These notes were written while working through the A Cloud Guru AWS Certified Solutions Architect - Associate online course. These notes are partly from the videos, and also from various other online sources. Primarily, they’re notes for me, but you might find them useful too.

Since the AWS platform is changing so quickly, it’s possible that some of these notes may be out of date, so please take that into consideration if you are reading them.

Please let me know in the comments below if you have any corrections or updates which you’d like me to add.

This post was last updated in March, 2019.

SQS (Simple Queueing Service)


FIFO queues are not supported in all regions. Currently only: US East (Ohio), US East (N. Virginia), US West (Oregon), and EU (Ireland) regions.

The maximum amount of time that a message can live in a SQS queue is 14 days. The retention period can be configred to be anywhere betweeen 1 minute and 14 days. The default is 4 days. Once the message retention limit is reached, your messages are automatically deleted.

SQS messages must be between 1 and 256 KB in size.

SQS supports two types of pull based polling:

  1. Short polling - SQS returns a response immediately, even if there is no message in the queue
  2. Long polling - doesn’t return a response until a message arrives in the message queue, or the long poll times out. Can be cheaper then short polling as it can reduce the number of empty receives.

In almost all cases, long polling is preferable to short polling. One case you might want to use short polling is if you application uses a single thread to poll multiple queues.

When a consumer receives a message from the SQS queue, it stays in the SQS queue. The message must be deleted by the consumer once the message has been fully processed. To prevent other conumers from receiving the message, SQS sets a Visibility Timeout, which is the period of time where SQS prevents other consuming components from receiving and processing the message.

SNS (Simple Notification Service)


SNS is pub-sub (publish-subscribe), and supports push notifications, which means there is no need to poll to see if there is a message waiting.

All messages in SNS are stored redundantly across multiple AZs.

SNS messages are published to a “Topic”

When you create a topic, an ARN is also created

Push notifications are supported to the following platforms:

  • Amazon Device Messaging (ADM)
  • Apple Push Notification Service (APNS)
  • Google Cloud Messaging (GCM)
  • Windows Push Notification Service (WNS) for Windows 8+ and Windows Phone 8.1+
  • Microsoft Push Notification Service (MPNS) for Windows Phone 7+
  • Baidu Cloud Push for Android devices in China

SNS supports the following protocols and endpoints:

SNS Subscription Protocols
  • HTTP or HTTPS - subscribers specify a URL as part of the subscription registration; notifications will be delivered through an HTTP POST or the specified URL.
  • Email and Email-JSON - messages are sent to the registered address as email.
    • Email - a regular text based email
    • Email-JSON en email containing a JSON object
  • SQS - users can specify a SQS standard queue as the endpoint. SNS will enqueue a notification message to the specified queue (which subscribers can then process using SQS APIs such as ReceiveMessage, DeleteMessage, etc)
  • Application
  • Lambda
  • SMS - messages are sent to registered phone numbers as SMS text messages.

SWF (Simple Workflow Service)

API Gateway

What is API Gateway?

API caching can be used for TTL, i.e. if the same user makes the same request. This can help reduce the number of calls to your endpoint, and also improve the latency of the requests to your API. Note that API caching is not available on the AWS Free Tier.

API gateway can be throttled to help prevent attacks.

Logs can be sent to CloudWatch.

CORS can be enabled for API gateway.

A stage is a logical reference to a lifecycle status of your API (i.e. dev, prod, beta, v2, etc) and provides a unique domain name i.e. https://{restapi-id}.execute-api.{region}{stageName} format)

An API deployment is a point-in-time snapshot of the API gateway API resources and methods. For a deployment to be accessable, it must be associated with one or more stages.

More info on how to deploy an API

SSL certificates can be used to ensure that requests from your backend system are from API gateway. This can be used to ensure that only the API gateway can call your backend services, even if the backend services are publically accessable. Using Client-Side SSL Certificates for Authentication by the Backend

API Gateway can return a 429 (Too Many Requests) error. This means that your should adjust your account-level throttling litmus.

Paths of /sping and /ping are reserved for the service health check. See API Gateway Known Issues


Kenesis Streams Key Concepts

A Kinesis stream is intended for reading from and writing to in real time, and stores records for up to 24 hours old by default, and supports storing records for up to 168 hours via custom configuration.

Kinesis has the concept of shards, which are uniquely identified groups of records in a stream.

A stream is composed of one or more shards, each of which provides a fixed unit of capacity.

Each shard can support:

  • Up to 5 transactions per second for reads, up to a maximum total read rate of 2MB per second
  • Up to 1000 records per second for writes, up to a maximum of 1MB per second (including partition keys)

Data Records are the units of data stored in a Kinesis stream, and are composed of sequence number, partition key, and data blob, which is an immutable sequence of bytes. Kinesis streams do not inspect, interpret, or change the data in the blob in any way.

Data blobs can be up to 1MB in size


Cloudformation FAQ

A cloudformation is made up of the following sections:

  • Metadata (optional) - objects that provide additional information about the template.
  • Parameters (optional) - specifies values that you can pass in to your template at runtime (when you create or update a stack). You can refer to parameters in the Resources and Outputs sections of the template.
  • Mappings (optional) - a mapping of keys and associated values that you can use to specify conditional parameter values, similar to a lookup table. You can match a key to a corresponding value by using the Fn::FindInMap intrinsic function in the Resources and Outputs section.
  • Conditions (optional) - defines conditions that control whether certain resources are created or whether certain resource properties are assigned a value during stack creation or update. For example, you could conditionally create a resource that depends on whether the stack is for a production or test environment.
  • Transform (optional) - for serverless applications (also referred to as Lambda-based applications), specifies the version of the AWS Serverless Application Model (AWS SAM) to use.
  • Resources (required) - specify the stack resources and their properties such as an EC2 instance or a S3 bucket. You can refer to resources in the Resources and Outputs sections of the template.
  • Outputs - describes the values that are returned whenever you view your stack’s properties. For example, you can declare an output for an S3 bucket name and then call the aws cloudformation describe-stacks AWS CLI command to view the name.

The only required section in a Cloudformation template is the Resources section

ECS (Elastic Container Services)

A task definition is required to run Docker containers in AmazonECS.

The Amazon ECS container agent can be used to authenticate with private registries including Docker Hub using basic authentication. When you enable *private registry authentication, you can use private Docker images in your task definitions.

Docker Diagnostics can be used to diagnose issues with your docker containers.

Want to read more?

Check out the AWS Certified Solutions Architect Associate All-in-One Exam Guide on The book getting great reviews, was updated to cover the new 2018 exam SAA-C01, and is available on Kindle and as a paperback book.

See my full exam tips here: AWS Solutions Architect Associate Exam Tips

And click here to see all of my notes: AWS Solutions Architect Associate Exam Notes