Blog Image

DevOps Vision Blog

AWS Security – Specialty – Experiences

Cloud, Security Posted on Sun, August 22, 2021 08:12AM

This Friday [2021-08-20] I managed to pass the AWS Security Specialty Exam.

Inspired by my participation in the AWS Competence Group at tretton37 I decided this spring to go for this challenge. As usual, just after my examinations I summarize some reflections about learnings.

Since I within the recent year both have made extensive preparations for the SA Pro and DevOps Pro certifications I estimate about 80% of the preparation was already done for this one.

My overall insight is that this Security Specialty exam is a subset of what you can expect to know in the SA Pro exam.

The questions are much more like the Associate Exams. Shorter with focus on you to answer one specific questions. The opposite to the the Pro exams where some questions are a big wall of text where it’s more up to you to filter out the most important parts of the question to choose the most relevant answer. For the Pro exams I definitely had time pressure but for this exam I reached the last 65th question in 2h out of the 3,5h I had available. Having a good feeling I could relax and go through the 19 questions I flagged for review.

The silver bullet for me to the success:
Practice exams with focus on the analysis phase!!

From my previous examination learnings I used this two practice exam packages:

  1. Whizlabs – AWS Certified Security Specialty – Practice Exams
  2. Udemy – SCS-C01: AWS Certified Security – Specialty Practice Exams

I go through the practice exams quite quickly with not too much thought. If I do one practice exam one evening I use 2-3 evenings for analysing all questions. Not only the ones I’ve chosen the incorrect answer. During the analysis I often bump into the AWS documentation, and when I see a value of it for my current assignment, I also read (a few) whitepapers.

As I mention, the contents for this exam is very narrowed to deeper knowledge in a few services. One does not have to worry about strange detailed questions on Snowball, App Stream 2.0 and so on.

Here are the services I had to know about in more detail to pass the exam:

  1. KMS – key policies, grants, rotation, imported key material
  2. GuardDuty – filters
  3. VPC – design, troubleshooting, VPC Flow Logs
  4. Incident response – actions on compromised EC2 and access keys
  5. IAM – policies, root user
  6. S3 – policies, KMS variants
  7. Shield – standard/advanced, DDoS
  8. WAF – DDoS, OWASP
  9. Cloudfront – AOI
  10. ACM – public vs. private

My result was a bit lower than expected. Since my score on the practice exams were between 80-95% and my feeling after the exam was very good I was hoping for yet another result over 900.

But of course I consider the 873/1000 being a good result.

AWS DevOps Engineer Pro Exam – Experiences

Cloud, DevOps Posted on Sat, February 06, 2021 06:01AM

Yesterday I made another milestone in my professional career. I managed to get a pass on the AWS DevOps Engineer Professional Exam.

My last (quite extensive) post was about my PASS of the AWS Solutions Architect Pro (SA Pro) Exam. Since the preparation methods I used was very similar I’ll make this post shorter and explain more of what I actually learned from my studies.

The SA Pro exam is very broad. When reading through the preparation material provided by AWS I got a feeling of that I could more or less can get any question on any AWS Service. Which also was shown to be (almost) true for the SA Pro exam. That is not the case for the DevOps Pro Exam.

All 6 domains, except the one SDLC Automation (described in more detail below), in the DevOps Pro have some overlap to the SA Exams. In other words I could heavily make use of the knowledge i gained during my SA studies.

I mentioned in my last post I’m not a big fan of certifications. In the way that a certificate “proofs” your knowledge, my opinion has not changed. You really should NOT hire me just for having these badges. Although the “requirements” to get a PASS claims that you need extensive experience working with AWS, I still not believe that is the case.

However, since I anyway continue to study for certifications, there is one thing with these studies that for me make the effort valuable…

– I learn things I probably should not have learned in my daily work!

…and these learnings have shown to be valuable in my daily work.

SDLC Automaiton

I got one big sad learning from my AWS DevOps Pro journey. The AWS Code* (CodeCommit, CodePipeline, …) is really not services suited for medium or larger organizations. There is one big advantage with these services:

They are all serverless and mostly well integrated with the rest of the AWS services ecosystem. IAM integration and so on.

…but there the advantages ends :-(.

