The Cloud is becoming an increasingly prolific part of modern IT environments. It’s cheap, secure, and offloads responsibilities like patching and hardware maintenance to a third party. Unfortunately, the cloud remains largely misunderstood, even by industry “experts”.

The Certified Solutions Architect – Associate (CSAA)** certification validates an examinee’s ability to “architect and deploy secure and robust applications on AWS technologies”. Certificate holders can expect, on average, a salary of $130,000 in the U.S. and Canada.1 The test requires no formal training and costs only $150. At the time of writing, the exam contains 65 questions and has a passing score of 72%.

The Starting Line

My AWS knowledge was very limited when I began the certification process. I had previously created a basic forensics lab using EC2 VMs and had pointed an S3 bucket to a static website. Every other service was foreign, as was the concept of “solutions architecture” in general.


AWS offers over 150 unique services. The challenge is figuring out how to use these services and combine them strategically. The CSAA certification covers five “domains”:

AWS Table

<font-color=“white”> Designing Resilient Architectures is the first domain of the CSAA and is worth 34% of the exam score. Questions in this domain generally involve concepts like load balancing, autoscaling, and disaster recovery.

Next is <font-color=“white”> Defining Performant Architectures at 24%. AWS has many services fill similar but different roles. For example, an Aurora database would work very well as an HR system back-end. A Redshift database, on the other hand, is more suited for analyzing sales for an online store. Additionally, some AWS services have features that optimize performance through use of caching, workload distribution, and more. This domain tests the examinee on their ability to pick the right service for the job and to optimize it accordingly.

AWS Chart
AWS has 10 different services for storage alone!

Specify Secure Applications and Architectures tests knowledge of basic AWS security. Services like KMS (encryption), VPC (networking), and IAM (users and groups) make up 26% of your score. Some of these concepts may be hard to grasp at first but are critical for a cloud architect to understand. Over 100 million credit applications were stolen from a CapitalOne AWS server due to a WAF misconfiguration.2 Another key driver of enterprise cloud adoption is cost. 10% of your score is based on your ability to Design Cost-Optimized Architectures. This requires knowledge of different S3 storage tiers, EC2 pricing models, etc.

Last is Defining Operationally Excellent Architectures. Many exam scenarios present multiple “correct” answers and ask you to pick the “best” one (cost optimized, fault tolerant, etc.) This domain is similar to the 2nd and is worth 6% of the exam score.

Hands-On Experience

One of the best ways to learn is through hands-on experience. Setting up an AWS account takes five minutes. For a full year, every AWS account gets 750 hours of free RDS and EC2 service per month, 1 million lambda requests, and 5GB of S3 storage. There are other free services offered and there are limitations. For example, free EC2 instances are stuck at 1GB of RAM. Check out the official AWS Free Tier page for more details.

Free Tier Details
Free Tier Details

Once you create an account, start experimenting! You might be surprised how much you can do for free. I recommend setting up billing alarms just in case. Here’s an idea for a lab you can try: let’s say you have a 1000x1000 image sitting in an S3 bucket. Combine a handful of AWS services to make it so you can easily view that same image in 100x100, 200x200, and so on. Here’s an example of what that might look like:

AWS Cloud

QwikLabs is a great source for walkthroughs on this and other labs.

Online Lectures

Most of my time studying was spent by watching online lectures. You can find a surprising amount of quality content for free through sources like Github and YouTube.

• https://github.com/open-guides/og-aws
• https://www.youtube.com/watch?v=0UZkc3q_DWI

My employer footed the bill for an ACloudGuru account, which was tremendously helpful. The video lectures were entertaining, easy to understand, and covered every AWS technology I saw on the exam.

• Computing (EC2, Lambda)
• Storage (EBS, EFS, S3)
• Databases (RDS, DynamoDB, Redshift)
• Scalability / Load Balancing (Beanstalk, ASG, CloudFormation)
• Networking and Security (VPC, Route53, IAM, Cognito)
• Monitoring (CloudWatch, CloudTrail, Flow Logs)
• Miscellaneous services like SNS, SQS, SWF, Kinesis, and much more

ACloudGuru also has quizzes at the end of each section as well as two full-sized practice tests that I feel accurately portray the types of questions you’ll see on the real test.

Practice Tests

Below is an example of a question you might see on the exam:

Jim’s Pizzas is looking to store copies of customer receipts in the cloud. Receipts should be stored in a highly available and quickly accessible system. Receipts should be automatically deleted after a month. Which of these storage solutions best fits the client need?

A. Glacier
B. S3
D. DynamoDB

Some questions, such as those in the <font-color=“white”> Operationally Excellent domain, are more difficult. They focus on minor differences between different types of EBS volume (IOPS vs throughput) or load balancing (network vs application). AWS offers a list of official sample questions and you can take an official practice test from them for only $20.

Final Exam & Summary

The CSAA exam must be taken at an in-person test center (e.g. Pearson VUE). The test takes around 2 hours to complete and is 65 questions long. Questions are almost entirely scenario-based and might need to be re-read a few times before they are fully digested.

There were no “surprises” on my exam in terms of content or formatting. A variety of services and architectural applications were covered. A few of the more popular services (EC2, S3, RDS, and VPC) were more heavily focused on, but that’s only natural. I finished the test within about an hour and spent the next thirty minutes reviewing questions I didn’t feel great about. Upon finishing the exam, I was given a “PASS”, but had to wait 24 hours before receiving a detailed score report via email.

Overall, I enjoyed the CSAA experience and am excited to start on the CSAP next year. I think this is a great certification for anyone who wants to expand their knowledge of the cloud and become a more marketable IT expert. It’s incredibly popular, meaning an abundance of free and commercial training options. The test is not incredibly long or tricky and does a fantastic job of testing practical knowledge of key AWS services – and at only $150 , you get incredible bang for your buck.


1 https://www.globalknowledge.com/us-en/training/certification-prep/brands/aws/section/architect/aws-certified-solutions-architect-associate/
2 https://ejj.io/blog/capital-one

                            < Sw33tRoll @W$ >
                               \        .
                                .---.  //
                               Y|o o|Y//