin-top’: ‘2px’, ‘margin-bottom’: ‘2px’});
    jQuery(‘p’).css({‘margin-bottom’: ’10px’});
    jQuery(‘ul’).css({‘margin-bottom’: ’10px’});

  19. Hi Jayendra,
    Your blogs have been of immense help for us. There is no content anywhere else which is so crisp & clear.
    I thank you for your support.

  20. Just came across this while searching for AWS Professional exam material. Applaud you for the immense amount of effort that has gone into creating this!

  21. Hi Jayendra,

    your study guide was very useful could you please the latest cheat sheet for 2020, thanks in advance

  22. Hi Jayendra,

    your study guide was very useful could you please the latest cheat sheet for 2020, thanks in advance

      1. I’m looking for your updates that address the 2020 exams — can you point me to them? Thanks!!! :0)

  23. Servies

    VM Import/export – to move the on-prem hypervisor & vm images to AWS cloud
    Kinesis Data Stream – real time logs reading from multiple types of device

Comments are closed.