Failed the AWS Certified Solutions Architect professional exam

The professional AWS exam is one hell of an exam!

Published: Wednesday, Mar 18, 2020 Last modified: Sunday, Jun 9, 2024

UPDATE: Just passed the Pearson Vue online exam!

Read the FAQ on Just copying interesting section out here since it’s in a silly UI FAQ accordion:

During the check-in process, you will be asked to take photos of your work area, which will be checked by security prior to exam launch. Please ensure that your desktop is clean and that you are not within arm’s reach of books, notepads, sticky notes, papers, pens, pencils, and other writing instruments/objects. Additional monitors and computers must be unplugged and turned off, and all smart accessories and devices must be removed and turned off. Items on the wall with writing on them, such as whiteboards, will be inspected. If your workspace does not pass a room scan, you are not permitted to proceed with taking the exam. Please ensure that you are in a well-lit room for the proctor to see you and your workspace. Avoid exam locations with a light source behind you (such as a window or bright lamp). An artificial light source is recommended, as the availability of natural light may change over the course of your exam appointment. Remember that no third party may enter the room during your exam. If this occurs, your exam session will be terminated. This room will need to be a quiet space without any noise or other distractions. Exam candidates are ultimately responsible for ensuring the workspace meets all of the requirements.

Couple of things about the home examination experience:

Just for the record I failed three times before passing:

  1. 2018-11-28 643 FAIL
  2. 2019-05-29 654 FAIL
  3. 2020-03-17 730 FAIL
  4. 2020-04-28 879 PASS

Failed the AWS Certified Solutions Architect – Professional

Yesterday I took and failed the SAP-C01 exam. You may have noticed I scribbled some preparation notes earlier.

Candidate score was 730 and I needed 750 to pass. So I was close, but it showed at least to me some gaps in my knowledge.

The 3 hour test is pretty gruelling. Not looking forward to retaking it in to two weeks on the 2nd of April (Update: Cancelled due to COVID-19), since I need it for my employer who are AWS partners.


Carrying on with my revision notes.

Customer Gateways

An Amazon VPC VPN connection links your data center (or network) to your Amazon Virtual Private Cloud (VPC). A customer gateway device is the anchor on your side of that connection. It can be a physical or software appliance.

Virtual Private Gateways

The anchor on the AWS side of the VPN connection is called a virtual private gateway. Associate this with your VPC.

Site-to-Site VPN Connections

This is typically for on-premise network to an AWS VPC as redundancy to a Direct Connect.

If you want a connection between VPCs, say across regions, you want a Peering Connections instead. However if your region supports AWS Transit Gateway with Inter-Regional Peering, you want to use this for added flexibility. Track availability on the FAQ.

Client VPN Endpoints

This links customer gateway and virtual private. At time of writing mutual authentication via Public Key cryptography seems like the defacto way of doing it:

The connection is done via Openvpn configuration called downloaded-client-config.ovpn which you need to painfully edit in an ID to the connection address and the keys generated via Mutual Authentication process aka public/private keys instead of shared secret.

Deployment options

There is a cheatsheet but I find the AWS documentation clearer.

All at once Elastic Beanstalk option results in down time, so avoid it to minimise disruption.

Will I have enough capacity to scale?

You can make a On-Demand Capacity Reservation