Disadvantage #1 – Pipeline versioning

You can not version the pipeline (CodePipeline, pipeline.yml) in the same repository as the code it automates. Of course you can put the pipeline.yml file in the repository, but an update of that file will not update the actual pipeline itself. In my private AWS Organization I had to do a hack with an home made lambda that made that possible.

Disadvantage #2 – Pipeline progress usability

Having used GitLab and GitLab CI for many years, I’ve been used to the (almost) instant and good overview of the pipeline progress visualization. With Code- Commit/Pipeline/Build/Deploy I sometimes end up in 10 clicks just to get the logs for a pipeline execution. Not developer friendly at all.

Disadvantage #3 – Amount of code needed

Having experience from GitLab CI (and a bit of GitHub Actions and BitBucket Pipelines) writing tiny pipeline.yml files for automation. Then start define CodePipeline definitions is not a pleasant experience. I estimate CodePipeline definitions to have about three times more yml-code compared to the more competitive alternatives.

Disadvantage #4 – Code collaboration capabilties

CodeCommit is based on Git which is good. But (currently) there are zero capabilities for code collaboration. When you got used to search through all code on you really can’t live without the global search feature to find code among your code repositories. – Come on CodeCommit team!


To end in a positive way I must really say that my learnings from the AWS CloudWatch service has been VERY pleasant. Of course CloudWatch and the teams behind the service was released 10+ years ago. The Code*-teams are quite new and hopefully will also start to listen to customer feedback.

…and my result:

AWS Solution Architect Pro Exam – Experiences

Cloud Posted on Wed, September 16, 2020 06:25PM

I just manage to get a PASS on the AWS Solution Architect Professional Certification Exam

On my way home on the train and I’m of course happy and relieved that the over 100+ hours of studies made me accomplish the exam. Now, when everything is in top of my head I like to share my experience and thoughts. Without braking the Candidate Code of Conduct that I signed before the examination. Hopefully this can help you in your cloud certification journey.

My motivator for this effort has been my decision to start as a cloud consultant. Beginning at in January. Eventually this can be useful in ny new career but it has also been an exciting, fun and learning experience for me personally.

I have not counted all the hours, but except for my 5 years working att Scania with cloud adoption, I’ve added somewhere between 100-200 hours of studies only for this certification. 
Here are the sources of knowledge that I used. Ordered by importance for me. 

1. Practice exams
2. Online training
3. Work experience
4. AWS online documentation
5. AWS Whitepapers

1. Practice exams

When I earlier this year manage to take the SA Associate cert, I realized that doing practice exams was very valuable. This because:

  1. I got an understanding how the questions are formulated. Reading carefully and understanding exactly what the question is and relate that to keywords in the question body explanation is super important.
  2. It was a good way to measure how close I was to be ready to take the real exam.
  3. English is not my native language. Reading long and sometimes complicated questions was valuable practice to me.

I used four online sources for practicing examinations. In total I made 13 simulated practice exams with 70-80 questions each. All of them was valuable but the interesting part is my results on respective learning platform.

AWS Practice exam

AWS gives you about 10 practice questions via Prepare for Your AWS Certification Exam. Start with these to get a quick overview of what types of questions you can expect the day you are going to take the exam.

You can buy (or get for free if you have promotion code from previous exam) 20 questions that are made by AWS. These could possibly be questions that you get on the exam and are very similar to the real exam experience. Time pressure and so on. I got one question that was very similar at least. The drawback with this test is that you, as with the real exam, only get total score afterwards. I made this 2 months before the exam and just got by mail a score of 65%. No Idea of what questions I failed on and explanations on those. This is why I recommend the below three alternatives to exam preparations where you get explanations after the test.


There are six preparation exams for SA Pro on The questions on those are with very varying quality. Some (luckily very few) suggested answers are wrong which for me was very frustrating. Luckily there is an ability to post comments, so you can get comfortable that it is not only you that think the suggested answer is wrong.
Whizlabs has definitely the hardest questions. Some are requiring even deeper knowledge about specific services than the real exam. I had an average score of only 70% which is actually on average below the required 75%. Do not get scared by all the very, very detailed questions.


