Friday, February 3, 2023
Home Blog

21 Google Cloud tools in 2 minutes or less


Pretty cool post from Google’s Blog to quickly view 21 services in a series of short videos.

Some essential videos

Anthos – essential for Hybrid Cloud app modernization

Firestore – NoSQL document database at scale

Cloud Data Fusion – fully managed, cloud-native, enterprise data integration service

You can find the full set of videos in the original post on Google’s Blog.

The Reference Architecture Disappointment


There is a “phenomenon” that I have experienced through my career that I like to call the “Reference Architecture Disappointment”.

Some people would experiment with a similar effect when they go to the MDยดs consultation with several symptoms to find out that they may have a common cold. No frenzy at the Hospital, no crazy consultations, no House MDยดs TV scenes. Just paracetamol, water and rest!

So many years of Medicine School just to prescribe that?

Well, yes. The MD recognised a common cold between dozen of illnesses with the same set of symptoms and prescribed the simplest and best treatment. The question is, would you be able to do it?

Same thing when a Solutions Architect deals with a set of requirements. The “Architect” will select the best architecture that solves a business problem, most simply and efficiently possible. Sometimes, that means to use the “Reference Architecture” for that particular problem, with the necessary changes.

Those architectures emerge from practical experience and encompass patterns and best practices. Usually, reinventing the wheel is not a good idea.

Keep it simple and Rock On!

A MidSummer’s Book List


Here we are, July 2022, in the middle of a scorching summer, so I’d guess it is a perfect moment to relax near the sea and read a book or two. I’ve compiled a list of favourite books that I can personally recommend. All the books are paperbacks that I own, and I’ve read back to back; also, I’ve gone through most of the examples myself, so no cheating here ๐Ÿ˜‰

The order that I’m presenting the books doesn’t reflect the quality; in fact, all are great books;

Google Cloud for DevOps Engineers

Let me recommend you this book from Packt.

First, this is not a straightforward preparation guide to achieving the Professional Cloud DevOps Engineer; it is much more than that: it’s almost a textbook on the subject matter that can be used as a guide for the certification. The edition of the book is one of the best I’ve seen from this publisher; As I mentioned before, this book feels like a college book but is written in a concise style.

But don’t get me wrong, the book goes intense on many topics, like, for instance, K8’s and GKE, hands down one of my favourite parts. An excellent introduction or refresher to the case helps to grasp many concepts in not many pages.

Another section that stands out is the book’s first part, which introduces the DevOps/SRE concepts in an informative way – and not tied up to GCP. The monitoring section is pretty informative, as well.

One of the best books I’ve read about #gcp – but not limited to – and #devops.

Learning Domain-Driven Design

I can’t believe that 13 years have passed since I read the blue book of DDD, Eric’s Evan seminal work, and 11 since I worked on the first project using it. We were breaking a monolith into what we now call microservices or an early incarnation.

I was looking for updated literature about the subject when I found this excellent from Vlad Khononov. It provides the correct theory and practical examples to understand the different concepts and patterns. The style is clear and concise but academic, which is not easy to do.

Some stuff you are going to find in the book:

– Architectural patterns and Heuristics

– Microservices & EDA

– Datamesh

To summarize, one of the best books on the subject matter that can be used as a primer. I was expecting more examples, but that helped keep it to the book at a reasonable size, around 300 pages.

Note: The code listings are in C#, but they are very generic and easy to follow.

Data Engineering with AWS

This book from Packt is an excellent book to introduce yourself to the beautiful world of #analytics on #AWS. The author has done a fantastic job cramming into 440 pages many topics you may find when working on this field in the #cloud.

You pay the price, though; some topics are covered at an introductory level. For instance, ingesting data with #kinesis is a topic that needs a whole book, not a few pages. But you get an intro. Other chapters like “Transforming Data to Optimize for Analytics” are more comprehensive.

The book covers many recent services like AppFlow, Glue Studio, DataWrangler, and other third-party services.

An excellent #book that I’d recommend to data engineers that want to introduce themselves to


I was looking for a book to replace my old book about microservices: Manning Spring Microservices, 2017″. Specifically, that covered new tools and deployment in the cloud – I wasn’t that interested in the Spring part.

Well, this book does its job very well. I was so hooked that I read the book several times and went through most examples.

The author took the picture.

If I have to pick a few highlights, it would be the Kubernetes deployment chapters, Service Mesh and the replacement of Netflix components.

