AWS Solutions Architect Associate (SAA-C03) Exam Prep Course

Explore AWS fundamentals, the certification exam overview, and study methods. Learn about EC2 and S3 origins, 240+ services, and pay-as-you-go pricing with global availability.

Discover your AWS learning path across foundational, associate, and professional levels to tailor study plans. Balance video content with text-based learning and practice questions for hands-on AWS exercises.

Explore an overview of AWS certification exams, including levels, prerequisites, and the 2024 associate lineup (sysops, developer, solutions architect, data engineer, machine learning engineer), exam format, and service coverage.

Learn how to create an AWS account, configure IAM users with MFA, and access AWS via the management console, CLI, and Cloud Shell, using access keys and passwords.

Install and set up the AWS CLI on Windows or Mac, verify with aws --version, and configure credentials, region, and output format using the IAM access key and secret key.

Enable IAM access to billing information, then create a CloudWatch alarm that triggers when the estimated charge exceeds the set threshold and notifies via SNS email.

Explore AWS Organizations to centrally manage accounts and organizational units, apply service control policies, enable consolidated billing, and share quotas and discounts across the organization.

Create an organizational unit in AWS Organizations and attach a service control policy to manage permissions. The policy restricts EC2 creation to T2.micro, illustrating inherited permissions in the OU hierarchy.

Explore AWS Control Tower to deploy a landing zone with AWS Organizations, automating a multi-account environment and governance via accounts, organizational units, IAM, networking, logging, CloudTrail, and Config.

Learn how AWS service catalog centralizes control, standardizes resource usage, and enables authorized users to deploy cloud resources via CloudFormation templates and portfolios.

Enable cross-account and within-organization resource sharing with the AWS Resource Access Manager, inviting other accounts to access shared resources from the management console, with RAM's global sharing support.

Explore how Amazon CloudWatch delivers integrated operational monitoring for AWS resources by collecting logs and metrics, triggering alarms, and integrating with SNS, Lambda, and VPC flow logs.

Install, configure, and start the CloudWatch agent with System Manager, attach IAM policies under the least privilege principle, and set up metrics and logs for monitoring.

Demonstrates monitoring an EC2 instance with CloudWatch, sending metrics via CloudShell, and stopping the instance with a CloudWatch alarm when thresholds are exceeded, while reviewing metrics and logs.

Learn how to emit custom metrics to CloudWatch using EMF from a Lambda function, including role setup, JSON metrics, and viewing results in CloudWatch metrics.

Understand how AWS CloudTrail records user activity and API calls as management and data events, tracks who did what and when, and uses insights to detect unusual activity.

Explore CloudTrail basics by creating trails, viewing 90 days of event history, inspecting event details, and storing logs in S3; then use CloudTrail Lake for SQL-like queries.

Explore AWS config, a service that logs resource configuration changes and evaluates compliance with governance rules through AWS managed and customer config rules, with continuous or daily evaluations.

Configure an AWS config rule to detect non-compliant EC2 instances by instance type, then automatically stop them using a remediation action and an IAM role.

Learn how AWS X-Ray monitors microservices by collecting request data and visualizing service maps and traces, with metrics like response time and status, using the X-Ray daemon and SDK.

Learn how to enable AWS X-Ray for a Lambda function, visualize traces and latency in the service map, and identify bottlenecks with CloudWatch integration.

Learn how Prometheus and Grafana, with AWS AMG and AMP, collect metrics from your ECS or Kubernetes cluster and visualize cluster, node, and port level insights.

Explore Amazon managed service for Prometheus (AMP) and how it provides persistent storage for time series data, manages Prometheus rules, and integrates with SNS and AMG.

Discover Amazon managed Grafana (AMG) to visualize AWS monitoring data inside Grafana, offload server management, connect data sources and workspaces, and set alerts via Amazon SNS with IAM Identity Center.

Discover AWS Systems Manager, an operational hub for hybrid environments that uses the SSM agent to manage EC2 and on-prem servers, automate updates, patching, and configuration.

Master AWS system manager essentials, including automation, run command, and patch manager, to automate Linux and Windows server management with SSM agents.

