AWS SAA Quick Reference Cheat Sheet
🎯 Core Services Summary
Compute Services
EC2:
Instance Types: T (burstable), M (general), C (compute), R (memory), X (high memory)
Pricing: On-Demand > RI (75% off) > Spot (90% off)
Placement Groups: Cluster (performance), Partition (big data), Spread (HA)
Lambda:
Timeout: 15 minutes max
Memory: 128MB - 10,240MB
Languages: Node.js, Python, Java, C#, Go, Ruby, PowerShell
ECS/EKS:
ECS: AWS managed containers
EKS: Kubernetes managed service
Fargate: Serverless containers
Storage Services
S3:
Standard: $0.023/GB, immediate access
Standard-IA: $0.0125/GB, 30-day minimum
Glacier Instant: $0.004/GB, 90-day minimum
Glacier Flexible: $0.0036/GB, 90-day minimum
Deep Archive: $0.00099/GB, 180-day minimum
EBS:
gp3: 3,000 IOPS baseline, best price/performance
io2: Up to 64,000 IOPS, high performance
st1: Throughput optimized HDD
sc1: Cold HDD, lowest cost
EFS:
Regional NFS, multiple AZ access
Performance modes: General Purpose, Max I/O
Throughput modes: Bursting, Provisioned
Database Services
RDS:
Engines: MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, Aurora
Multi-AZ: Synchronous replication, automatic failover
Read Replicas: Asynchronous, read scaling, cross-region
DynamoDB:
NoSQL, managed, serverless
On-Demand: Pay per request
Provisioned: Pre-configured capacity
Global Tables: Multi-region replication
Aurora:
MySQL/PostgreSQL compatible
6 copies across 3 AZs
Up to 15 read replicas
Aurora Serverless: Auto-scaling
Networking Services
VPC:
Private cloud network
Subnets: Public (IGW), Private (NAT)
CIDR: IP address ranges
Load Balancers:
ALB: Layer 7 (HTTP/HTTPS), content routing
NLB: Layer 4 (TCP/UDP), ultra-low latency
CLB: Legacy, basic load balancing
CloudFront:
Global CDN, 400+ edge locations
Cache behaviors, TTL settings
Origin shield, compression
Route 53:
DNS service, health checks
Routing: Simple, Weighted, Latency, Failover, Geolocation
🏗️ Architecture Patterns
High Availability
Multi-AZ Deployment:
Components: ALB, Auto Scaling, RDS Multi-AZ
Benefits: Fault tolerance, automatic failover
Auto Scaling:
Target Tracking: CPU, requests per target
Scheduled: Predictable patterns
Step: Multiple scaling steps
Performance Optimization
Caching Layers:
CloudFront: Global edge caching
ElastiCache: In-memory caching (Redis/Memcached)
DAX: DynamoDB accelerator
Content Delivery:
Static content → CloudFront + S3
Dynamic content → ALB + Auto Scaling
API responses → API Gateway caching
Security Best Practices
Identity & Access:
IAM Roles: Temporary credentials
Least Privilege: Minimum permissions
MFA: Multi-factor authentication
Data Protection:
Encryption at Rest: S3, EBS, RDS
Encryption in Transit: HTTPS, TLS
Key Management: KMS, CloudHSM
Network Security:
Security Groups: Instance-level firewall
NACLs: Subnet-level firewall
WAF: Web application firewall
Cost Optimization
Compute:
Reserved Instances: 1-3 year commitment, 75% savings
Spot Instances: Interruption-tolerant, 90% savings
Right-sizing: Match capacity to demand
Storage:
S3 Lifecycle: Automatic class transitions
Intelligent Tiering: Automatic optimization
EBS GP3: Better price/performance than GP2
Monitoring:
Cost Explorer: Analyze spending patterns
Budgets: Set spending alerts
Trusted Advisor: Cost recommendations
🔍 Service Limits & Quotas
Important Limits
EC2:
Default: 20 On-Demand instances per region
EBS: 5,000 volumes per region
Security Groups: 2,500 per VPC
S3:
Bucket Names: Globally unique
Objects: Unlimited per bucket
Object Size: 5TB maximum
Lambda:
Timeout: 15 minutes maximum
Memory: 10,240MB maximum
Deployment Package: 50MB zipped, 250MB unzipped
RDS:
DB Instances: 40 per region