A word of advice. This book is a Packt Publishing release, so it follows its editorial style: very hands-on and includes many code listings. It agrees with me a lot but make sure that’s what you want.

Cloud Native GO

A few months back, I spent a weekend in Barcelona, one of my favourite cities. It was great to see the city back to life, filled with people and tourists ๐Ÿ™‚ We even went to the beach on the first day!

OK, back to the book!

I liked it, the author’s style is very engaging, and I enjoyed having a fresh look at the different Cloud-Native Patterns from the GO perspective.

The only concern is that the subject is too broad to be covered in just 400 pages, so you can use this book as a good introduction, but you’ll need to complement this with other literature.

Professional Cloud Architect Google Cloud Certification Guide

Funnily enough, I’m not using this guide from Konrad Cล‚apa, Google Cloud Certified Fellow, to achieve the Architect certification, as I recertified in the beta; 77 intense questions in three hours, including questions from the new scenarios.

However, I have a bunch of GCP recertifications coming my way very soon, so I’m using this book as one of the stepping stones to resync and refresh my whole GCP knowledge. 

This guide is very comprehensive and to the point but still clocks at 600+ pages; don’t worry, it includes lots of pictures ๐Ÿ™‚

Also, you can find four mocks test (20 questions each) and an analysis of each case study. I only miss some review questions in every chapter.

Remember that this is a study guide, so expand each section accordingly and get practical knowledge as required. In RL, you don’t have a list of questions to choose from, and not everything is on the web; that’s where a mix of knowledge, experience and intuition kicks in.


I’ve had this book by Julien SIMON on my reading list for a while – it’s a 2020 release – and when I finally made the time to read it, I couldn’t put it down. Like the previous book, it’s a Pack Publishing release packed with examples so that you can start prototyping immediately.

It’s a hands-on book focused on Sagemaker and AWS services, so it’s not a book to learn Machine Learning in-depth. The good news is that you can learn to train and deploy pre-built models using Sagemaker without that specific knowledge.

The author took the picture.

The book gives you an excellent overview of Sagemaker, but it was written before 2020, I’d guess, so it doesn’t cover many new features like Sagemaker Studio, Autopilot, etc…

But not to worry :), there is already a second edition that covers all that new shiny stuff.

Happy Summer!

TDD AWS – the Moto Library


Moto is a library that allows mocking AWS services when using the Python Boto library. It can be used with other languages as stated in the documentation – standalone server mode. I don’t have direct experience with that feature, though, as Python is my language of choice for coding PoC’s or data projects in general.

The TDD way in the Cloud

I don’t need to preach about the benefits of using TDD to design and test your components. In any case, if still you are not convinced, check out books like:

Developing for the cloud comes with its own set of challenges. For instance, testing. Not easy when you need to use services that are not locally available.

The appearance of libraries like Moto has made testing much more manageable. Like any library, it has its peculiarities, but the learning curve or resistance is not exceptionally high, especially if you have previous experience with Pytest or other testing frameworks.


I’m assuming that you have previous knowledge of AWS, Boto, Python, TDD and Pytest. In this case, I’m providing some complete listings to learn by example, not the entire exercise, though, so you can fill any gaps and enhance your learning experience.

Installing Moto

It’s straightforward –

$ pip install moto[all] - if you want to install all the mocks
$ pip install moto[dynamodb]

To mock AWS services and test them properly, you will need a few more dependencies –

$ pip install boto3 pytest

Mocking DynamoDB – Setting up

Let’s go beyond the canonical examples and find out how to mock DynamoDB, the excellent AWS’s NoSQL database.

As shown in the following code listing, we’ll create the books table with the PK id. The function mocked_table returns a table with some data. Later on, this table will be mocked by Moto.

import boto3
import json

def mocked_table(data):
    dynamodb = boto3.client("dynamodb")
    table = dynamodb.create_table(
                'AttributeName': 'id',
                'KeyType': 'HASH'
                'AttributeName': 'id',
                'AttributeType': 'HASH'
            'ReadCapacityUnits': 1,
            'WriteCapacityUnits': 1
    table = boto3.resource('dynamodb').Table("books")
    with table.batch_writer() as user_data:
        for item in data:

    return table

Moto recommends using test credentials to avoid any leaking to other environments. You can provide them in the configuration file, using Python fixtures

import os

import boto3
import pytest

from moto import mock_dynamodb2

os.environ['AWS_DEFAULT_REGION'] = 'eu-west-1'

def aws_credentials():
    """Mocked AWS Credentials for moto."""
    os.environ['AWS_ACCESS_KEY_ID'] = 'testing'
    os.environ['AWS_SECRET_ACCESS_KEY'] = 'testing'
    os.environ['AWS_SECURITY_TOKEN'] = 'testing'
    os.environ['AWS_SESSION_TOKEN'] = 'testing'

Now, we are ready to start designing and developing.