Learn how AWS license manager centrally handles licenses from third-party vendors across AWS and on premise, with a dashboard to track usage, expiration, compliance, and EC2 license control.

Explore AWS health dashboards and notifications, linking events to EventBridge and AWS organizations. Understand the personal health dashboard with real-time events and the service health dashboard with public logs.

AWS trusted advisor analyzes your architecture and provides recommendations based on AWS best practices, covering cost optimization, performance, security, fault tolerance within the Well-Architected framework.

Explore how AWS CloudFormation uses infrastructure as code to define resources in JSON or YAML templates, manage stacks, preview changes with change sets, detect drift, and enforce rollback and policies.

Explore the serverless application model (sam) and compare sam and CloudFormation templates for deploying serverless apps with Lambda, API Gateway, and DynamoDB. Learn how sam simplifies infrastructure management.

Learn how to release resources with AWS CloudFormation by deploying templates, creating stacks, and using change sets to update infrastructure, including EC2 instances, AMIs, and parameters.

Practice CloudFormation basics by creating a stack and an S3 bucket, then implement rollback, drift detection, change sets, and stack policies to safeguard updates and resources.

AWS Proton automates the deployment of serverless and container based applications using CloudFormation templates, with environment templates defining a VPC and subnet and service templates defining the EC2 instance.

Explore how AWS Elastic Beanstalk simplifies deploying apps by automating capacity, load balancing, and scaling, and compare deployment options—all at once, rolling, immutable, and blue-green—plus worker environments.

Explore cost management tools in AWS, including budgets for alerts and cost tracking, Cost Explorer for visualization and forecasting, saving plans for discounts, and tagging for resource organization.

Explore AWS cost management tools, including Cost Explorer for graphical and tabular cost views, the Cost and Usage Report data export, and flexible saving plans.

Explore AWS IAM concepts, including users, groups, roles, and policies, and learn how to enforce least privilege, enable MFA, rotate keys, and control access to resources.

Explore how IAM policies classify and attach, covering identity-based, resource-based, inline and managed policies, their JSON structure, statements, conditions, ARNs, actions, and patterns for S3, Lambda, and SQS.

Explore cross-account IAM in AWS, comparing identity and resource policies, applying permission boundaries and SCP constraints, and switching roles across accounts to grant precise access.

Explore AWS STS, the security token service that issues temporary credentials with expiration for cross-account access via assume-role and role trust policies.

Identify the confused deputy problem and enforce least privilege by using an external ID in trust policy condition to control who can assume an IAM role and receive temporary credentials.

Explore access analyzer to validate trust relationships and policies for external resources, including s3 buckets, iam roles, kms keys, and lambda functions, and evaluate explicit and implicit permissions.

Explore hands-on RBAC and ABAC using AWS IAM policies, including creating a billing group, assigning a billing policy, tagging for attribute-based access, and controlling RDS restart and reboot by tags.

Perform a hands-on setup of an IAM role with an external id condition to prevent the confused deputy problem, and verify behavior using STS with correct and incorrect external ids.

Apply a permission boundary to limit IAM actions by combining an all actions allowance with an explicit deny on attaching the administrator policy, demonstrated through a hands-on tutorial.

Explore encryption services in the cloud using KMS, HSM, Secret Manager, and Certificate Manager to protect data at rest and in transit, and compare symmetric, asymmetric, and hybrid encryption.

Create a symmetric AWS KMS key in the console, configure key material origin and region, set the key policy and administrators, enable rotation, and schedule a seven-day deletion delay.

Explore how AWS KMS creates and manages cryptographic keys, enforces access with key and IAM policies, and manages key lifecycles and rotation across services.

Learn envelope encryption with AWS KMS data keys, including creating a customer managed key, generating data keys, and encrypting and decrypting a sample file.

Explore Secrets Manager as a centralized service that manages secret lifecycles and rotation via Lambda functions, and compare it with Parameter Store and System Manager for secure use cases.

Learn to create secrets in AWS Secrets Manager, choose secret types, store key-value pairs, retrieve and update secrets, and understand the seven to thirty day waiting period before deletion.

