AWS Certified SysOps Administrator – Associate (SOA-C01) Exam Learning Path
AWS Certified SysOps Administrator – Associate (SOA-C01) exam is the latest AWS exam and has already replaced the old SysOps Administrator – Associate exam from 24th Sept 2018. It basically validates
- Deploy, manage, and operate scalable, highly available, and fault tolerant systems on AWS
- Implement and control the flow of data to and from AWS
- Select the appropriate AWS service based on compute, data, or security requirements
- Identify appropriate use of AWS operational best practices
- Estimate AWS usage costs and identify operational cost control mechanisms
- Migrate on-premises workloads to AWS
Refer AWS Certified SysOps – Associate Exam Guide Sep 18
AWS Certified SysOps Administrator – Associate (SOA-C01) Exam Summary
- AWS Certified SysOps Administrator – Associate exam is quite different from the previous one with more focus on the error handling, deployment, monitoring.
- AWS Certified SysOps Administrator – Associate exam covers a lot of latest AWS services like ALB, Lambda, AWS Config, AWS Inspector, AWS Shield while focusing majorly on other services like CloudWatch, Metrics from various services, CloudTrail.
- Be sure to cover the following topics
- Monitoring & Management Tools
- Understand CloudWatch monitoring to provide operational transparency
- Know which EC2 metrics it can track (disk, network, CPU, status checks) and which would need custom metrics (memory, disk swap, disk storage etc.)
- Know ELB monitoring
- Classic Load Balancer metrics SurgeQueueLength and SpilloverCount
- Reasons for 4XX and 5XX errors
- Understand CloudTrail for audit and governance
- Understand AWS Config and its use cases
- Understand AWS Systems Manager and its various services like parameter store, patch manager
- Understand AWS Trusted Advisor and what it provides
- Very important to understand AWS CloudWatch vs AWS CloudTrail vs AWS Config
- Very important to understand Trust Advisor vs Systems manager vs Inspector
- Know Personal Health Dashboard & Service Health Dashboard
- Deployment tools
- Know AWS OpsWorks and its ability to support chef & puppet
- Know Elastic Beanstalk and its advantages
- Understand AWS CloudFormation
- Know stacks, templates, nested stacks
- Know how to wait for resources setup to be completed before proceeding esp. cfn-signal
- Know how to retain resources (RDS, S3), prevent rollback in case of a failure
- Understand CloudWatch monitoring to provide operational transparency
- Networking & Content Delivery
- Understand VPC in depth
- Understand the difference between
- Bastion host – allow access to instances in private subnet
- NAT – route traffic from private subnets to internet
- NAT instance vs NAT Gateway
- Internet Gateway – Access to internet
- Virtual Private Gateway – Connectivity between on-premises and VPC
- Egress-Only Internet Gateway – relevant to IPv6 only to allow egress traffic from private subnet to internet, without allowing ingress traffic
- Understand
- Private Subnet vs Public Subnet
- how to configure Route Tables
- Security Groups vs NACLs
- Understand how VPC Peering works and limitations
- Understand VPC Endpoints and supported services
- Ability to debug networking issues like EC2 not accessible, EC2 instances not reachable, Instances in subnets not able to communicate with others or Internet.
- Understand the difference between
- Understand Route 53 and Routing Policies and their use cases
- Focus on Weighted, Latency routing policies
- Understand VPN and Direct Connect and their use cases
- Understand CloudFront and use cases
- Understand ELB, ALB and NLB and what features they provide like
- ALB provides content and path routing
- NLB provides ability to give static IPs to load balancer.
- Understand VPC in depth
- Compute
- Understand EC2 in depth
- Understand EC2 instance types
- Understand EC2 purchase options esp. spot instances and improved reserved instances options.
- Understand how IO Credits work and T2 burstable performance and T2 unlimited
- Understand EC2 Metadata & Userdata. Whats the use of each? How to look up instance data after it is launched.
- Understand EC2 Security.
- How IAM Role work with EC2 instances
- IAM Role can now be attached to stopped and runnings instances
- Understand AMIs and remember they are regional and how can they be shared with others.
- Troubleshoot issues with launching EC2 esp. RequestLimitExceeded, InstanceLimitExceeded etc.
- Troubleshoot connectivity, lost ssh keys issues
- Understand Auto Scaling
- Understand Lambda and its use cases
- Understand Lambda with API Gateway
- Understand EC2 in depth
- Storage
- Understand S3 and all its topics
- Understand S3 features like
- storage classes with lifecycle policies,
- S3 data protection
- multi-part handling esp. how do you handle completions and aborts.
