aws certifications - create.blubrry.com · aws whitepapers cover a lot of different use cases...
TRANSCRIPT
AWS Certifications
Columbus Amazon Web Services Meetup - February 2018
Presenter: Andrew May
● Senior Solutions Architect & Cloud
Solutions Lead @ Leading EDJE
● Java developer since 2000
● 2 ½ years AWS experience
● www.leadingedje.com
● AWS Cloud Practitioner
● AWS Developer (associate)
● AWS Solutions Architect (associate)
Agenda
❏ Why get Certified?❏ Certification Roadmap❏ Details of the Certifications❏ Exam Preparation❏ AWS Partner Network
Record of AWS experience
Image via Mario Lurig (CC BY)
Learn about AWS
Roadmap
● Certifications expire after 2 years○ Recertification exams are cheaper
● You may choose to take Professional Certification instead of renewing Associate Certification○ This mostly applies for Solutions Architect
Foundational Certifications
Cloud Practitioner
● Introductory Certification● Recommended for anyone including technical, managerial, and sales● Covers general cloud principals, an overview of a range of AWS
services, security, architecture, pricing and support● Free online training at http://aws.training (~7 hours of videos)
Breakdown from Exam Guide
Sample Question (1) - Technology
Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated?
A) Amazon CloudWatchB) AWS CloudTrailC) AWS X-RayD) AWS Identity and Access Management (AWS IAM)
Sample Question (2) - Security
Which of the following is AWS's responsibility under the AWS shared responsibility model?
A) Configuring third-party applicationsB) Maintaining physical hardwareC) Securing application access and dataD) Managing custom Amazon Machine Images (AMIs)
My impressions:● Most questions were “guess the service”● Skip if you are planning to take one of the associate certifications● Too much technical detail for most non-technical roles● Useful for those working alongside technical staff (e.g. project
managers)● Free training is a mixed bag, but Bonus Materials has some great videos
on VPC design
Associate Certifications
Developer (Associate)
● Recommended to have 1+ years of AWS experience● Focus on certain core AWS services:
EC2, DynamoDB, S3, SQS, SNS, Route 53, ElasticBeanstalk, IAM,Simple Workflow, CloudFormation, ElastiCache
● (Currently) very little Lambda● Knowledge of SDKs and APIs
Breakdown from Exam Guide
Sample Question (1) - Designing & Developing
Your web application reads an item from your DynamoDB table, changes an attribute, and then writes the item back to the table. You need to ensure that one process doesn't overwrite a simultaneous change from another process.
How can you ensure concurrency?
A) Implement optimistic concurrency by using a conditional writeB) Implement pessimistic concurrency by using a conditional writeC) Implement optimistic concurrency by locking the item upon readD) Implement pessimistic concurrency by locking the item upon read
Sample Question (2) - Debugging
Your CloudFormation template launches a two-tier web application in us-east-1. When you attempt to create a development stack in us-west-1, the process fails.
What could be the problem?
A) The AMIs referenced in the template are not available in us-west-1B) The IAM roles referenced in the template are not valid in us-west-1C) Two ELB Classic Load Balancers cannot have the same Name tagD) CloudFormation templates can be launched only in a single region
My impressions:● Most questions are about the details of a specific service● Know how to calculate DynamoDB read/write capacity units usage● Know how to optimize S3 keys for performance● Know which languages have an SDK● You’ll get a few questions about
SWF/ElastiCache/CloudFormation/Route 53
Solutions Architect (Associate)
● Recommended to have 1+ years of AWS experience● New version of Exam has just been released
○ You can choose which you take until August 12th 2018● Covers wider range of services● More focus on combining services, architectural issues (e.g. VPC
design), security and migration
Breakdowns from Exam Guide
Sample Question (1) - Data Security
You are building a system to distribute confidential training videos to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publicly accessible from S3 directly?
A) Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI
B) Add the CloudFront account security group “amazon-cf/amazon-cf-sg” to the appropriate S3 bucket policy
C) Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User
D) Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN)
Sample Question (2) - Designing
Which of the following will occur when an EC2 instance in a VPC (Virtual Private Cloud) with an associated Elastic IP is stopped and started? (Choose 2 answers)
A) The Elastic IP will be dissociated from the instanceB) All data on instance-store devices will be lostC) All data on EBS (Elastic Block Store) devices will be lostD) The ENI (Elastic Network Interface) is detachedE) The underlying host for the instance is changed
My impressions:● Expects a deeper level of understanding about how AWS services work● Know how to design a VPC● Wrong answers in questions are harder to spot (especially when you
have to pick multiple)
● I got a lot of questions about EBS, someone else got a lot of S3 questions
New Exam:● More questions (55->65), longer (80 min -> 130 min)● Different distribution of content (but hard to say how this affects the
questions)● More up to date services (Lambda, ALB, DynamoDB DAX, SQS FIFO,
EFS)● More difficult? (based upon comments on forums)● Recommended if you haven’t already been studying for the old exam
SysOps Administrator
● Recommended to have 1+ years of AWS experience● Operational focus:
○ Deployment, configuration, monitoring and security● Choose between different options for price/performance
○ Understand different EC2 instance types○ IOPS limits and calculations
Breakdown from Exam Guide
Example Question (1) - Provisioning
You have been tasked with identifying an appropriate storage solution for a NoSQL database that requires random I/O reads of greater than 100,000 4kB IOPS.
