These notes were written while working through the A Cloud Guru AWS Certified Solutions Architect - Associate online course. These notes are partly from the videos, and also from various other online sources. Primarily, they’re notes for me, but you might find them useful too.

Since the AWS platform is changing so quickly, it’s possible that some of these notes may be out of date, so please take that into consideration if you are reading them.

Please let me know in the comments below if you have any corrections or updates which you’d like me to add.

General terms

Exam Blueprint

ARN (Amazon Resource Name) A standardized way to refer to an AWS resource. For example: arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob.

Availability Zones and Regions

Regions are specific geographical areas where your AWS services can be hosted i.e. North Virginia, Sydney, Singapore.

Availability Zones are data centers spread throughout a region, connected via low-latency links. If you distribute your instances across multiple Availability Zones and one instance fails, you can design your application so that an instance in another Availability Zone can handle requests.

The exact number of Availability Zones and Regions are changing all the time. The number that exist at any point in time is not covered in the exam.


EBS (Elastic Block Storage) - For block storage, equivalent to a hard disk. Can be used to install opertaing systems, and can be attached to only a single EC2 instance. Must be provisioned.

EFS (Elastic File Service) - For file based storage, and unlike EBS, it can be shared across multiple EC2 instances. Good for file shares, but not suitable for instaling an operating system. You can think of it like a NAS (Network Attached Storage) service. Roughly 10x as expensive as EBS. Unlike EBS, there is no provisioning needed - you pay for only the storage you use.

S3 (Simple Storage Service - 3 S’s) - Used for object storage, and is best for static objects, binary blobs, document storage, etc.

Storage Gateway

Workspaces - A VDI (Virtual Desktop Infrastructure), hosted on AWS, to replace local desktop environments. You can think of this as a kind of Citrix.


RDS (Relational Database Service) - supports Postgres, MySql, and Aurora (AWS fork of MySql) databases, among others.

Dynamo DB - A NoSQL database. This is covered heavily in the exam.

Redshift - Data Warehousing, and BI (Business Intelligence).

Elasticache - A caching service which you can use to take load off the DB. This is covered mostly in the AWS Developer exam, but not so much in the Solutions Architect Associate exam.


Snowball - A briefcase sized appliance which can contain Terabytes of data. Not covered by the developer exam, but comes up in the solutions architect exam

DMS (Database Migration Service) - For migrating on-premise databases into AWS, including migration of Oracle databases to Aurora. DMS uses replication, so there doesn’t need to be any downtime. It wasn’t in 2016 exam, but might be in 2017 exam.

SMS (Server Migration Service) - Not to be confused with SNS (Simple Notification Service), which can be used SMS messages to mobile phones. Amazon SMS is for migrating servers into AWS.


Athena - Supports running SQL queries over S3, turning flat files into queryable data.

EMR (Elastic Map Reduce) - Uses Hadoop. Good for processing large data sets.

CloudSearch - Managed cloud based search for your website. Need to upload data which you want to be searchable, CloudSearch then provisions the resources you need - i.e. Multi-AZ, auto-scaling of traffic, etc.

Elasticsearch - configurable by the user, unlike CloudSearch. Interestingly, Ryan from said he prefers Angolia for this.

Elasticsearch vs CloudSearch

Kenesis - Streaming and analysing real time data at massive scale.

Data Pipeline - For data workflow orchestration. i.e. process and transfer data between AWS services such as S3, Dynamo DB, EMR, RDS. Well suited for complex data processing workflows.

Security and Identity

IAM (Identity and Access Management) - Covered heavily in both the Developer and Solution Architect exams.

Inspector - Agent installable on VMs to do security audits.

Certificate Manager - Managers SSL/TLS certificate renewal process, so you don’t get caught out.

Directory Services - Active Directory in AWS. Covered in the exam.

WAF (Web Application Firewall) - Protect your web app from things such as SQL injection, Cross-Site scripting (XSS) attacks, etc.

Artifact - Compliance Reports and Certifications. Not in Associate exam, but may be in Professional exam.

Management Tools

CloudWatch - For monitoring EC2 performance.

CloudTrail - For auditing changes of your AWS account. i.e. auditing changes to IAM roles, etc.

It’s easy to get CloudWatch and CloudTrail mixed up, and pick the wrong one in the exam. I like to think of CloudTrail as Cloud Audit Trail.

Opsworks - Deployment using Chef

Config - Set alerts, auditing environment

Service Catalog - Authorise which services are available to be used by an orgaisation

Trusted Advisor - Automated scanning of environment. A tool for a previously manual process involving having to hire an AWS consultant. Scans your AWS environment, and gives advice on performance and optimisation of AWS services.

Application Services

Step Functions - Visualise what’s going on in which apps, and which which microservices it’s using.

SWF (Simple Workflow Services)

API Gateway

Appstream - For streaming desktop apps, hosted on AWS to a user.

Elastic Transcoder - For converting media files between formats. i.e. video compression.

AI (Artificial Intelligence)





SNS (Simple Notification Service) - For sending messages, including SMS messages to mobile phones. Can be used for notification of AWS environment events.

SQS (Simple Queueing Service)

SES (Simple Email Service)


Direct Connect - For a dedicated connection between your premises and AWS

Potentially not covered in the exam

These weren’t in the 2016 exam (but might be today):

  • ECS (EC2 Container Services)