Track your coverage of advanced architectural topics for the SAP exam.
Complete = ✅ To do = 🔲
Includes short descriptions so you can review without clicking into every link.
Multi-Account & Governance
| Status | Topic | Description |
|---|---|---|
| 🔲 | AWS Organizations & SCPs | Manage multi-account governance with Service Control Policies |
| 🔲 | AWS Control Tower | Automates setup of secure, multi-account AWS environments |
| 🔲 | Delegated Admin Patterns | Let member accounts manage specific services under control |
| 🔲 | Landing Zone Design | Foundation for scalable, secure multi-account architecture |
Advanced Networking
| Status | Topic | Description |
|---|---|---|
| 🔲 | Transit Gateway | Central hub for inter-VPC and on-prem network routing |
| 🔲 | VPC Peering | Direct connection between VPCs for private communication |
| 🔲 | PrivateLink | Access services securely over AWS internal network |
| 🔲 | Route 53 DNS Patterns | Complex DNS routing patterns for distributed apps |
| 🔲 | Centralized Egress/Ingest Routing | Route internet or internal traffic through shared VPCs |
Disaster Recovery & Multi-Region
| Status | Topic | Description |
|---|---|---|
| 🔲 | DR Strategies | Backup & Restore, Pilot Light, Warm Standby, Active/Active |
| 🔲 | Multi-Region Active/Passive | Failover-based HA across AWS regions |
| 🔲 | Route 53 Failover | DNS-based routing to healthy regions |
| 🔲 | RTO / RPO | Recovery Time and Recovery Point Objectives for DR planning |
| 🔲 | Data Replication Techniques | Options like S3 CRR, Aurora Global, or DMS |
Deployment & Automation at Scale
| Status | Topic | Description |
|---|---|---|
| 🔲 | CloudFormation StackSets | Deploy resources across accounts and regions |
| 🔲 | AWS CDK | Define cloud infrastructure in code using Python, TypeScript, etc. |
| ✅ | CI/CD with CodePipeline | Automate software delivery from source to deployment |
| ✅ | Canary / Blue-Green Deployments | Gradual rollout or swap routing for safe deployments |
| 🔲 | Centralized CloudWatch/CloudTrail | Unified monitoring and audit logging in multi-account setups |
Cost & Billing Strategy
| Status | Topic | Description |
|---|---|---|
| 🔲 | Custom Cost Tags | Tag-based allocation of AWS usage across teams or projects |
| 🔲 | Consolidated Billing / CUR | Combine charges and analyze usage with Cost & Usage Reports |
| 🔲 | Cross-Account Budgeting | Set cost limits and alerts across linked accounts |
Data Transfer & Hybrid
| Status | Topic | Description |
|---|---|---|
| 🔲 | Snowball vs DataSync | Physical vs online data migration tools |
| 🔲 | Transfer Acceleration | Speed up S3 uploads using global edge locations |
| 🔲 | VPN vs Direct Connect | Secure connectivity options to on-premises data centers |
| 🔲 | Storage Gateway | Hybrid storage for backups or caching between on-prem and AWS |
Compliance & Monitoring
| Status | Topic | Description |
|---|---|---|
| 🔲 | AWS Config (multi-account) | Track resource configurations and changes across accounts |
| ✅ | CloudTrail Aggregation | Centralize API audit logs for compliance auditing |
| ✅ | Security Hub Aggregation | View findings across accounts from GuardDuty, Macie, etc. |
| ✅ | KMS | Encryption key management for AWS services |
| ✅ | Macie | S3 data classification and sensitive data detection |
| ✅ | GuardDuty | Monitors accounts for threats and unusual behavior |
| 🔲 | IAM Access Analyzer | Detects unintended access via IAM policies and roles |
Design Tradeoffs & Scenarios
| Status | Topic | Description |
|---|---|---|
| 🔲 | Availability vs Cost Tradeoffs | Balance redundancy, scaling, and price per use case |
| 🔲 | Migration Phases & Rollback | Plan safe migrations with rollback and verification |
| ✅ | Choosing Storage/DB per Use Case | Compare S3, EFS, EBS, Aurora, RDS, DynamoDB, etc. |
📘 See Study Strategy to learn how this checklist fits into your exam prep process.