- Published on
AWS Golden Jacket Complete Guide — 12 Certification Strategy and Study Plan
- Authors
- Name
- Youngju Kim
- @fjvbn20031
- Introduction
- The Complete Map of 12 Certifications
- Recommended Certification Order
- Key Services and Study Points per Exam
- Passing Strategies
- AWS Key Services Cheat Sheet
- Quiz
Introduction
AWS Golden Jacket -- a gold jacket awarded to individuals who hold all active AWS certifications (currently 12). Wearing it at re:Invent gets you recognized even by AWS employees -- it is the highest honor in the cloud industry.
The Complete Map of 12 Certifications
Foundational (1)
| Certification | Code | Difficulty | Exam Duration | Passing Score |
|---|---|---|---|---|
| Cloud Practitioner | CLF-C02 | 1/5 | 90 min | 700/1000 |
Associate (3)
| Certification | Code | Difficulty | Exam Duration | Passing Score |
|---|---|---|---|---|
| Solutions Architect | SAA-C03 | 3/5 | 130 min | 720/1000 |
| Developer | DVA-C02 | 3/5 | 130 min | 720/1000 |
| SysOps Administrator | SOA-C02 | 3/5 | 130 min | 720/1000 |
Professional (2)
| Certification | Code | Difficulty | Exam Duration | Passing Score |
|---|---|---|---|---|
| Solutions Architect Pro | SAP-C02 | 5/5 | 180 min | 750/1000 |
| DevOps Engineer Pro | DOP-C02 | 5/5 | 180 min | 750/1000 |
Specialty (6)
| Certification | Code | Difficulty | Key Areas |
|---|---|---|---|
| Advanced Networking | ANS-C01 | 5/5 | VPC, Direct Connect, Transit GW |
| Security | SCS-C02 | 4/5 | IAM, KMS, GuardDuty, WAF |
| Machine Learning | MLS-C01 | 4/5 | SageMaker, Data Preprocessing |
| Database | DBS-C01 | 4/5 | RDS, DynamoDB, Aurora, Redshift |
| Data Analytics | DAS-C01 | 4/5 | Kinesis, Glue, Athena, EMR |
| SAP on AWS | PAS-C01 | 4/5 | SAP HANA, SAP NetWeaver |
Recommended Certification Order
Phase 1: Building the Foundation (1-2 months)
├── 1. Cloud Practitioner (CLF) — Bird's-eye view of AWS
└── 2. Solutions Architect Associate (SAA) — The most important exam!
Phase 2: Development/Operations (2-3 months)
├── 3. Developer Associate (DVA)
└── 4. SysOps Administrator (SOA)
Phase 3: Professional (3-4 months)
├── 5. Solutions Architect Professional (SAP) — Highest difficulty
└── 6. DevOps Engineer Professional (DOP)
Phase 4: Specialty Domains (4-6 months)
├── 7. Security Specialty (SCS)
├── 8. Database Specialty (DBS)
├── 9. Data Analytics Specialty (DAS)
├── 10. Machine Learning Specialty (MLS)
├── 11. Advanced Networking Specialty (ANS) — Most difficult
└── 12. SAP on AWS Specialty (PAS)
Key Services and Study Points per Exam
1. Solutions Architect Associate (SAA) -- The Most Important!
Key Services (60%+ of questions):
├── EC2: Instance types, Auto Scaling, ELB, AMI
├── S3: Storage classes, lifecycle, replication, encryption
├── VPC: Subnets, NACL vs SG, NAT GW, peering
├── RDS: Multi-AZ, Read Replica, Aurora
├── IAM: Policies, roles, federation
├── Lambda: Serverless, triggers, concurrency
├── CloudFront: CDN, OAI, caching
└── Route 53: Routing policies (weighted, latency, failover)
Question Patterns:
"Design a highly available and cost-effective architecture"
-> Multi-AZ + Auto Scaling + S3 + CloudFront
"Choose a disaster recovery strategy"
-> Pilot Light vs Warm Standby vs Multi-Site
-> Decide based on RPO/RTO requirements
"Select the most cost-effective storage"
-> S3 Standard vs IA vs Glacier
-> Access frequency + retrieval time requirements
2. Solutions Architect Professional (SAP) -- Highest Difficulty
SAA + Additional Deep Dives:
├── Multi-account strategy: AWS Organizations, SCP, Control Tower
├── Hybrid: Direct Connect, VPN, Transit Gateway
├── Migration: 6R strategy, DMS, SMS, Application Discovery
├── Cost optimization: Reserved, Savings Plans, Spot, Cost Explorer
├── Advanced security: KMS CMK, CloudHSM, Macie, Detective
└── High availability: Multi-Region Active-Active, Global Accelerator
3. Advanced Networking (ANS) -- Most Difficult
Networking depth:
├── Advanced VPC: CIDR calculation, IPv6, custom routing
├── Direct Connect: LOA-CFA, VIF, LAG, BGP
├── Transit Gateway: Multi-region, peering, ECMP
├── Route 53: DNSSEC, Resolver, private hosted zones
├── CloudFront: Origin groups, Lambda@Edge
├── Network Firewall: Stateful/stateless rules
└── VPN: Site-to-Site, Client VPN, accelerator
4. Security Specialty (SCS)
Security core:
├── Advanced IAM: Policy evaluation logic, Permission Boundary
├── KMS: CMK, key rotation, grants, policies
├── CloudTrail: Log integrity, organization trails
├── GuardDuty: Threat detection, automated response
├── Config: Compliance rules, auto-remediation
├── WAF: Web ACL, managed rules, Rate Limiting
└── Incident response: Isolation, forensics, recovery
5. Database Specialty (DBS)
DB core:
├── RDS: Parameter groups, option groups, proxy
├── Aurora: Global DB, Serverless v2, DSQL
├── DynamoDB: Partition key design, GSI/LSI, DAX, Streams
├── Redshift: Distribution key, sort key, Spectrum, concurrency scaling
├── ElastiCache: Redis vs Memcached, cluster mode
├── Neptune: Graph DB, Gremlin/SPARQL
└── Migration: DMS, SCT, homogeneous/heterogeneous migration
Passing Strategies
Study Resources
Free:
├── AWS Skill Builder (official, free courses)
├── AWS Well-Architected Labs (hands-on)
├── AWS Whitepapers (must read!)
