I scored 825/1000 on my AWS SAA-C03 exam — but only after falling face-first into every trap AWS could throw at me. Here’s how to avoid the mistakes that nearly cost me my certification.
💥 Trap 1: IAM’s Silent Assassin — DENY rule
The Trap: You think an ALLOW policy grants access, but a hidden DENY in another policy nukes it.
The Fix:
IAM evaluates policies in this order:
1️⃣ Explicit DENY → 2️⃣ Explicit ALLOW → 3️⃣ Default DENY.
Imagine DENY is Thanos — it snaps ALLOW out of existence.
Always check for sneaky DENY rules!
💥 Trap 2: Security Groups vs. NACLs
The Trap: Mixing up stateful (Security Groups) and stateless (NACLs) rules.
The Fix:
NACLs are like airport security — check everyone in and out.
SGs are lounge staff — once you’re in, you’re good to go!
💥 Trap 3: S3 Versioning
The Trap: Enabling versioning, then realizing you can’t disable it — only suspend it.
The Fix:
- Use versioning only for critical data.
- Need to “disable”? Start fresh with a new bucket.
S3 versioning is like tattoos: easy to add, impossible to remove fully.
💥 Trap 4: Route 53
The Trap: Using a CNAME for example.com (instead of www.example.com).
The Fix:
- ALIAS records for apex domains.
- CNAME only for subdomains.
- CNAMEs can’t be used at the zone apex; you must use ALIAS or A records.
CNAMEs at the apex are like using a phone charger as a Wi-Fi antenna — it just doesn’t work that way.
💥 Trap 5: RDS Multi-AZ vs. Read Replicas
The Trap: Using Multi-AZ for read scaling (spoiler: it’s for failover only).
The Fix:
Multi-AZ is for survival — failover and resilience.
Read Replicas are for growth — read scaling and performance.
💥 Trap 6: CloudTrail vs. CloudWatch Logs
The Trap: Using CloudWatch for API audits (it’s for app logs).
The Fix:
CloudTrail: Who deleted my S3 bucket? (API tracking).
CloudWatch: Why is my app crashing? (debugging).
💥 Trap 7: Spot Instances
The Trap: Running mission-critical apps on Spot Instances (they can vanish mid-task).
The Fix:
Spot instances should be used for:
- Batch processing
- Stateless workloads
- Non-urgent tasks
Spot Instances are like tinder dates: cheap, fun, but don’t expect commitment.
💥 Trap 8: Time Management
The Trap: Spending 4–6 minutes on one question.
The Fix:
- Answer easy questions first (2 mins each) and flag the rest.
- If you’re not sure and need to take a guess, try to eliminate one or two wrong answers before making a choice.
- Once you eliminate the wrong ones, look for word differences between the remaining options. One of them will make more sense than the rest 🙂
