Tag Archives: aws solutions architect

AWS Refreshes Certified Solutions Architect – Associate Exam

Solutions Architect

With the Beta exam out in late 2017, we certainly knew this day was coming. AWS has announced a new refresh on their most popular certification – the Solutions Architect – Associate.

Since AWS is simply in love with the Frequently Asked Question (FAQ) approach to learning, I thought I would use that format for the details you need to know about this refresh.

  • Q: Can I still take the “old” exam? I am almost done with my prep for that version!
    • A: You can take the “old exam” still if you like – the last day to test on the old exam is August 11, 2018.
  • Q: Where can I find the “old” exam blueprint?
    • A: You can find that here.
  • Q: Where can I find the new exam blueprint?
    • A: You can find that here.
  • Q: If I want to register for the new exam – how is it identified?
    • A: While both exams are live, you will note the title of the new exam includes data information – “AWS Certified Solution Architect – Associate (Released February 2018)”
  • Q: Is the new exam tougher?
    • A: No – I would say that overall the new exam is easier. Keep in mind it is updated to cover newer services, however.
  • What about the modules at CBT Nuggets for Solutions Architect – Associate? Which exam do those Nuggets cover?
    • A: The modules at CBT Nuggets address the “old” exam. On August 12, 2018, the Nuggets will be refreshed to map directly to the new exam. Note on that date, there will only be one exam live – the new exam.
  • I would love to start studying right now for the new exam. Are there any free materials available right now?
    • A: By far – this homepage of resources is extremely valuable for preparation: click here

VPC Peerings in AWS

VPC Peerings

An often overlooked feature with VPCs in AWS is your ability to create peering relationships between them. AWS calls this, appropriately, VPC Peerings. These objects permit you to route traffic between VPCs and offer the following killer features:

  • You can route traffic between your own VPCs
  • You can route traffic between your VPC and a VPC in another AWS account
  • Some regions even support an inter-region VPC Peering connection
  • The VPC Peering is not physical hardware, it is not a gateway or VPN connection; this ensures high availability for the peering using the global infrastructure of AWS

The steps you perform for the creation of a VPC Peering are simple:

  1. Request the peering from a Requestor VPC to an Acceptor VPC
  2. Once the Peering is accepted, manually add the routes you desire to the routing tables in the two VPCs
  3. Modify Security Groups appropriately to permit the desired access to resources across the VPCs

There are important restrictions to keep in mind for intra-region VPC Peerings:

  • The CIDR ranges cannot overlap
  • There is a limit to the overall number of VPC Peerings you can have; this is a soft limit that you can contact AWS about of course
  • You cannot have more than one VPC Peering between two VPCs
  • They do support Placement Groups with some limitations
  • There is no Unicast Reverse Path Forwarding security protections permitted

The restrictions for inter-region VPC Peerings are as follows:

  • The Security Groups cannot reference each other across the regions
  • DNS will not function across the regions seamlessly like within a region
  • IPv6 communications are not supported in this design
  • The MTU is 1500
  • Inter-region VPC Peerings are limited to only certain regions currently