│ ├── Well-Architected Framework
│ ├── Disaster Recovery
│ └── Security Best Practices
└── AWS re:Invent videos (YouTube)
Paid:
├── Stephane Maarek (Udemy) — Best course for SAA, SAP
├── Adrian Cantrill — Best course for SAP, ANS
├── Jon Bonso (Tutorial Dojo) — Practice exams are a must!
└── A Cloud Guru — Covers all certifications
Exam Tips
1. Keep retaking practice exams until you score 80%+
2. Keep an error notebook (note why you got it wrong)
3. AWS official documentation is more important than courses (exams are based on official docs)
4. Hands-on practice is essential (use Free Tier)
5. Time management: 2 minutes per question; flag difficult ones and move on
6. Distinguish between "most cost-effective" vs "most secure"
7. Words like "immediately" vs "least effort" in answer choices are also hints
Cost
Exam fees:
├── Foundational: $100
├── Associate: $150 x 3 = $450
├── Professional: $300 x 2 = $600
└── Specialty: $300 x 6 = $1,800
Total: $2,950
Money-saving tips:
├── Use the 50% discount voucher after passing!
├── Each pass gives you 50% off the next exam
├── Actual cost: ~$1,500-2,000 (with discounts)
└── Leverage company training budgets
AWS Key Services Cheat Sheet
Compute:
EC2, Lambda, ECS, EKS, Fargate, Batch, Lightsail
Storage:
S3, EBS, EFS, FSx, Storage Gateway, Snow Family
Database:
RDS, Aurora, DynamoDB, ElastiCache, Redshift, Neptune, DocumentDB
Networking:
VPC, CloudFront, Route 53, API Gateway, Direct Connect, Transit GW
Global Accelerator, PrivateLink, Network Firewall
Security:
IAM, KMS, CloudHSM, WAF, Shield, GuardDuty, Inspector
Macie, Config, CloudTrail, Security Hub, Detective
Analytics:
Kinesis, Glue, Athena, EMR, Redshift, QuickSight, Lake Formation
AI/ML:
SageMaker, Bedrock, Rekognition, Comprehend, Textract, Polly
DevOps:
CodeCommit, CodeBuild, CodeDeploy, CodePipeline
CloudFormation, CDK, SAM, Systems Manager
Monitoring:
CloudWatch, X-Ray, EventBridge, Health Dashboard
Quiz -- AWS Golden Jacket (Click to reveal!)
Q1. How many certifications are needed to receive the AWS Golden Jacket? ||All 12 currently active certifications. Foundational 1 + Associate 3 + Professional 2 + Specialty 6||
Q2. What is the difference between Multi-AZ and Read Replica in SAA? ||Multi-AZ: Synchronous replication, automatic failover on failure (high availability). Read Replica: Asynchronous replication, distributes read load (performance). Multi-AZ is within the same region; Read Replica can be cross-region||
Q3. List S3 storage classes in order of cost. ||Standard (most expensive) then Intelligent-Tiering then Standard-IA then One Zone-IA then Glacier Instant then Glacier Flexible then Glacier Deep Archive (cheapest)||
Q4. What is the difference between Direct Connect and VPN? ||Direct Connect: Dedicated physical line, stable bandwidth, high cost, weeks to months to set up. VPN: Internet-based encrypted tunnel, variable bandwidth, inexpensive, instant setup||
Q5. Why is partition key design important in DynamoDB? ||The partition key determines data distribution. If a hot partition occurs (traffic concentrated on a specific key), overall throughput is limited. Choosing a key with high cardinality is essential||
Q6. What are the 6R migration strategies frequently tested on the SAP exam? ||Rehost, Replatform, Repurchase, Refactor, Retire, Retain||
Q7. List the 4 disaster recovery strategies in AWS in order of RTO. ||Backup and Restore (RTO: hours) then Pilot Light (RTO: tens of minutes) then Warm Standby (RTO: minutes) then Multi-Site Active-Active (RTO: near zero)||
Quiz
Q1: What is the main topic covered in "AWS Golden Jacket Complete Guide — 12 Certification
Strategy and Study Plan"?
A complete roadmap for all 12 AWS certifications needed for the Golden Jacket. Covers recommended order, exam difficulty, key services, passing strategies, and practical AWS knowledge that matters in the real world.
Q2: What is The Complete Map of 12 Certifications?
Foundational (1) Associate (3) Professional (2) Specialty (6)
Q3: Explain the core concept of Key Services and Study Points per Exam.
- Solutions Architect Associate (SAA) -- The Most Important! Question Patterns: 2. Solutions Architect Professional (SAP) -- Highest Difficulty 3. Advanced Networking (ANS) -- Most Difficult
- Security Specialty (SCS) 5. Database Specialty (DBS)
Q4: What are the key aspects of Passing Strategies?
Study Resources Exam Tips Cost
Q5: How does AWS Key Services Cheat Sheet work?
Q1. How many certifications are needed to receive the AWS Golden Jacket? Q2. What is the
difference between Multi-AZ and Read Replica in SAA? Q3. List S3 storage classes in order of cost.
Q4. What is the difference between Direct Connect and VPN? Q5.