Getting cert-y with all-5 AWS certs

Jeremy Gibbons, AWS Channel Lead, Coalfire

I thought my recent experience achieving all five (5) AWS certs might be helpful to others in the community that are looking to do the same. However, this blog isn’t meant to stand on its own, and I encourage everyone interested in going for all 5 certs to read other blogs posts too.

Ultimately, the best advice I can give anyone is this: plan your certs around your strengths, and take the exams only when you’re ready. This is a marathon, not a 100-meter dash.

With that, enjoy my take on getting the certs and my lessons-learned.

Associate vs. Professional Certifications

The associate level certifications seemed more mechanical in nature compared to their professional counterparts, with the associate exams focusing on testing one’s ability to recall specific concepts and capabilities regarding a service.

In fact, after the exams I cross-referenced as many topics as I could remember, and discovered many of the questions and answers were lifted nearly verbatim from a whitepaper or a service’s documentation. With that being said, reading through a service’s documentation, faq, and whitepaper topic might be one of the best ways to study for the associate certs.

Now enter the professional certifications, where mechanical know-how meets practical execution. The best way to explain the professional certifications would be this:

Proficient associate level knowledge + critical thinking and problem-solving skills

I would recommend that candidates going for either pro certs have 5 to 10 years’ industry (aka real-world) experience and 3 to 5 years’ experience with AWS before attempting.

Studying and Tips

While nothing replaces rolling up the sleeves and diving into an ecosystem and having real-world experiences, the most I can say here is that one should become intimately familiar with the AWS whitepapers, terminology, and best practices.

The professional certs not only require a proficient understanding of the AWS services, but they will also test how familiar one is with specific terminology, and the ramifications these terms have when selecting the best correct answer. For instance, understanding what cost-effective, fault tolerant vs. highly-available, and scalable mean within context of the question is as equally, if not more, important than understanding the service capabilities alone.

Also, become familiar with the shared responsibility model and the various AWS policies and procedures regarding pen-testing, service limits, and service requests since all certification exams had questions that test one’s know-how there.

I also recommend enrolling in an AWS instructor-led course. Amazon offers many such courses related to architecture, development, devops, and certification preparation. There are also many self-paced learning and development options available online such as Linux Academy, a Cloud Guru, and Cloud Academy to name a few. All these resources offer great material, but they come at a cost. So, for the budget-conscious individual, reading the service documentation, whitepapers, and using AWS will be your best bet at passing the certs.

2-tips for the exam test taker:

  1. Read the questions completely before answering - Expect some questions to be written in such a way that one might jump-the-gun and answer it incorrectly. Don’t fall victim to this, read the whole question!

  2. Use answer elimination - Write down the answer set on the provided scratch paper (e.g. A, B, C, D), and cross out the wrong answers to help narrow down the options. Reread the question and look for any key terminology that might eliminate another wrong or less-right answer. Rise-and-repeat, and worse case, go with your gut; pick an answer, and don’t look back!

For me, the elimination method helped tremendously during my exams because it slowed me down, kept me calm, and kept my focus on the concepts at hand. However, the professional questions are scenario based and lengthy; therefore, they’ll take longer to answer than associate questions.

This brings me to time management. Although, timing is important for all the exams, time management is more important during the professional exams. On average, a professional exam question must be read, understood, and answered in less than 2 minutes to avoid running out of time. While one should take their time, don’t take too much time, and avoid looking at the count-down timer!

Finally, trust in your knowledge. Don’t be thrown off by Answer-and-Forget (A&F) questions, or questions and answers that appear so complex, involved, or ambiguous they disrupt your exam-chi. Often these questions can be answered with ease. For example, an A&F question might spotlight DHCP option sets, and while one might not understand the question or answers at all, all but one answer can be eliminated because all but one answer says to modify the DHCP option set, which is immutable.

Path to Certification

Solutions Architect (SA) Associate: This certification should be the first one that anyone achieves since it requires a breadth of knowledge that spans many of the AWS services including:

  • Elastic Cloud Compute (EC2)
  • Virtual Private Cloud (VPC) Networking
  • Simple Storage Service (S3)
  • Elastic Block Storage (EBS)
  • Identity and Access Management (IAM)
  • Route 53
  • Rational DB Service (RDS)
  • DynamoDB (DDB)
  • Glacier
  • Simple * Service (i.e. SQS, SWF, SNS, and SES)
  • Elastic Beanstalk (EB)

SysOps (SO) Administrator Associate: SA + VPC, IAM, CloudWatch (Metrics, Alarms, Notification, etc), Audit / Logging, SNS, Auto Scaling, and Disaster Recovery (DR)

Developer (DV) Associate: SA + SO + SDK and CLI familiarity, IAM (Policies, Roles, Access Control), DDB, SQS, S3, Elastic Beanstalk, CloudFormation, and OpsWorks

DevOps (DO) Engineer Professional: SO + DV + Elastic Beanstalk, Docker, CloudFormation, IAM, DDB, and OpsWorks

  • This certification requires strong problem-solving skills needed for operations and maintenance (O&M), and business continuity. In my opinion, this certification requires the most hands-on knowledge of all the exams.

  • Also, many of the questions had several answers to choose from (e.g. A – G). While many of the questions were shorter than those found on the SA Pro, the sheer number of answers to read through was intense.

Solutions Architect Professional: SA + SO + Kinesis, OpsWorks, Data Pipeline, Containership (ECS, EB), Direct Connect, ElastiCache, CloudFront, IAM Federation, STS, and EMR

  • This certification requires strong critical thinking skills, solid understanding of cloud best practices, and proficient selection / use of AWS services to satisfy the key requirement(s). This certification also tests skills relating to various hybrid deployments, so having enterprise architecture experience would come in handy, but isn’t required.

I recommend going for the certifications as listed in the order above based on difficulty (easiest to hardest). Yes, the above difficulty order is highly subjective, including the relative difficulty of the professional exams. However, the DevOps Pro exam, to me, seemed to have more clearly and objectively right and wrong answers compared to the SA Pro exam.

Taking the Certifications

There are two noteworthy mentions here. Firstly, AWS recently relaxed the retake policy by upping the number of retake attempts, and shorting the time between failed attempts. This might help take some of the pressure off when taking the exam. I know it did for me! As always, things will change after this is written so be sure to check out the latest exam and retake policies on the AWS certification website.

Lastly, consider taking the certification practice exams. While I found the content wasn’t in parity with the actual certification exam, the overall structure and question lengths do accurately represent what one would encounter on the exam. So, if time management is a concern, taking the practice exams would be a great way to prepare for the cert.

Take care and good luck!

View Jeremy Gibbons LinkedIn profile

Jeremy Gibbons


Jeremy Gibbons — AWS Channel Lead, Coalfire

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS