Points to remember for the exam

These are "best practices" which you should use when eliminating answers in the test.

• Single AZ will never be the correct answer for highly available solutions.

• Using AWS managed services are always preferred.

• Know the difference between fault tolerance and high availability.

• Design for failure (expect that everything will fail at some point).

• Caching strategies can significantly improve performance and may decrease costs.

• Choose the instance type for your specific workload.

• NEVER EVER use the root user for every day tasks.

• Use IAM roles for giving permissions to applications.

• Security Groups only have allow rules.

• NACLs have allow and deny rules.

• Use serverless services for solutions which need to have no infrastructure managed.

• If you know it's going to be used long term, pick the reserved version for it.

• SSD volumes (gp2 and io1) are for small and random I/O operations.

• HDD-backed volumes (st1 and sc1) are for large and sequential I/O operations.

• S3 can host static websites and it is very cheap and you can also pair this with CloudFront to decrease latency.

• Understand difference between ALIAS and CNAME record:

  • CNAME record:

    • Forwards one domain to another domain, it cannot be an IP address.

    • Only work for non-root domains, e.g. somethinghastogohere.mydomain.com.

  • Alias

    • Native health checks.

    • You create alias records to route traffic to selected AWS resources.

    • Works for root domains and non-root domains.

• Secrets Manager is the one that can rotate credentials; Parameter store can't.

• In S3, when your object size reaches 100 MB, you should consider using multipart uploads instead of uploading the object in a single operation.