AWS certificate manager enables encryption in transit by issuing and managing certificates for CloudFront, ELB, and API Gateway, acting as a private CA and supporting certificate import with manual rotation.

Learn how Amazon Macie detects sensitive data in S3 and uses KMS encryption with CloudWatch, enabling PCI DSS compliance. Understand GuardDuty and Detective for threat detection, log analysis, and response.

Explore how Amazon Cognito enables secure user authentication and authorization for web and mobile apps, using user pools and identity pools, with federated identity and token-based access.

Learn to create and configure an Amazon Cognito user pool and identity pool, set sign-in attributes, enable self-service signup, and bind authentication to authorization with IAM roles.

Explore how directory services manage access to resources, compare AD Connector, Simple AD, and AWS managed Microsoft AD, and enable single sign-on with ADFS.

Learn AWS IAM Identity Center, the single sign-on service replacing AWS SSO, centralizing account management and identity store integration with Active Directory, Microsoft Entra ID, and Okta.

Explore AWS firewall services across application and network layers, including WAF, Route 53 DNS firewall, AWS Network Firewall, and access controls like network ACL and security group.

Discover how AWS WAF functions as a web application firewall that monitors HTTP/HTTPS traffic, blocks SQL injection and XSS, and uses default and custom rule sets.

Learn how AWS Network Firewall provides a VPC based stateful firewall with stateless rules, auto scaling, and high availability across AZs, plus domain blocking, threat detections, and logs.

Learn how denial of service and DDoS attacks use botnets to overwhelm targets, and how AWS Shield protects AWS resources with standard and advanced protections for ELB, CloudFront, and Route53.

Centralize firewall management across accounts with AWS Firewall Manager, supporting WAF, Shield Advanced, VPC security groups, Route53, DNS firewall, and third-party firewalls.

Discover how AWS Audit Manager automates compliance audits, enables continuous monitoring and reporting, uses pre-built frameworks aligned to standards, and integrates with AWS Config and Security Hub for final reports.

Explore aws artifact, a free service for managing security and compliance documents and agreements—artifact agreement and artifact report—accessible from the console, for individual and organization agreements, including compliance audit report.

Amazon Inspector conducts security assessments by scanning for vulnerability and network exposures. Configure targets, template, rule package, install the agent on EC2, automate findings with AWS Systems Manager and Lambda.

Activate Amazon Inspector, deploy a test EC2 instance and a vulnerable Lambda function, then review findings showing a critical credentials leakage vulnerability across EC2 and Lambda.

Discover how AWS Security Hub automates security assessment and alerts, providing a centralized view with GuardDuty, Inspector, and Macie integrations, multi-region and multi-account support, and compliance checks.

Integrate Macie with Security Hub to detect sensitive data in S3, route findings through EventBridge to an SNS email notification, and review Security Hub dashboards and findings.

Explore how the AWS security finding format (ASF) standardizes findings from security tools in AWS Security Hub and GuardDuty, with EventBridge integration and practical filtering by severity and date.

Learn how Amazon S3 provides scalable object storage in buckets, accessible over http/https, with storage classes like standard and Glacier, high durability, and lifecycle management for archiving and backups.

Explore Amazon S3 security features, including IAM and bucket policies, signed URLs, cross-origin resource sharing, server-side and client-side encryption, object locking, and bucket versioning with versions and delete markers.

Master S3 operations, including GetObject and ListBucket with filtering, and batch actions; learn multipart uploads, transfer acceleration, and S3 Select for data lake workflows with Athena and Glue.

Perform hands-on S3 basics by creating a bucket, uploading a sample HTML file, setting lifecycle rules, and using pre-signed URLs for secure, time-limited internet access.

Configure cross-origin resource sharing for two S3 buckets by enabling static website hosting, applying public get object policies, and adjusting CORS to allow image retrieval.

Learn how to set up S3 event notifications to trigger a Lambda that converts uploaded text to uppercase, saving results to a separate output folder to avoid infinite loops.