Which EC2 option will meet this requirement?
A) EBS provisioned IOPSB) SSD instance storeC) EBS optimized instancesD) High Storage instance configured in RAID 10
Example Question (2) - Networking
Instance A and instance B are running in two different subnets A and B of a VPC. Instance A is not able to ping instance B.
What are two possible reasons for this? (Pick 2 correct answers)
A) The routing table of subnet A has no target route to subnet BB) The security group attached to instance B does not allow inbound ICMP trafficC) The policy linked to the IAM role on instance A is not configured correctlyD) The NACL on subnet B does not allow outbound ICMP traffic
My impressions:● Took practice test of 20 questions
● Networking and DNS are not my strong points!
● Multiple questions about tuning infrastructure to meet
performance needs while minimizing costs
● Need to understand the details of failover, routing etc.
(e.g. what happens during multi-AZ RDS failover)
Practice Test results:
Overall Score: 80%
Topic Level Scoring:1.0 Monitoring and Metrics: 66%2.0 High Availability: 66%3.0 Analysis: 100%4.0 Deployment and Provisioning: 100%5.0 Data Management: 100%6.0 Security: 100%7.0 Networking: 33%
Professional Certifications
Solutions Architect (Professional)
● 2+ years experience & Solutions Architect (Associate)● Requires deeper understanding of AWS services and architecture● Questions and answers are more complex● Probably the most difficult Certification to obtain
Breakdown from Exam Guide
DevOps Engineer (Professional)
● 2+ years of experience & either Developer (Associate) or SysOps Engineer (Associate) certifications
● Focus on Automation and Continuous Delivery using AWS tools:○ CloudFormation, ElasticBeanstalk, OpsWorks, CodeDeploy, Data
Pipeline● Not yet updated to cover Lambda/ECS/CodePipeline/CodeBuild
Breakdown from Exam Guide
Specialty Certifications
Advanced Networking Specialty
● Recommended to have 5 years of Networking experience● Focus on Hybrid Networks for Enterprises● Design Networks to support required performance and security
○ E.g. how many Direct Connect links do you need?
Big Data Specialty
● Recommended to have 5 years of Data Analytics experience● Domains:
○ Collection, Storage, Processing, Analysis, Visualization, Security● Services:
○ S3, Redshift, Kinesis, Data Pipeline, EMR, QuickSight
Security Specialty (Beta)
● There was a previous Beta in 2016 but this was scrapped● Current Beta available until March 2018● Key Areas:
○ Networking (Security Groups/NACLs)○ Encryption (KMS, CloudHSM)○ Audit (CloudTrail)○ Denial of Service, Intrusion Detection
Preparing for Exams
Explore AWS
● Pick a service in the AWS Console you’ve never used and try it out● Check pricing page - there may be a free tier
○ Some services have temporary free tiers, some are permanent● Remember to shutdown/delete everything when you’re done● Monitor your costs before you get a bill
Read Documentation
● AWS Developer Documentation○ Often contains Tutorials that you can try out
● FAQs for individual services● AWS Whitepapers cover a lot of different use cases
○ Architecting for the Cloud: AWS Best Practices● AWS Blogs cover new services and changes to existing service
Books
Published Oct 2016 Published Oct 2017 Due March 2018
Training
● Classroom (in-person or virtual) training course available ($$$)○ Content determined by AWS, provided by partners○ Hands on Labs
● Online Courses (e.g. A Cloud Guru) ($)○ Certification specific and more general technology courses○ Exercises (using your own AWS Account)
● Quiklabs - hands on training using provided AWS account ($$)
Practice Exams
● Register the same was as for Certification Exams● 20 questions for $20● Same format and software as real exams● Possibly some of the same questions you will get● Instant pass/fail result, email with % for different domains
Taking the Exams
Registering
● Create AWS Training account and from there select “Certifications”○ This will create a linked certification account○ APN members should create training account via APN portal○ Can use existing Amazon account
● Select Certification, Language and Location and schedule exam● Multiple locations in Columbus● Practitioner: $100, Associate: $150, Professional: $300
Test Centers
● Run by PSI● Lots of different tests being taken in same facility
○ You will probably be the only person taking an AWS certification● Empty everything from your pockets
○ Limited storage for valuables
The Test
● Make sure you’re taking the right test● Accept NDA!● Read questions carefully, you have plenty of time
○ Questions can be marked for later and gone back to○ Timer in top right
● Questionnaire at end● Pass/fail result immediately, email soon after
Benefits
From Certification Portal
● These take a few days to become available● Certification Certificate● Digital Badge● Generate a public Transcript to share your Certification(s)● Practice Exam Credit (not Practitioner)● Access to AWS Certified Store
For AWS Partner Network members
● If Training account created via APN and with same email, new certifications should automatically update APN account
● Consulting Partner levels:○ Standard: 2 Associate Certifications○ Advanced: 2 Professional, 4 Associate○ Premier: 8 Professional, 20 Associate
(but certifications are the easy part of the higher levels)
Questions/Discussion
How did you train for your Certification?