A couple of weeks ago was a significant milestone in my 14-year IT career: I actually sat a certification exam. In this case, it was the AWS Certified SysOps Administrator – Associate Exam.
Despite some trepidation during my preparation for the exam, on the day I found it quite straightforward and came out with a pass mark. In this post I’m going to share some of my thoughts and notes in the hope that it will help others preparing to sit this exam.
About the Exam
The Certified SysOps Administrator exam is primarily designed to test proficiency in designing and managing platforms in AWS. Studying for the exam won’t teach you much past the basics when it comes to creating very high-level application architectures on the AWS platform. However, it will teach you about creating and managing the building blocks that applications will run on.
That said, being an associate-level exam, you won’t be expected to drill down into gory detail about specific services either. Instead, the emphasis is on mid-level design and AWS platform best practices.
Before taking the exam, AWS suggest you have one or more years hands-on experience operating AWS-based applications. Everything will make a lot more sense if you have had the opportunity to get your hands dirty with real AWS production environments.
Having said that, not everyone has the opportunity to do this and may be looking to get certified to move into AWS as a career. In that case, you will have to rely on a service like Qwiklabs to get that important hands on experience.
Officially, AWS say that the exam questions can be broken down into a number of broad knowledge domains, and even go so far as to specify the percentage of exam questions that will be devoted to each domain. The breakdown is as follows:
- Monitoring and Metrics: 15%
- High Availability: 15%
- Analysis: 15%
- Deployment and Provisioning 15%
- Data Management 12%
- Security 15%
- Networking 13%
In reality, I found these domain definitions quite vague, with a lot of crossover between them. Instead, I’m going to try and provide a summary of what I felt were some of the most important points to study for this exam, broken into the categories that make most sense to me.
To sit this exam, you will need to get on top of your networking basics, specifically routing and sub-netting.
Most people will be working within an AWS environment that has to talk to the outside world in some way, whether that be peering with another AWS account,
connecting your AWS environment to an on-premise data centre, or even something basic like internet access for your instances. Naturally there is a lot of detail to various scenarios, but it’s important to understand the options for connecting to other AWS accounts or external services.
This includes Route 53, for there will almost certainly be questions, whether that be record types or the scenarios which suit certain routing policies.
Backup and Disaster Recovery
There are numerous AWS services that come with backup options built into them out-of-the-box. You should go through the backup options for the core services covered by the exam and learn which ones you should build your own backup processes for, and which ones are mostly hands-off.
Cost effectiveness plays a big part in selecting the right combinations of backup technologies within AWS. Consequently, you will come across numerous scenario questions related to data retention lifecycles, and how to most cost-effectively leverage the right technologies to achieve certain regulatory or business requirements. These questions are straight forward and can be easy marks.
I didn’t come across any questions to do with the specifics of EC2 instance types and that makes sense considering the rapid evolution of the service. That said, I still think it’s a good idea to be familiar with the broad instance category types.
Scenario questions in this category often deal with identifying bottlenecks, and the best way to remedy them. Primarily you will want to understand when to scale instances ‘up’, versus when to scale ‘out’ by adding more instances.
Creative use of the different instance pricing options to suit various types of problems can provide big benefits when architecting your environment. Consequently, there will generally be questions on reserved, spot and on-demand instance types.
There is a strong security emphasis in the exam. The AWS shared-responsibility model comes up numerous times, so I would recommend you get comfortable with which parts of the system you are responsible for and which parts AWS look after.
You will also want to take some time to study IAM and S3 bucket policies. There seem to generally be a number of questions that ask you look at examples of policies and decipher how those policies will affect resource access.
To be honest, security is such a large category on it’s own that I recommend you read the best practice whitepaper. Not everything will be covered in the exam, but it will make you a better engineer in general.
There are a number of key points related to the managed database services provided in AWS. Learn the in-and-outs of Multi-AZ RDS deployments, with particular focus on the details of the failover and patching process. There are also a number of questions on using read replicas to improve query performance and reduce load on your primary database instance.
Finally, in-memory data stores can be a fantastic tool when deployed correctly. ElastiCache provide both Redis and Memcached as engines. I’d recommend you get familiar with the benefits and limitations of both engine types.