There are four preparation exams for SA Pro on Unlike Whizlabs, Udemy SA Pro questions are similar in the way the questions are formulated on the real exam. Long questions where you need to zoom in to what is actually the important things for the question.
One small drawback with these questions are that the alternatives often are to simple. Even an area where you are not skilled, you can rule out all alternatives except one. This is not the case on the real exam. I had an average score of 81% on the Udemy tests.


There are four preparation exams for SA Pro on These practice exams have the same pros and cons as Udemy. I had an average score of 88%.

A final tip regarding the use of practice exams. The important part is not to do the tests, it is to analyze the results afterwards. This is the point where you increase your learning.

2. Online Training

You definitely should pass the 4 hour AWS preparation course Exam Readiness: AWS Certified Solutions Architect – Professional. As with the practice questions that AWS provides, you get good insight into how the questions are structured.

The big e-learning platforms often have specific courses for various exams. Including this one. I used the common ones like:


If there is a single course I recommend you to take, you should go for this one on Udemy:

Ultimate AWS Certified Solutions Architect Professional 2020

Maarek Stephane is so inspiring and point to details you probably have not thought about. The content was to me very helpful to pass the exam. Thank you Maarek!

3. Working experience

Working experience is always good. But sadly nothing you can achieve with shortcuts.

AWS claims you should have at least 2 years of experience working with AWS implementations to be able to pass the exam. Real life experience is of course very good but I do not think this is necessary. That is why I value online training and practice exams higher. Not for solving real world problems, but for just passing the exam.

I definitely had an advantage with my 5 years of cloud computing with AWS but if you have not, go harder for the other sources of acquiring AWS knowlede.

4. AWS Online documentation

I had no structured way to what and when I read through the AWS documentation. Likely you very often will end up in the docs when you realize you need deeper knowledge in specific topic. Practice exams often refer to documentation sections for further reading.

Because the SA Pro exam is such a broad exam it require you to have some kind of knowledge about 50-100 of AWS services. Of course you do not need to be an expert in all of them and reading through all the AWS documentaion pages is just not possible (at least to me) . BUT, read through the FAQ pages for all services that you encounter during your other studies. As an example, a simple goolgle on “aws datasync faq” made me nail the question I got on DataSync on the real exam.

5. AWS Whitepapers

In my pile of printed AWS Whitepapers I managed to find time to read 34 of them. These are often interesting to read and I got some interesting insights. But as a source for “just fix the exam” I suggest you focus on the other study tips I have suggested.

Additional tips

Here are some unstructured tips and trix:

  • If you are not a native English speaking person. Ensure you have endorsed the extra 30 minutes for taking the exam. I managed to go through all the 75 questions in almost exactly 3 hours. It was good to have those extra 30 minutes to at least review some of the questions I had flagged for review.
  • Read questions very carefully! This can’t be stressed to much. If you don’t, you definitely will fail on “easy” questions. In addition, on the real exam you will not be able to go through all the questions twice. So read them extra carefully the single time you read them.
  • Be patient before doing the AWS provided 20 question practice exam. I made it to early and the score of 65% (13/20) did not bing me so much value. Be aware that you are not able to see the questions after the test has been submitted.


I’ve never been a fan of certifications. Except for the AWS SA Associate exam i passed previously this year I’ve never bothered to take any certification before. Have I changed my mind after this journey?
I hope you will not consult me or anyone else just for having the SA Pro cert badge on our LinkedIn profiles. Instead focus on our ability to understand your challenges and apply our cloud knowledge to your specific needs. My experience with AWS Solution Architects is that they often are very skilled and know the “AWS way of doing things”. The AWS way is not always suitable for everyone in all situations.

Thanks to Johan Sari for your support and many hours of CloudFormation chats. Thanks to my family for sleeping early evenings and long mornings during vacation. Those hours gave me many hours of focus to go through this.

Thanks to you for taking your time to read this post. I hope it gave you some useful tips. Feel free to connect with me on LinkedIn or Twitter.


After submitting the answers on AWS exams you always get a FAIL/PASS result directly on the screen. Some days after you get the real score via the AWS Certification Portal. Now two days later I got my result…

Before submitting the answers on the exam day I definitely had a hope and believe I could be successful. But I could not believe I had DOMINATED the exam with a score 962 of 1000!