Explore AWS Storage Gateway, linking on-prem storage with AWS for seamless backup, replication, and disaster recovery via file, volume, and tape gateways with S3, Glacier, and retention lock.

Compare EBS, EFS, and FSx storage options for EC2 computing, noting EFS's multi-AZ shared access, EBS's single-instance attachment with snapshots, and the volatility of instance stores.

Explore hands-on creation and mounting of Amazon Elastic File System (EFS), configure mount targets across availability zones, adjust security groups for NFS, and mount on EC2.

Encrypt unencrypted EBS volumes by copying an encrypted snapshot to a new encrypted volume, and encrypt an unencrypted EFS by backing up and restoring to an encrypted file system.

Analyze disaster recovery designs, RPO and RTO targets, and standby configurations—cold, warm, hot, and multi-site—to sustain business continuity, high availability, and rapid failover across regions.

Explore EC2 compute services, including virtual machines, high availability across multiple availability zones, pay-as-you-go pricing, ami templates, and placement groups (cluster, partition, spread) for scalable, reliable compute.

Explore the EC2 instance types, including general purpose, compute, memory, and storage optimized families, learn the a1.medium naming pattern, and understand bursting with T instances and CPU credits.

Understand ec2 purchasing options including reserved instances, on-demand pricing, saving plans, and spot instances, with considerations for term length, region, tenancy, and interruption risk.

Explore AWS autoscaling concepts for EC2 and application Auto Scaling, with policies such as simple, step, and target tracking, plus warm up, cool down, health checks, and lifecycle hooks.

Explore autoscaling and load balancers by hands-on setup of launch templates, an auto scaling group, and minimum, maximum, and desired instance settings in a multi-az environment.

Follow this hands-on session to configure an application load balancer with two EC2 instances, two target groups, and listener rules, achieving a 50/50 round-robin traffic split and path-based routing.

Explore containers as lightweight, isolated software packages and learn how AWS container services, including ecs, eks, and ecr, support deployment with EC2 or Fargate, on-premises options, and kubectl and pods.

Create a test Fargate cluster, define a minimal nginx task, deploy a one-task Fargate service, and explore metrics, capacity providers, and Fargate spot for cost optimization.

Learn to set up an ECS on EC2 cluster with an auto scaling group, deploy a httpd container task, and configure capacity providers using cloud formation.

Explore how AWS Lambda enables event-driven, serverless computing, processing data via API gateway and DynamoDB with IAM permissions and scalable concurrency.

Learn to create a new AWS Lambda function from scratch with Node.js 20, configure an IAM role, deploy updates, test executions, and manage versions and aliases.

Learn how to run large-scale batch processing with AWS Batch, containerized applications in a serverless environment, using Fargate or EC2, with job queues and AWS Step Functions.

Learn how Amazon Lightsail provides low-cost pre-packaged virtual private servers for small-scale development, with easy setup, fixed monthly pricing, and Linux, Unix, or Windows options, contrasted with EC2 for customization.

Explore hybrid cloud options with VMware cloud on AWS and AWS Outposts to extend on premise vSphere. See how Compute Optimizer analyzes EC2, EBS, and Lambda usage to recommend resources.

Explain AWS network services using a typical diagram, detailing VPC with private and public subnets across availability zones, internet gateway, NAT gateway, virtual private gateway, routing tables, and security groups.

Design a virtual private cloud with subnets, cidr ranges, gateways, and security features. Configure internet and nat access, elastic ips, dns, cdn, vpn, direct connect, and load balancers.

Analyze security groups and network ACLs as network layer firewalls, compare stateful versus stateless handling, and show traffic flow from ALB to web and database servers.

VPC flow logs capture IP traffic from elastic network interfaces, store only metadata in CloudWatch, S3, or Kinesis Data Firehose, and help check security groups and monitor traffic by timestamps.

Explore Amazon VPC peering to connect VPCs via a private AWS network for secure communication using private IP addresses across accounts and regions. Overlapping CIDR blocks prevent peering.

Explore how VPC endpoints provide private access from within your VPC to AWS services, using interface and gateway endpoints, Privatelink, DNS, and ENI for S3 and DynamoDB.

