AWS SAA: 10 Core Concepts (Explained for Infrastructure Engineers)

This post covers what I learned while preparing for AWS_SAA — IAM, EC2, Load Balancing, Auto Scaling, RDS, Route 53, S3, CloudFront, and messaging services. I'm writing this for engineers who already understand infrastructure, so I'm skipping the basics and going straight to what the exam actually tests.

1. IAM — It's About Least Privilege, Not Just Access

IAM sounds simple until the exam starts testing edge cases. Here's what actually matters:

The model: Users → Groups → Policies. Never attach policies directly to individual users — always go through groups. It sounds obvious but exam questions test whether you know to put a user in a group vs attach a policy inline.

Roles over access keys: When an EC2 instance or Lambda function needs to access AWS services, assign an IAM Role — never embed access keys in code or instance configuration. The exam will present scenarios where someone hardcodes credentials and ask you what's wrong.