← Home
AWS Solutions Architect Associate Cram Sheet
Compute Quick Reference
- EC2 types: T (burstable), M (general), C (compute), R (memory), G (GPU), I (storage)
- EC2 pricing: On-Demand > Reserved (72% off, 1-3yr) > Spot (90% off, interruptible)
- Lambda: serverless, event-driven, 15-min max, pay per request + ms
- ECS = Docker on AWS | EKS = Kubernetes on AWS | Fargate = serverless containers
- Beanstalk = PaaS (upload code, AWS handles rest) | CloudFormation = IaC (templates)
- Auto Scaling: dynamic (CloudWatch metric), scheduled, predictive (ML-based)
Storage Quick Reference
- S3: object storage, 11 9s durability, classes: Standard > S-IA > Glacier Instant > Glacier Flexible > Deep Archive
- EBS: block storage, single EC2, types: gp3 (general), io2 (IOPS), st1 (throughput), sc1 (cold)
- EFS: managed NFS, shared across multiple EC2, auto-scales
- S3 Glacier retrieval: Instant (ms) | Flexible (1-12h) | Deep Archive (12-48h)
- Storage Gateway: hybrid bridge between on-prem and S3
- Snowball: petabyte migration device | Snowmobile: exabyte (truck)
Networking Quick Reference
- VPC: isolated network | Subnet: public (IGW) or private (NAT GW)
- IGW: bidirectional internet | NAT GW: outbound-only for private subnets
- SG: stateful, instance-level, allow only | NACL: stateless, subnet-level, allow+deny
- Route 53 policies: simple, weighted, latency, failover, geolocation, multivalue
- CloudFront: CDN, 400+ edge locations, caches S3/EC2/custom origins
- Direct Connect: private dedicated line to AWS | VPN: encrypted tunnel over internet
- VPC Peering: non-transitive | Transit Gateway: hub-and-spoke for many VPCs
Database Quick Reference
- RDS: managed SQL (MySQL, PostgreSQL, Oracle, SQL Server, MariaDB)
- RDS Multi-AZ: sync standby for HA/failover (NOT for reads)
- RDS Read Replicas: async copies for read scaling (NOT automatic failover)
- Aurora: AWS proprietary, 5x MySQL speed, auto-scales to 128TB, 6 copies/3 AZs
- DynamoDB: NoSQL, single-digit ms, auto-scale, DAX for microsecond caching
- ElastiCache: Redis (persistence, pub/sub) or Memcached (simple, multi-thread)
- Redshift: columnar data warehouse, OLAP workloads, petabyte scale
Security & IAM
- Shared Responsibility: AWS secures cloud infrastructure; you secure data/apps/OS/IAM
- IAM: users, groups, roles, policies (JSON) — always least privilege
- KMS: managed encryption keys for S3, EBS, RDS, etc.
- WAF: web app firewall (SQLi, XSS protection) — attaches to CloudFront or ALB
- Shield: DDoS protection — Standard (free) vs Advanced ($3K/mo + support)
- Cognito: user pools (auth) + identity pools (AWS temp credentials)
- CloudTrail: API activity logging | GuardDuty: threat detection | Inspector: vuln scanning
Architecture Patterns
- Well-Architected 6 pillars: Operational Excellence, Security, Reliability, Performance, Cost, Sustainability
- Decouple with SQS (queue) or SNS (pub/sub) — never tightly couple components
- Multi-AZ = HA within region | Multi-Region = DR across regions
- RTO: recovery time objective | RPO: recovery point objective — lower = more expensive
- Read replicas + ElastiCache = scale read-heavy workloads
- S3 + CloudFront = static website at global scale, no EC2 needed
- EventBridge + Lambda = serverless event-driven architecture
Cost Optimization
- Spot instances: 90% savings, use for batch/fault-tolerant workloads
- Reserved instances: 72% savings, commit 1-3 years for predictable workloads
- Savings Plans: flexible reserved pricing, applies to EC2/Lambda/Fargate
- S3 Intelligent-Tiering: auto-moves objects between tiers based on access patterns
- Right-sizing: use Compute Optimizer recommendations to match instance to workload
- Lifecycle policies: auto-transition S3 objects to cheaper storage after N days
- Trusted Advisor: cost optimization, security, fault tolerance, performance checks
Take Practice Test →