Update: I’ve written 2/3 of the new exams so far and these lists are holding up well. I still recommend reading/watching these links in order to prepare for the beta exams. For more details on the 3rd exam (Advanced Networking), check out this great post by Adrian Cantrill @ A Cloud Guru
One of the points I called out in “5 Ways To Get The Most From AWS re:Invent 2016” was getting certified on-site during the show. The atmosphere during re:Invent can give you the much needed push to get in gear and write an exam or two.
After writing that post, a good friend pointed out that AWS has an additional treat for us this year: SPECIALITY BETA EXAMS!
Ok, so these exams weren’t released just for the show but re:Invent is a great time to dive in and take a crack at one of these three specialities.
They all have the same pre-requisite: you must hold a current associate certification. Any of the three associate certifications will meet this criterion.
In addition to the general prerequisite, there are recommended experience levels for each exam. Please review them for the exam you’re interested in but basically they state that you should have 5+ years hands on experience with the core subject matter and as much hands on experience with that subject in AWS as possible.
I don’t have any first hand knowledge of these new exams and am working from the publicly available information. The recommended materials below are in addition to the officially recommended ones. The goal is to provide you with a list to jump start your studying. You should still do you own research into the exam before writing.
AWS Certified Advanced Networking
Officially called, “AWS Certified Advanced Networking — Specialty (Beta)”, this exam targets the underlying network plumbing both in AWS and in hybrid architectures.
Judging by the exam guide (PDF) and the experience requirements, if you’ve been involved in network engineering or operations, this exam might be a good fit for you.
If not: does the acronym soup of MPLS, CIDR, OSI, IPv6, and VPLS send you running for the hills? No, you might also be a good fit.
The majority (52%) of this exam is on network hybrid network architecture and AWS network architecture. If you’re not comfortable discussing the ins and outs of MPLS forwarding equivalence classes it might be time to hit the books.
I took a look at the exam guide and here is the material that I would recommend reviewing before attempting the exam:
- Scaling Up to Your First 10 Million Users (video from AWS re:Invent 2015)
- Architecting for the Cloud: AWS Best Practices (AWS whitepaper)
- Overview of AWS Security — Network Security (AWS whitepaper)
- AWS Best Practices for DDoS Resiliency (AWS whitepaper)
- AWS Well-Architected Framework (AWS whitepaper)
- From One to Many: Evolving VPC Design (video from AWS re:Invent 2015)
- AWS VPC Deep Dive (slides from AWS re:Invent 2014)
- Deep Dive: AWS Direct Connect and VPNs (video from AWS re:Invent 2015)
- Amazon Virtual Private Cloud Network Connectivity Options (AWS whitepaper)
Of course there is a ton of other information that would be valuable that isn’t AWS specific. This is a 3 hour exam that aims to prove that you’re comfortable with the intricacies of advanced network concepts and how to apply them in the AWS Cloud.
AWS Certified Security
Security is a topic near and dear to my ❤️ and one of top concern for most organizations moving to the AWS Cloud. Thankfully, there is a ton of fantastic material available to help users understand how to build extremely secure and flexible deployments in AWS.
Long been rumoured, it’s nice to see that the beta of this exam is finally available. The exam guide (PDF) lays out the structure and — unlike the networking speciality — this exam covers a lot of different AWS services.
This exam looks to be wide and deep. That’s understandable and fair given the subject matter but it also makes preparation a lot more challenging.
Of particular note are the compliance requirements and required understanding of standardized guidance. For those not working in full time security roles, this could be a really challenging area. ISO 27001, PCI DSS, HIPAA, SAS 70, SOC 1, FISMA, and NIST all offer guidance, architectures, and a maze of have/should have requirements.
The good news is that GRC (governance, risk, and compliance) is only 10% of the exam but its principles will inform the rest of the answers as — when taken together — these systems form the foundation of security “best practices”.