Mocking DynamoDB with Moto and TDD

We are going to code the function get_book that retrieves a particular Item from the table. Following the TDD cycle, we have to code the test first, make it fail etc … not showing here the entire cycle, but just a few steps to get the idea.

The test unit would look like this –

import pytest
import json
import boto3

from moto import mock_dynamodb2

book_OK = {
        "id": "B9B3022F98Fjvjs83AB8a80C185D",
book_ERROR = {
        "id": "B9B3022F98Fjvjs83AB8a80C18",

def test_get_book():
    from get_book import get_book # dont't change the order
    from test_helper import mocked_table # must be imported first
    dynamodb = boto3.client("dynamodb") # before getting the client 
    data = [{'id' : 'B9B3022F98Fjvjs83AB8a80C185D','user' : 'User1'}]   

    result = get_book(book_OK)

    item = result['Item']
    assert item['id'] == 'B9B3022F98Fjvjs83AB8a80C185D'
    assert item['user'] == 'User1'

As you can see, nothing very different from a Pytest test unit, except for the Moto annotations and AWS’S specific code.

Let’s increase the test coverage, ensuring that the functionality “Item not found” is working as expected.

def test_get_book_not_found():    
from get_book import get_book # dont't change the order
    from test_helper import mocked_table # must be imported first
    dynamodb = boto3.client("dynamodb") # before getting the client 
    data = [{'id' : 'B9B3022F98Fjvjs83AB8a80C185D','user' : 'User1'}]   
    result = get_book(book_ERROR)
    assert 'Item' not in result # book not found

OK, now that we have the test unit by design, we need to write the function get_book. We can start with something basic that satisfies the import and the method signature. By the way, I showed the test unit fully coded, but you can do this gradually and code the essential function at the start.

import json
import boto3

dynamodb = boto3.resource('dynamodb')
tableName = 'books'

def get_book(id):
    return {'id' : 'B9B3022F98Fjvjs83AB8a80C185D','user' : 'User1'}

To execute the tests

$ pytest

The test will fail. The book that we are returning is not in the expected format. So let’s add the DynamoDb calls – that will be mocked by Moto.

import json
import boto3

dynamodb = boto3.resource('dynamodb')
tableName = 'books'

def get_book(id):
    table = dynamodb.Table(tableName)
    result = table.get_item(
              'id': id,
    return result

Now the test unit will pass ๐Ÿ™‚

Some important things to point out:

  • The test case is built using the Pytest framework, then Moto for mocking the calls.
  • @mock_dynamodb – marks this method to indicate to the Moto framework that dynamodb will be decorated.
  • The methods that we want to mock must be imported before getting the client instance, so the Moto framework can decorate them properly. This is very important, if you don’t do that, the test won’t work.
  • The assert methods come from the Pytest framework – check the docs for more examples.


Testing is not easy and can be tedious; for some people, even a nuisance. Using TDD – or BDD – changes your mindset entirely because you are designing your system, not only testing. But this is something that shouldn’t be news to you. TDD and BDD have been around for a while.

Not for the cloud, though.

Testing in the cloud is not easy; it’s all about integration and cost. Libraries like Moto helps to alleviate that, and I have to say that it does pretty well.

Synthetic Canaries for API Gateway – I


Last February, AWS added support for creating canaries for API Gateway to Cloudwatch Synthetics, which I’ve been using lately to monitor some REST APIS successfully.

Let’s review some technical concepts first:

  • Canaries: Node scripts that run on schedule to monitor endpoints, following the action path of your users. Basically, canaries create Lambda functions using Node.js as a library, working with HTTP/HTTPS.
  • CloudWatch Synthetics: allow to create canaries without coding, just using templates without writing any code. It’s really easy to implement, and you can use, and you should, use Cloudformation.

Canary Dashboard, by

Problem to solve

After some hard work, now we have our brand new Serverless App deployed and ready to be tested, comprised of a REST API and a Microfrontend – Cloudfront + S3.

Serverless App, by

We need to monitor our endpoints for latency and resiliency; how do we do it right away? I have already answered the question: creating a synthetic canary.