Explore elastic network interfaces (ENIs) in a VPC, virtual network cards attached to EC2 instances to grant private IPs, MAC addresses, security groups, and elastic IPs.

Explore gateway services in VPC, including internet gateway, NAT gateway, egress-only internet gateway, virtual private gateway, and customer gateway, with NAT gateway advantages and differences from NAT instances.

Configure a VPC with multi-AZ public and private subnets. Set up security groups, network ACLs, EC2, internet gateway, NAT gateway, CIDR blocks, and auto-assign public IPs in us-east-1.

Configure a VPC with private and public subnets, attach an internet gateway, and create route tables to direct 0.0.0.0/0 traffic through the gateway.

Create a public and a private security group and configure a subnet-level network ACL. Understand SSH rules, IPv4/IPv6 sources, and ACL precedence for secure access.

Learn VPC configuration by launching public and private subnets, creating a NAT gateway in the public subnet, updating routes, and securely SSH into the instances.

Explore dynamic and static ip addresses in EC2, contrasting elastic ip addresses (static, persistent, movable across availability zones) with dynamic assigned ip addresses (change after restart).

Connect up to 5000 VPCs and on-premises networks with the Transit Gateway; integrate Direct Connect, VPN, and VPC peering, and simplify management with network manager and route analyzer.

Explore VPN and Direct Connect: secure communication over the internet with encrypted tunnels, SSL/IPsec, and authentication, plus AWS client VPN and site-to-site VPN configurations for scalable, on-premises to AWS connectivity.

Learn how AWS Direct Connect provides private, dedicated and hosted connections, uses three virtual interfaces (private, public, transit), and leverages Direct Connect Gateway for multi-VPC access.

Explore the Direct Connect console to create private or public connections, configure resiliency, and select locations and speeds. Manage ROA CFA and virtual interfaces, and review gateway options.

Explore Amazon CloudFront as a global content delivery network that caches at edge locations to reduce origin load and latency.

Explore CloudFront security features, including default SSL encryption, WAF and Shield protection, and IP-based access controls, with origin access identity for S3 and signed URLs or cookies for private content.

Learn how Amazon CloudFront edge functions run at edge locations to handle requests and responses, compare CloudFront functions and Lambda@Edge, and reduce origin load with JavaScript, Node.js, and Python.

Configure a CloudFront distribution with two S3 origins, routing /jpeg to the Ohio bucket and other requests to the North Virginia bucket, while enforcing bucket access through CloudFront.

Learn to configure CloudFront with origin access control (OAC), create a private S3 bucket, and enforce access through CloudFront by using a bucket policy and distribution settings.

Explore how to use CloudFront edge functions and Lambda@Edge with an S3 origin, adding a response header and rewriting urls, and note the lightweight CloudFront functions compared with Lambda@Edge.

Improve network latency up to 60% with the AWS Global Accelerator and its edge locations, using two static IP addresses to connect to endpoint groups NLB, ALB, EC2, or IP.

Discover how DNS translates domain names into IP addresses and how Amazon Route 53 handles domain resolution, routing policies, health checks, and resolver services for AWS resources.

Learn to configure Route53 failover routing with two S3 static websites, set up health checks, create primary and secondary CNAME records, and test failover by simulating endpoint failure.

Elastic Load Balancing distributes traffic across EC2 instances with health checks, enabling high availability through ALB, NLB, and GWLB using listeners and target groups for secure, scalable routing.

Discover AWS database services, including Aurora, RDS, Redshift, and NoSQL options like DynamoDB, DocumentDB, ElastiCache, and MemoryDB, with managed patching, backups, high availability, failover, read replicas, and pay-as-you-go pricing.

Explore Amazon RDS, the relational database service, including RDS instance types and notation. Review general purpose and memory-optimized families, and storage options like general purpose ssd, provisioned iops, and magnetic.

Discover how the RDS proxy provides a free, managed, highly available database proxy that scales applications with a shared connection pool and supports IAM, VPC security groups, and query caching.

