# AWS Solution Architect Associate Exam Prep Notes

Dear readers,

I cleared my AWS certified SAA exam few months back.



![AWS Certified Solutions Architect - Associate certificate-page-001.jpg](https://cdn.hashnode.com/res/hashnode/image/upload/v1609007213485/0WgxmToy8.jpeg)

For my exam, I prepared notes covering all important topics and key points to remember.
I highly recommend the  [Udemy course](https://www.udemy.com/course/aws-certified-solutions-architect-associate/)  by Ryan Kroonerberg.

The following notes are taken based on the aforementioned course material.


I've divided the notes into a 5 part series.

- **Part 1:**  [Introduction and AWS S3](https://blog.hellokarthic.com/aws-saa-notes) 
- **Part 2:**  [AWS EC2](https://blog.hellokarthic.com/aws-ec2-notes) 
- **Part 3:**  [Databases](https://blog.hellokarthic.com/aws-db-notes) 
- **Part 4:**  [DNS, VPC, and HA(High-Availability)](https://blog.hellokarthic.com/aws-dns-vpc-ha-notes) 
- **Part 5:**  [Application Services and Serverless + Bonus](https://blog.hellokarthic.com/aws-applications-serverless-notes) 

**Disclaimer**: These notes are to be used as supplementary material. Don’t rely entirely on the notes for your exam. Use these notes for last-minute revision before your exam.

### S3 Notes
---

#### S3 consists of
- Keys
- Values
- Version ID
- Metadata
- Subresources
	-  ACL
	- Torrents

#### Data consistency in S3
 1. Read after write consistency for PUTS of a new object.

	- **Meaning:** if you write a new file and read it immediately afterward, you’ll be able to view that data.

 2. Eventual consistency for overwrite PUTS and DELETES( can take some
    time to propagate).

	- **Meaning:** If you update AN EXISTING file or delete a file and read it immediately, you may get the older version, or you may not. Basically, changes to objects can take a little bit longer to propagate

#### S3 Guarantees
- S3 platform is Built for 99.99% availability
- But, Amazon will give you 99.9% availability ( for all customers )
- Amazon guarantees 99.99999999999% durability for S3 information. ( 99 followed by 11x9’s )

#### S3 Features
- Tiered Storage available
- Lifecycle Management
- Versioning 
- Encryption
- MFA Delete
- Secure your data using **Access Control Lists** and **Bucket Policies**

#### S3 Storage Classes
- S3 Standard - **99.99% availability**
- S3 - IA - **99.9% availability**
- S3 Intelligent Tiering
- S3 One Zone - IA - **99.95% availability**
- S3 Glacier - configurable retrieval ( from minutes to hours) - **99.99% availability**
- S3 Glacier Deep Archive - 12 hours of retrieval time - **99.99% availability**

#### S3 Pricing based on
- Storage
- Requests
- Storage management
- Data transfer
- Transfer Acceleration
- Cross-Region Replication

#### S3 General Notes
- FIles can be 0 bytes to 5TB
- Unlimited storage
- Address looks like this:
	- https://bucketname.s3.amazonaws.com - If North Virginia 
	- https://bucketname.eu-central-1.s3.amazonaws.com - If other regions
- You can turn on MFA delete for objects in the S3 bucket - optional
- S3 is stored in a minimum of 3 AZ. 
- **ACL** is for object-level & **Bucket policy** is for bucket level
- Once Versioning is enabled, It **Cannot be disabled**, It can only be suspended.
- Versioning stores all the versions of a file (including “delete marker”), If you delete the “delete marker”, then it will be recovered
- You can have **100 buckets/account**
- S3 now supports **3500 PUTS/sec** [ previously *before 2018, was only 100 PUTS/sec]

#### S3 Encryption
 1. Encryption at Transit
	- Through SSL/TLS
 2. Encryption at Rest (Server Side)
	- S3 Managed Keys; SSE-S3
	- AWS KMS managed keys; SSE-KMS
 3. SSE with customer-managed keys; SSE-C
	- Encryption at Rest (Client-Side)


#### AWS Organization
- Similar to IAM policy, we have SCP(Service control policies to define policy for aws accounts under the org account). Either apply SCP on Organization Unit(OU) or individual accounts.

#### Three ways to share S3 bucket across accounts
- Using Bucket Policies(Bucket level) & IAM (programmatic only)
- Using Access Control List(object level) & IAM (programmatic only)
- Cross-Account IAM Roles ( Programmatic & Console)

#### For CRR(Cross-Region Replication)
- Versioning must be enabled for both source and destination buckets
- Files in an existing bucket are not replicated. Only new files are replicated
- All Subsequent updated will be replicated
- Delete markers are not replicated

#### AWS Storage gateway
- To communicate **on-premise** with **AWS Cloud**
- Three types
	- FIle gateway
	- Volume gateway
		- **Stored Volume**: Entire data on site, but asynchronously backed up to S3
		- **Cached Volume**: Entire data on S3, frequently accessed data alone on site.
	- Tape gateway (VTL - Virtual Tape Library)

#### Athena
- Used to run queries on S3 using SQL like language

#### Macie
- Uses AI to identify PII(Personal Identifiable Information) by analyzing the object's data in S3

Continue reading [Part 2 - AWS EC2](https://blog.hellokarthic.com/aws-ec2-notes)... 
