AWS-SAP Certification Exam Syllabus

• AWS global infrastructure
• AWS networking concepts (for example, Amazon VPC, AWS Direct Connect, AWS VPN, transitive routing, AWS container services)
• Hybrid DNS concepts (for example, Amazon Route 53 Resolver, on-premises DNS integration)
• Network segmentation (for example, subnetting, IP addressing, connectivity among VPCs)
• Network traffic monitoring

Skills in:

• Evaluating connectivity options for multiple VPCs
• Evaluating connectivity options for on-premises, co-location, and cloud integration
• Selecting AWS Regions and Availability Zones based on network and latency requirements
• Troubleshooting traffic flows by using AWS tools
• Utilizing service endpoints for service integrations

• AWS Identity and Access Management (IAM) and AWS Single Sign-On
• Route tables, security groups, and network ACLs
• Encryption keys and certificate management (for example, AWS Key Management Service [AWS KMS], AWS Certificate Manager [ACM])
• AWS security, identity, and compliance tools (for example, AWS CloudTrail, AWS Identity and Access Management Access Analyzer, AWS Security Hub, Amazon Inspector)

Skills in:

• Evaluating cross-account access management
• Integrating with third-party identity providers
• Deploying encryption strategies for data at rest and data in transit
• Developing a strategy for centralized security event notifications and auditing

• Recovery time objectives (RTOs) and recovery point objectives (RPOs)
• Disaster recovery strategies (for example, using AWS Elastic Disaster Recovery [CloudEndure Disaster Recovery], pilot light, warm standby, and multi-site)
• Data backup and restoration

Skills in:

• Designing disaster recovery solutions based on RTO and RPO requirements
• Implementing architectures to automatically recover from failure
• Developing the optimal architecture by considering scale-up and scale-out options
• Designing an effective backup and restoration strategy

• AWS Organizations and AWS Control Tower
• Multi-account event notifications
• AWS resource sharing across environments

Skills in:

• Evaluating the most appropriate account structure for organizational requirements
• Recommending a strategy for central logging and event notifications
• Developing a multi-account governance model

• AWS cost and usage monitoring tools (for example, AWS Trusted Advisor, AWS Pricing Calculator, AWS Cost Explorer, AWS Budgets)
• AWS purchasing options (for example, Reserved Instances, Savings Plans, Spot Instances)
• AWS right-sizing visibility tools (for example, AWS Compute Optimizer, Amazon S3 Storage Lens)

Skills in:

• Monitoring cost and usage with AWS tools
• Developing an effective tagging strategy that maps costs to business units
• Understanding how purchasing options affect cost and performance

• Infrastructure as code (IaC) (for example, AWS CloudFormation)
• Continuous integration/continuous delivery (CI/CD)
• Change management processes
• Configuration management tools (for example, AWS Systems Manager)

Skills in:

• Determining an application or upgrade path for new services and features
• Selecting services to develop deployment strategies and implement appropriate rollback mechanisms
• Adopting managed services as needed to reduce infrastructure provisioning and patching overhead
• Making advanced technologies accessible by delegating complex development and deployment tasks to AWS

• AWS global infrastructure
• AWS networking concepts (for example, Route 53, routing methods)
• RTOs and RPOs
• Disaster recovery scenarios (for example, backup and restore, pilot light, warm standby, multi-site)
• Disaster recovery solutions on AWS

Skills in:

• Configuring disaster recovery solutions
• Configuring data and database replication
• Performing disaster recovery testing
• Architecting a backup solution that is automated, is cost-effective, and supports business continuity across multiple Availability Zones and/or AWS Regions
• Designing an architecture that provides application and infrastructure availability in the event of a disruption
• Leveraging processes and components for centralized monitoring to proactively recover from system failures

• IAM
• Route tables, security groups, and network ACLs
• Encryption options for data at rest and data in transit
• AWS service endpoints
• Credential management services
• AWS managed security services (for example, AWS Shield, AWS WAF, Amazon GuardDuty, AWS Security Hub)

Skills in:

• Specifying IAM users and IAM roles that adhere to the principle of least privilege access
• Specifying inbound and outbound network flows by using security group rules and network ACL rules
• Developing attack mitigation strategies for large-scale web applications
• Developing encryption strategies for data at rest and data in transit
• Specifying service endpoints for service integrations
• Developing strategies for patch management to remain compliant with organizational standards

• AWS global infrastructure
• AWS storage services and replication strategies (for example Amazon S3, Amazon RDS, Amazon ElastiCache)
• Multi-AZ and multi-Region architectures
• Auto scaling policies and events
• Application integration (for example, Amazon Simple Notification Service [Amazon SNS], Amazon Simple Queue Service [Amazon SQS], AWS Step Functions)
• Service quotas and limits

Skills in:

• Designing highly available application environments based on business requirements
• Leveraging advanced techniques to design for failure and ensure seamless system recoverability
• Implementing loosely coupled dependencies
• Operating and maintaining high-availability architectures (for example, application failovers, database failovers)
• Leveraging AWS managed services for high availability
• Implementing DNS routing policies (for example, Route 53 latency-based routing, geolocation routing, simple routing)

• Performance monitoring technologies
• Storage options on AWS
• Instance families and use cases
• Purpose-built databases

Skills in:

• Designing large-scale application architectures for a variety of access patterns
• Designing an elastic architecture based on business objectives
• Applying design patterns to meet performance objectives with caching, buffering, and replicas
• Developing a process methodology for selecting purpose-built services for required tasks
• Designing a right-sizing strategy

• AWS cost and usage monitoring tools (for example, Cost Explorer, Trusted Advisor, AWS Pricing Calculator)
• Pricing models (for example, Reserved Instances, Savings Plans)
• Storage tiering
• Data transfer costs
• AWS managed service offerings