Read replicas are asynchronous, read-only copies of the primary that offload reads and can be promoted for disaster recovery or migration. Up to five read replicas enable cross-region disaster recovery.

Discover Amazon RDS pricing, covering pay-as-you-go and reserved instances, storage, data transfer, and backup costs across instance sizes, engine types (including Oracle licensing), and Multi-AZ.

Learn how Amazon RDS performs automatic daily backups with a 0–35 days retention, first full then differential backups, with snapshots in S3 and point-in-time restores creating new instances.

Enable extended monitoring to capture OS level metrics for RDS, like CPU usage, memory, and disk I/O, and enable performance insights to analyze SQL wait events and database load.

Learn to create and configure an Amazon RDS MySQL database from the management console, using free tier settings. Explore engines, instance types, storage, connectivity, security groups, backups, and monitoring.

Create and configure a read replica from the primary RDS instance, selecting region and aligning encryption. Copy and restore encrypted snapshots to illustrate encryption rules and multi-AZ endpoints.

Amazon Aurora offers a cloud-optimized relational database compatible with MySQL and PostgreSQL, delivering higher performance, lower cost, durability with backups to S3, cross-AZ replication, and independent compute and storage scaling.

Explore Amazon Aurora Serverless, a serverless database that auto-scales CPU and memory via ACU, ideal for unpredictable usage; compare version 1 and version 2 features and costs.

Compare Aurora backups with RDS, highlighting automatic, continuous backups, point-in-time recovery within five minutes, 72-hour backtrack, and quick cloning for development, testing, and production downtime reduction.

Create and monitor an Amazon Aurora database from the RDS console, selecting MySQL compatible engine, production settings, replica and failover priorities, and configurable backups, monitoring, and performance insights.

Restore Amazon Aurora cluster from automated backups. Choose the latest restorable time or a custom date/time for point-in-time recovery, backtrack, and fail over to a new primary with minimal downtime.

Shows how Aurora promotes the largest read replica to writer during failover and how failover priority operates. Keeps read replicas the same size to optimize performance after failover.

Explore Amazon Redshift architecture, detailing clusters with leader and compute nodes, slices, and node types—dense compute SSD (DC) and dense storage (RDS); hot data on SSD, cold data on S3.

Learn how Redshift uses columnar storage to reduce disk I/O, with column encoding and zoning to skip unnecessary data, boosting compression and query speed, aided by MPP and SKA.

Explore redshift scalability options: elastic resize for fast node changes, concurrency scaling with a transient cluster, R3 compute–storage separation, and serverless options, plus shared nothing versus shared storage architectures.

Explore Redshift security features, including encryption at rest, VPC security, and per-column access controls. Learn how to encrypt unencrypted resources by migrating data to new encrypted clusters, mirroring EBS/EFS processes.

Amazon Redshift Spectrum to query data directly on S3 without loading, pay per query, and integrate with AWS Glue to explore and catalog data schemas.

Explore Amazon DynamoDB, a managed NoSQL key-value database by AWS, with partition key and optional soft key, serverless operation, and a sql-like query language called particle across three availability zones.

Explore DynamoDB capacity modes, including on-demand and provisioned, with pricing, autoscaling, and read and write capacity units for optimized performance.

Design DynamoDB partition keys and sort keys for efficient searches and composite primary keys, and evaluate local and global secondary indexes to balance performance and cost.

Explore DynamoDB streams, a time-ordered record of item-level changes captured for 24 hours. Use streams to replicate data across regions and feed changes into AWS Lambda or Amazon Redshift.

Explore DynamoDB accelerator (Dax), a free in-memory cache delivering microsecond reads. Learn write-through updates to cache and DynamoDB, five-minute TTL, and that strong reads bypass Dax to reach DynamoDB.

Learn how DynamoDB global tables replicate a table across regions with multi-master reads and writes. Enable streams, ensure name and write capacity, configure encryption, ttl, and global secondary index settings.

Explain strong and eventual consistency in DynamoDB, including write replication and three availability zones; strong reads incur higher latency, eventual reads may delay, and global secondary indexes lack strong consistency.

Learn DynamoDB common APIs: compare query and scan, partition key efficiency, batch vs transaction, all-or-nothing, and unprocessed items, with a hotel reservation example.

Learn how DynamoDB backups work, using on-demand backups and point-in-time recovery to restore to new tables within 35 days, with five-minute transaction logs and configurable restore options.

Explore DynamoDB security features, including IAM-based access control for tables, indexes, and streams, encryption, and network isolation, plus gateway VPC endpoints and routing table configurations for simplified management.

Learn to create an Amazon DocumentDB cluster, comparing instance-based and elastic clusters, and configure authentication, VPC, subnet, security, and monitoring via CloudWatch, then connect via MongoDB API.

Learn to create a DynamoDB table named Test Product three, batch write items from a JSON file, and perform scan and query operations with projection and filter expressions.

Learn how to create on-demand and scheduled DynamoDB backups, restore from backups, and enable point-in-time recovery to recover within a 35-day window.

Compare Amazon ElastiCache's Redis and Memcached offerings, detailing in-memory storage, data types, persistence, and fault tolerance. Contrast MemoryDB's clustering and its use as a primary database versus ElastiCache's caching role.

Learn Amazon ElastiCache Memcached architecture with 1–20 nodes per cluster and automatic failover; use endpoints and autodiscovery for connections, and remember it's an in-memory, non-persistent store.

Explore ElastiCache for Redis architecture with cluster mode, shards, and replicas. Learn how endpoints, scaling options, and global data store across regions boost resilience and performance.

Explore elasticache cost structure: node hourly pricing, 1- or 3-year reserved discounts, outbound data transfer per GB. Backup storage includes one free snapshot per cluster; additional backups cost per GB.

Explore other NoSQL services beyond the core exam scope, including DocumentDB, Keyspaces, Neptune, Timestream, and QLDB as document oriented, graph, time series, and distributed ledger databases.

Discover Amazon DocumentDB, a document-based, JSON-like database with a schemaless, hierarchical structure and MongoDB API compatibility for seamless AWS migration and scalable queries.

Discover Amazon key spaces, a managed Cassandra service on AWS with auto scaling, on-demand or provisioned capacity, and strong or eventual consistency for keyspaces, partition keys, and CQL usage.

Explore amazon Neptune's graph architecture with a sample of alice, bob, and charlie; learn cluster deployment in a vpc, primary and read replicas, and quorum writes.

Explore Amazon Timestream, a managed time series database that scales automatically, stores frequently accessed data in memory, and supports SQL-based analysis with moving average and rate of change.

Explore Amazon QLDB, a fully managed distributed ledger database that provides data immutability, cryptographic verifications, and complete traceability of transaction history for finance, manufacturing, insurance, and supply chains.

Explore Amazon API gateway as a secure interface for web apps, supporting HTTP, REST, and WebSocket APIs with edge, regional, and private endpoints, and Lambda integrations with mapping templates.

Explore Amazon api gateway features, including usage plans, caching, and encoding. Learn authentication options with IAM, Cognito, and Lambda authorizers, and pricing based on API calls and data transfer.

Explore serverless architecture with API gateway, Lambda, and DynamoDB by building a book catalog app that posts and retrieves books, covers security tokens, throttling, and exponential backoff.

Learn to build a rest api with lambda proxy integration in api gateway, creating a hello world function, configuring resources, deploying stages, and testing the endpoint.

Link api gateway stages and staging variables to lambda version aliases to separate development and production environments. Implement a canary release with weighted routing between version 1.0 and 2.0.

Learn how aws appsync delivers real-time, offline graphQL data with iam and cognito security, using mutations, subscriptions, and graphql resolvers to store updates in dynamodb.

Explore Amazon SQS as a free managed message queue for loosely coupled, asynchronous architectures, comparing standard and FIFO queues, and covering polling, visibility timeout, delay queue, and dead letter queue.

Learn to create and test AWS SQS standard and FIFO queues, configure visibility timeout, delivery delay, and message retention, and use dead letter queues, deduplication, and message group IDs.