Make sure you understand the various S3 storage classes (Standard, RRS, IA and Glacier). You will also want to know the cost and performance implications of using them.
There are various types of volumes you can attach to an EC2 instance. You are going to want to know what these are and understand how your choice of volume type will affect data retention (i.e. when you terminate or stop the instance will you lose your data?)
There is a fine balance between alarm spam and not detecting real problems in time. I personally think hands-on experience is really important for this, as I found the combination of intervals and samples to create alarms wasn’t particularly intuitive.
It’s best to get in there and experiment with CloudWatch alarms, where you’ll also get to see the various alarm states (OK, Alarm and Insufficient Data). Don’t forget to take a look at alarms that can be used to alert you to cost overrun within your AWS account.
I find most of the metrics provided for the various AWS services are quite self explanatory. Having said that, there were a few that weren’t particularly easy to grasp. The resources mentioned below in the “Links and Materials” section cover the various metrics you are going to need to know for the exam.
Finally, standard metrics can only take you so far. There are numerous methods for collecting, aggregating and pushing custom metrics to CloudWatch. This is another good one to get some hands on practise with.
Ensure you are comfortable with creating basic stacks in CloudFormation (ie, know the minimum requirements for a valid template). I don’t think a deep understanding of CloudFormation is a requirement for this exam. However, there is nothing stopping you from deep diving on the technology, as it’s an essential part of infrastructure automation in AWS.
Similarly, OpsWorks and Elastic Beanstalk make up a minor part of the exam – there may be one or two questions in there. At a minimum you should know what the two services offer, but optimally you should try jumping into the console and setting up a couple of dummy applications to get a feel for how they are structured.
Outside of the domain-specifics, there are some common themes that became apparent for me are revising for the exam. A few things in particular stood out to me.
Firstly, context is king when it comes to the questions! Quite often a question will provide two or three perfectly valid solutions, but only one that fits with the context of the question. Look for terms like “while minimising cost” and “minimising downtime” to guide you towards the correct answer for the scenario in question.
Secondly, a common rule of thumb seems to be that AWS favours immutable infrastructure. In general you will be creating something new with the state you want, and then replacing an old policy with that. There are of course exceptions, but in general I found they lean towards this philosophy. Make sure that you are familiar with it.
Finally, don’t ignore Windows if you work with Linux (and vice versa). I didn’t run into a question on Windows, but I know there are some on uploading Windows performance counter data to CloudWatch.
Links and Materials
Whilst I was preparing for the exam, there were a number of resources I found particularly helpful:
- A Cloud Guru – Certified SysOps Administrator – Associate 2018: I am a big fan of A Cloud Guru. Their content is accurate and they keep it up to date. They are also excellent at engaging with the community and using that feedback to make their courses better.
- Linux Academy: Linux Academy have a really nice SysOps course as well, one of their differentiators is their live labs which allow you to get that much needed hands on experience.
- #vBrownBag SysOps series: These podcasts allow community members to contribute material on various IT related topics. I found the SysOps series to be a nice tool to reinforce the knowledge I’d gained through the above paid content.
- Qwiklabs – SysOps Associate: 10 hands-on labs based on the content for SysOps Associate exam
- AWS Cloud Design Patterns: A collection of design patterns for AWS platform design. I would highly recommend getting familiar with the Basic, HA and Relational Database patterns.
- Architecting for The Cloud: Best Practises: A great whitepaper from AWS, it’s a must read for this exam
- Best Practises for Amazon EC2: Another piece of must-have knowledge from AWS
- AWS Certified SysOps Administrator – Exam Blueprint: The official document describing what this exam is for and how it is structured.
In this post I’ve outlined what I think are the most important things to focus on when studying for the ‘AWS Certified SysOps Administrator – Associate’ exam. I’ve even flagged a few areas to study that, whilst strictly speaking are not part of the exam, will make you a better-rounded AWS SysOps Administrator.
If you have commercial experience with AWS, I’d still encourage you to formalise and consolidate everything you know by taking this exam. If you don’t have commercial experience, studying for this exam (in conjunction with doing practical exercises using something like Quiklabs) is a great way to bootstrap yourself into this space.