- static website hosting, CORS
- Versioning
- Pre-Signed URLs for both upload and download
- Understand S3 features like
- Understand Glacier as archival storage
- Understand EBS storage option
- EBS vs Instance store volumes
- EBS volume types and their use cases, limitations esp. IOPS
- RAID 0 and RAID 1 configurations and their use cases
- Understand Storage Gateway and their use cases
- Know uses cases for VTL
- Know EFS as shared file system.
- Know Snowball for data migration
- Know Snowball vs Snowball Edge
- Understand S3 and all its topics
- Databases
- Understand RDS
- Understand RDS Multi-AZ vs Read Replicas and use cases
- Understand DynamoDB
- Understand Aurora
- Know ElastiCache use cases, mainly for caching performance
- Understand ElastiCache Redis vs Memcached
- Understand RDS
- Security
- Understand IAM as a whole
- Focus on IAM role and its use case especially with EC2 instance
- Know how to test and validate IAM policies
- Understand IAM identity providers and federation and use cases
- Understand MFA and How would implement two factor authentication for your application
- Focus on S3 with SSE, SSE-C, SSE-KMS. How they work and differ?
- Understand KMS for key management and envelope encryption
- Understand CloudHSM and KMS vs CloudHSM esp. support for symmetric and asymmetric keys
- Know AWS Inspector and its use cases
- Know AWS GuardDuty as managed threat detection service. Will help eliminate as the option
- Know AWS Shield esp. the Shield Advanced option and the features it provides
- Know WAF as Web Traffic Firewall
- Know AWS Artifact as on-demand access to compliance reports
- Understand IAM as a whole
- Integration Tools
- Understand SQS as message queuing service and SNS as pub/sub notification service
- Focus on SQS as a decoupling service
- Understand SQS FIFO, make sure you know the differences between standard and FIFO
- Understand CloudWatch integration with SNS for notification
- Understand SQS as message queuing service and SNS as pub/sub notification service
- Cost management
- Know AWS Organizations and Consolidated billing
- Understand how to setup Billing Alerts using CloudWatch
- Monitoring & Management Tools
AWS Certified SysOps Administrator – Associate (SOA-C01) Exam Resources
- Online Courses
- Udemy AWS Certified Solutions Architect Associate Exam Mastery 2018 – can be a good start to other services
- Stephane Maarek – Ultimate AWS Certified SysOps Administrator Associate 2019 – Highest Rated
- A Cloud Guru – AWS Certified SysOps Administrator – Associate 2019
- Linux Academy – AWS Certified SysOps Administrator – Associate (2018)
- Practice tests
- Braincert AWS Certified SysOps Administrator – Associate SOA-C01 Practice Exams, which provide extensive scenario based questions and are inline with the actual exams
- Stephave Maarek – Practice Exams: AWS Certified SysOps Administrator Associate
- Signed up with AWS for the Free Tier account which provides a lot of the Services to be tried for free with certain limits which are more then enough to get things going. Be sure to decommission anything, if you using any thing beyond the free limits, preventing any surprises 🙂
- Also, use QwikLabs for introductory courses which are free
- Read the FAQs atleast for the important topics, as they cover important points and are good for quick review
AWS Cloud Computing Whitepapers
- Architecting for the AWS Cloud: Best Practices
- AWS Well-Architected Framework whitepaper (This is theoretical paper, with loads of theory and is tiresome. If you cover the above topics, you can skip this one)
- AWS Security Best Practices whitepaper, August 2016
- Amazon Web Services: Overview of Security Processes
- Development and Test on AWS
- Backup and Recovery Approaches Using AWS
- Amazon Virtual Private Cloud Connectivity Options
- How AWS Pricing Works
AWS Certified SysOps Administrator – Associate (SOA-C01) Exam Contents
Domain 1: Monitoring and Reporting
- Create and maintain metrics and alarms utilizing AWS monitoring services
- Recognize and differentiate performance and availability metrics
- Perform the steps necessary to remediate based on performance and availability metrics
Domain 2: High Availability
- Implement scalability and elasticity based on use case
- Recognize and differentiate highly available and resilient environments on AWS
Domain 3: Deployment and Provisioning
- Identify and execute steps required to provision cloud resources
- Identify and remediate deployment issues
Domain 4: Storage and Data Management
- Create and manage data retention
- Identify and implement data protection, encryption, and capacity planning needs
Domain 5: Security and Compliance
- Implement and manage security policies on AWS
- Implement access controls when using AWS
- Differentiate between the roles and responsibility within the shared responsibility model
Domain 6: Networking
- Apply AWS networking features
- Implement connectivity services of AWS
- Gather and interpret relevant information for network troubleshooting
Domain 7: Automation and Optimization
- Use AWS services and features to manage and assess resource utilization
- Employ cost-optimization strategies for efficient resource utilization
- Automate manual or repeatable process to minimize management overhead