Examine Amazon MQ, a message queuing service based on Apache MQ and RabbitMQ that supports JMS and MQTT, and compare it to SQS for AWS deployments and on-premises migrations.

Amazon SNS is an event-driven messaging service that pushes low-volume messages, such as mobile push notifications or alerts, to a large number of subscribers in a one-way, fan-out delivery.

Explore Amazon SES, a service for sending and receiving email via SMTP or API, featuring templates, SPF and DKIM, virus scanning, and S3 storage, contrasted with SNS for notifications.

Amazon Pinpoint enables large-scale, multi-channel customer communication via SMS, email, push notification, and voice, with audience segmentation by attributes and preferences, tailored messaging, open-rate analytics, and per-channel pricing.

Explore AWS Step Functions, a state machine service that coordinates distributed application workflows with serverless components, enabling parallel and serial processing, conditional branching, and dynamic maps via Amazon States Language.

Build and simulate AWS Step Functions state machines using JSON and the graphical interface, explore templates, start states, conditions, wait times, parallel processing, and versioned deployments.

Explore Amazon EventBridge, a serverless event bus that connects apps with data from diverse sources, including SaaS, via event bus, pipes, and scheduler, routing events to Lambda, SQS, or Kinesis.

Explore Amazon AppFlow, a managed integration service that securely transfers data between SaaS apps like Salesforce and AWS services, with scheduled transfers, filtering, and encryption in transit and at rest.

Explore AWS Amplify, a platform for building, deploying, and managing web and mobile apps with a user-friendly UI and hosting for static sites and single-page apps.

Explore AWS device farm, a free managed service to test mobile apps on devices using open source frameworks, pricing by test execution time. Upload your app, run tests, capture screenshots.

Explore AWS analytics tools spanning data ingestion, processing, visualization, and analytics for data lakes and warehouses. Key services include S3, Redshift, Athena, OpenSearch, Kinesis, QuickSight, EMR, SQS, and MSK.

Learn how Amazon Kinesis Data Streams ingests real-time data with producers and consumers, shard-based distribution by partition keys, and the Kinesis Client Library to read across shards.

Explore Amazon Kinesis Data Firehose, a fully managed service that delivers data in groups by size or time with compression, encryption, built-in Lambda data conversion, and buffering options.

Explore Amazon Kinesis Data Analytics, the managed service for Apache Flink, to analyze streaming data with sql, python, or scala and route results to destinations.

Explore how Amazon Kinesis Video Streams collects and analyzes real-time and recorded video from millions of devices using machine learning and Rekognition.

Discover how Amazon MSK provides a fully managed Apache Kafka service on AWS, reducing operational overhead. Understand security features and pay as you go pricing for scalable processing.

Discover how AWS Lake Formation simplifies managing data lakes and S3 buckets, enabling automated ingestion, integration with ETL tools and IAM for fine-grained row-to-cell access control across databases and tables.

Explore AWS Glue, a fully managed ETL service for batch and streaming workloads, using the AWS Glue crawler and data catalog to map source to target and auto-generate Python code.

Amazon Athena enables SQL-based analysis of data stored in S3 and uses work groups to control access and resources with IAM policies and ARNs.

Explore Amazon OpenSearch as a managed AWS service for deploying OpenSearch clusters, with its dashboard, documents, indices, shards, data and master nodes, and Ultrawarm storage for cost-efficient warm data.

Introducing Amazon QuickSight, a free managed business intelligence tool that scales to hundreds of thousands of users, enabling dashboards and reports with spice in-memory analytics and AWS and third-party support.

Discover how AWS Data Exchange operates as a marketplace service to subscribe to provider data, store in S3, and connect via APIs. Understand pricing that varies by provider and subscriber.

Understand how the AWS data pipeline automates data movement and transformation between AWS services and on-premise stores, enabling ETL, scheduling, and execution tracking, with current new-customer phase-out.

Explore Amazon EMR, a large-scale processing platform using Spark, Hive, and Presto on Hadoop for petabytes of data, with scalable compute and storage to S3, HDFS, Kinesis, and DynamoDB.