If you’re planning on attempting this exam, it’s time to start researching! Here are some links — in addition to the officially recommended reading — to get you started:
- AWS Security Best Practices (AWS whitepaper)
- AWS Risk and Compliance (AWS whitepaper)
- Overview of AWS Security — Analytics, Mobile, and Applications Services (AWS whitepaper)
- Overview of AWS Security — Application Services (AWS whitepaper)
- Overview of AWS Security — Compute Services (AWS whitepaper)
- Overview of AWS Security — Database Services (AWS whitepaper)
- Overview of AWS Security — Network Security (AWS whitepaper)
- Overview of AWS Security — Storage Services (AWS whitepaper)
- Security at Scale: Governance in AWS (AWS whitepaper)
- How to Become an IAM Policy Ninja in 60 Minutes or Less (video from AWS re:Invent 2015)
- Strategies for Protecting Data Using Encryption in AWS (video from AWS re:Invent 2015)
- AWS Key Management Service Cryptographic Details (AWS whitepaper)
- AWS Config Rules: Improve Governance Over Configuration Changes (video from AWS re:Invent 2015)
- Architecting for HIPAA Security and Compliance on AWS (AWS whitepaper)
With the networking exam, the area of concern is clear. You need to go really, really deep on a couple key areas. With the security speciality, expect the depth to be almost the same level but with a significantly broader scope.
AWS Certified Big Data
The third speciality covers one of the fastest growing areas of the AWS Cloud: BIG data. The land of the laughable Gigabyte, where the Petabyte and Exabyte (yes, that’s actually a thing) rule.
The modest claim from AWS that this exam looks to validate skills “designing and implementing AWS services to derive value from data”. That doesn’t even start to do justice to the complexity of the material covered.
There’s a ton of innovation in this space which will makes this a uniquely challenging speciality to study for. The areas covered by the exam (PDF guide) are:
- Collection
- Storage
- Processing
- Analysis
- Visualization
- Security
This structure mirrors a big data workflow with the 6th (security) as an overall concern. A big downside here is that there isn’t a lot of specific guidance from AWS on what’s covered in the exam.
Based on my experience and what I could scrape together, here are some recommended resources beyond the official ones:
- Big Data Analytics Options on AWS (AWS whitepaper)
- Data Warehousing on AWS (AWS whitepaper)
- Amazon Redshift Deep Dive: Tuning and Best Practices (video from AWS re:Invent 2015)
- Amazon Elastic MapReduce Deep Dive and Best Practices (slides from AWS re:Invent 2014)
- Best Practices for Amazon Elastic MapReduce (Amazon EMR) (AWS whitepaper)
- Overview of AWS Security — Database Services (AWS whitepaper)
- Amazon Kinesis Deep Dive (video from AWS re:Invent 2014)
- Amazon Kinesis and Apache Storm: Building a Real-Time Sliding-Window Dashboard over Streaming Data (AWS whitepaper)
- Streaming Data Flows with Amazon Kinesis Firehose (video from AWS re:Invent 2015)
- Building Real-time Streaming Applications with Amazon Kinesis (video from AWS re:Invent 2015)
- Real-time Anomaly Detection on Streaming Data (AWS whitepaper)
- Lambda Architecture for Batch and Real-Time Processing on AWS with Spark Streaming and Spark SQL (AWS whitepaper)
- Strategies for Protecting Data Using Encryption in AWS (video from AWS re:Invent 2015)
There’s a lot of ground to cover but the exam guide seems to indicate that this speciality is going to focus around big data workflows and finding the right AWS service for each step in that flow.
If you have a solid understanding of the services offered and their value, along with hands-on experience implementing big data solutions in the real world, you might have a good chance at passing this exam.
Time To Specialize
I’m glad the certification track has finally caught up with the breadth of services offered by AWS. With over 50 services offered, AWS users are less and less likely to use them all. Specialization is inevitable and having the certifications to reflect that is a win for the community.
I asked my friend Geoff for his thoughts on the new beta exams. He got back to me with this perfect quote, “😱”. When pressed, he got a little more eloquent…
I’m really impressed by the coverage of these new exams and consider them to be pro-level indications of competence. I’m not crazy enough to try all three of them in one day, but I just might give the security one a shot.
That last line is a smiling, parting shot at some in the community that are thinking of lining up all three exams during the show in order to have all 8 certifications and join a new, exclusive club.
For people like Geoff, these speciality exams are a recognition of knowledge already hard won. For others, they are a new goal to strive for. Regardless of your situation, these exams are a chance to stand out from the growing — and fantastic — community of AWS professionals.
Good luck!
Remember, I’ll be at AWS re:Invent again this year and am looking to help you get the most from the show. If you have a question you want answered, let me know and I’ll write it up, record it, or share some code with the solution.