Skills in:

• Identifying opportunities to select and right size infrastructure for cost-effective resources
• Identifying appropriate pricing models
• Performing data transfer modeling and selecting services to reduce data transfer costs
• Developing a strategy and implementing controls for expenditure and usage awareness

• Alerting and automatic remediation strategies
• Disaster recovery planning
• Monitoring and logging solutions (for example, Amazon CloudWatch)
• CI/CD pipelines and deployment strategies (for example, blue/green, all-at-once, rolling)
• Configuration management tools (for example, Systems Manager)

Skills in:

• Determining the most appropriate logging and monitoring strategy
• Evaluating current deployment processes for improvement opportunities
• Prioritizing opportunities for automation within a solution stack
• Recommending the appropriate AWS solution to enable configuration management automation
• Engineering failure scenario activities to support and exercise an understanding of recovery actions

• Data retention, data sensitivity, and data regulatory requirements
• Automated monitoring and remediation strategies (for example, AWS Config rules)
• Secrets management (for example, Systems Manager, AWS Secrets Manager)
• Principle of least privilege access
• Security-specific AWS solutions
• Patching practices
• Backup practices and methods

Skills in:

• Evaluating a strategy for the secure management of secrets and credentials
• Auditing an environment for least privilege access
• Reviewing implemented solutions to ensure security at every layer
• Reviewing comprehensive traceability of users and services
• Prioritizing automated responses to the detection of vulnerabilities
• Designing and implementing a patch and update process
• Designing and implementing a backup process
• Employing remediation techniques

• High-performing systems architectures (for example, auto scaling, instance fleets, and placement groups)
• Global service offerings (for example, AWS Global Accelerator, Amazon CloudFront, and edge computing services)
• Monitoring tool sets and services (for example, CloudWatch)
• Service level agreements (SLAs) and key performance indicators (KPIs)

Skills in:

• Translating business requirements to measurable metrics
• Testing potential remediation solutions and making recommendations
• Proposing opportunities for the adoption of new technologies and managed services
• Assessing solutions and applying right sizing based on requirements
• Identifying and examining performance bottlenecks

• AWS global infrastructure
• Data replication methods
• Scaling methodologies (for example, load balancing, auto scaling)
• High availability and resiliency
• Disaster recovery methods and tools
• Service quotas and limits

Skills in:

• Understanding application growth and usage trends
• Evaluating existing architecture to determine areas that are not sufficiently reliable
• Remediating single points of failure
• Enabling data replication, self-healing, and elastic features and services

• Cost-conscious architecture choices (for example, utilizing Spot Instances, scaling policies, and right-sizing resources)
• Price model adoptions (for example, Reserved Instances, Savings Plans)
• Networking and data transfer costs
• Cost management, alerting, and reporting

Skills in:

• Analyzing usage reports to identify underutilized and overutilized resources
• Utilizing AWS solutions to identify unused resources
• Designing billing alarms based on expected usage patterns
• Investigating AWS Cost and Usage Reports at a granular level
• Utilizing tagging for cost allocation and reporting

• Migration assessment and tracking tools (for example, AWS Migration Hub)
• Portfolio assessment
• Asset planning
• Prioritization and migration of workloads (for example, wave planning)

Skills in:

• Completing an application migration assessment
• Evaluating applications according to the seven common migration strategies (7Rs)
• Evaluating total cost of ownership (TCO)

• Data migration options and tools (for example, AWS DataSync, AWS Transfer Family, AWS Snow Family, S3 Transfer Acceleration)
• Application migration tools (for example, AWS Application Discovery Service, AWS Application Migration Service [CloudEndure Migration], AWS Server Migration Service [AWS SMS])
• AWS networking services and DNS (for example, Direct Connect, AWS Site-to-Site VPN, Route 53)
• Identity services (for example, AWS SSO, AWS Directory Service)
• Database migration tools (for example, AWS Database Migration Service [AWS DMS], AWS Schema Conversion Tool [AWS SCT])
• Governance tools (for example, AWS Control Tower, Organizations)

Skills in:

• Selecting the appropriate database transfer mechanism
• Selecting the appropriate application transfer mechanism
• Selecting the appropriate data transfer service and migration strategy
• Applying the appropriate security methods to migration tools
• Selecting the appropriate governance model

• Compute services (for example, Amazon EC2, AWS Elastic Beanstalk)
• Containers (for example, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS], AWS Fargate, Amazon Elastic Container Registry [Amazon ECR])
• AWS storage services (for example, Amazon Elastic Block Store [Amazon EBS], Amazon Elastic File System [Amazon EFS], Amazon FSx, Amazon S3, Volume Gateway)
• Databases (for example, Amazon DynamoDB, Amazon OpenSearch Service [Amazon Elasticsearch Service], Amazon RDS, self-managed databases on Amazon EC2)

Skills in:

• Selecting the appropriate compute platform
• Selecting the appropriate container hosting platform
• Selecting the appropriate storage service
• Selecting the appropriate database platform

• Serverless compute offerings (for example, AWS Lambda)
• Containers (for example, Amazon ECS, Amazon EKS, AWS Fargate)
• AWS storage services (for example, Amazon S3, Amazon EFS)
• Purpose-built databases (for example, DynamoDB, Amazon Aurora Serverless, ElastiCache)
• Integration service (for example, Amazon SQS, Amazon SNS, Amazon EventBridge [Amazon CloudWatch Events], Step Functions)

Skills in:

• Identifying opportunities to decouple application components
• Identifying opportunities for serverless solutions
• Selecting the appropriate service for containers
• Identifying opportunities for purpose-built databases
• Selecting the appropriate application integration service