Read Replicas: 5 per master (Aurora: 15)
Backup Retention: 35 days maximum
📊 Monitoring & Logging
CloudWatch
Metrics:
Basic: 5-minute intervals (free)
Detailed: 1-minute intervals (charged)
Custom: Application-specific metrics
Alarms:
Threshold-based monitoring
Actions: SNS, Auto Scaling, EC2 actions
Logs:
Centralized logging
Log groups và streams
Retention policies
Security Monitoring
CloudTrail:
API call logging
S3 delivery
Multi-region trails
GuardDuty:
Threat detection
Machine learning based
VPC Flow Logs, DNS logs
Security Hub:
Security posture management
Compliance standards
Finding aggregation
🎯 Exam Tips
Key Decision Factors
Performance Requirements:
Low latency: Choose services closer to users
High throughput: Horizontal scaling over vertical
Consistent performance: Provisioned over burstable
Cost Optimization:
Predictable workloads: Reserved Instances
Variable workloads: Auto Scaling + Spot
Storage access patterns: Lifecycle policies
Security Requirements:
Compliance: KMS, encryption, audit trails
Network isolation: Private subnets, VPC
Access control: IAM roles, least privilege
Availability Requirements:
99.9%: Single AZ with backups
99.99%: Multi-AZ deployment
99.999%: Multi-region active/active
Common Question Patterns
"MOST cost-effective":
Look for: Reserved Instances, Spot, lifecycle policies
"BEST performance":
Look for: Placement groups, enhanced networking, caching
"Highest security":
Look for: Private subnets, encryption, IAM roles
"Lowest latency":
Look for: CloudFront, placement groups, regional services
"Automatic failover":
Look for: Multi-AZ, Auto Scaling, health checks
🔧 Service Selection Guide
When to Use What
Compute:
EC2: Full control, custom applications
Lambda: Event-driven, serverless, < 15 minutes
ECS: Containerized applications
Batch: Large-scale batch processing
Storage:
S3: Object storage, web content, backup
EBS: Block storage, database storage
EFS: Shared file system, multiple instances
Database:
RDS: Relational, ACID compliance
DynamoDB: NoSQL, high performance, serverless
Redshift: Data warehouse, analytics
ElastiCache: Caching, session storage
Networking:
ALB: HTTP/HTTPS, microservices
NLB: TCP/UDP, high performance
CloudFront: Global content delivery
API Gateway: RESTful APIs, serverless
📚 Study Focus Areas
High Priority Topics
- [ ] EC2 instance types và pricing models
- [ ] S3 storage classes và lifecycle
- [ ] VPC networking và security groups
- [ ] RDS Multi-AZ vs Read Replicas
- [ ] Auto Scaling policies
- [ ] IAM roles và policies
- [ ] CloudFormation basics
Medium Priority Topics
- [ ] Lambda functions và triggers
- [ ] DynamoDB design patterns
- [ ] CloudFront distributions
- [ ] ElastiCache configurations
- [ ] Route 53 routing policies
- [ ] KMS encryption
- [ ] CloudWatch monitoring
Lower Priority Topics
- [ ] Advanced networking (Direct Connect, Transit Gateway)
- [ ] Specialized services (EMR, Kinesis, Glue)
- [ ] Container orchestration details
- [ ] Advanced security services
- [ ] Cost management tools
🎓 Final Exam Strategy
Time Management
- [ ] 2 minutes per question average
- [ ] Mark uncertain questions for review
- [ ] Answer all questions (no penalty)
- [ ] Leave 10 minutes for review
Question Analysis
- [ ] Read question carefully
- [ ] Identify key requirements
- [ ] Eliminate obviously wrong answers
- [ ] Choose BEST option among remaining
- [ ] Consider AWS Well-Architected principles
Common Mistakes to Avoid
- [ ] Overcomplicating simple scenarios
- [ ] Ignoring cost considerations
- [ ] Missing security requirements
- [ ] Confusing similar services
- [ ] Not considering scalability
Good luck với AWS SAA certification! 🌟