Implementing a Canary

You can find the Canaries dashboard in the AWS console:

Cloudwatch > Insights > Application monitoring > Synthetic canaries

Image by

Creating a canary for API gateway from the console it’s really straightforward; you are given two options: select an API Gateway API and stage or a Swagger template.

Image by

We are presented then with a series of options:

  • Selection of the API-Gateway in the present Account/Region
  • Selection of Stage
Image by

The endpoint URL should be populated automatically:

Image by

The next step, adding a HTTP request, is also straightforward. The configuration – parameters, headers – depends on the method that is being tested:

Image by

Now you can finalize the creation of the canary:

  • Runtime version: you can leave the default version.
  • We are shown the generated code of the Lambda function implementing the canary.
  • Enviroment variables: variables to pass to the Lambda function.
  • Schedule: different ways to execute the canary. In this case, we choose Run continuosly.
Image by

In the following screen, we can see the canary that has been created and have been in execution for a while:

Image by

Finally, a few metrics are shown: Duration, Errors (4xx), Faults (5xx).

As promised, canaries are really easy to implement.

Final Architecture

Serverless Web App + Canary

Fast DynamoDB Pagination using Python


DynamoDB is the fastest NoSQL database at scale from AWS, operating within the key-value and document-based models. I’m not going to delve into the basics because I’m sure I don’t need to explain them to you – as you have arrived here :). Anyways, if you’d need a quick introduction, please check out the following links:

Pagination Architecture is not a trivial affair

If you have ever implemented a pagination component, you already know that it is not a really easy thing to do, especially in a clean and performant way.

Furthermore, DynamoDB adds its own set of challenges because of the way it works. The resultset is divided into sets or pages of data up to 1 MB in size if you execute a Query. So you’d need to find out if there are some remaining results to return after that first query. Also, you’d likely need to return a fixed number of results, which adds a few nice edge cases to the mix.

If you use Scan, instead of Query, things get worse because it reads up the whole table, exhausting the assigned RCUS very quickly. I produced a first quick version using Scan; it works, but it’s not optimal for pagination, especially when you have a huge number of records – and expensive too.

Not all is gloom and doom, though. The Queryobject contains an element, LastEvaluatedKey, that points to the last processed record. We can use this element to build a cursor we can pass back and forth – in the response and request – to build our pagination component. When there are no elements left, this element is null, and therefore, we have reached the end of the resultset.

LastEvaluatedKey is a Map type object that contains the PK of the Table. We shouldn’t pass it like that, as we would be exposing our model to the world. A standard and better way to do this is passing the element using Base64 encoding. You can use the python module base64:

import base64

cursor_ascii = cursor.encode("ascii")
base64_bytes = base64.b64encode(s)
#we convert the bytes into a string or whatever we'd need

The first thing we have to do is to retrieve the cursor from the request, if it exists, and execute a first query. Then we assign the cursor – the decoded LastEvaluatedKey from the previous pagination – to the field ExclusiveStartKey. In this example, I’m retrieving a set of user’s data using the id as a filter.

#get cursor from the request
exclusiveStartKey = decode_base64(cursor)

if exclusiveStartKey is not None:
        response = table.query(

Now, we find out if there are some remaining records – remember the 1 MB limit – until the element LastEvaluatedKey is present in the result object, or we have reached our imposed limit. Finally, we have to keep track of the LastEvaluatedKey to pass and encode it in the response.

lastEvaluatedKey = None
    while 'LastEvaluatedKey' in response:
        key = response['LastEvaluatedKey']
        lastEvaluatedKey = key

        response = table.query(

cusor = encode_base64(cursor)     

I hope this helps to build your own pagination component ๐Ÿ™‚

DynamoDB New Console


What a surprise!

I was writing a piece about a component for DynamoDB – that I’ve produced for a PoC -when the console completely changed!

Updated console – image was taken by the author

The new console looks like the rest of the updated services; the experience gets more cohesive between all services.

Includes three new sections: Items, PartiQL Editor and Export to S3.

So far, so good!

Official announcement

AWS Certified Advanced Networking, 2021 Revision and Beyond


I’ve recertified at the time of writing this post – June 2021 – and wanted to share a bit of the experience and preparation for this one because it has been peculiar, to say the least.

My preparation is very particular because I tend to prepare my own materials using mostly my experience and the official resources available, which are quite good in general. So I checked out the certification site and the digital readiness training. It was almost the same as the last time. I took the sample questions; they were new but similar to the old ones, nothing really new there, except for Cloudwatch Insights.

My 2018 hard copy – completely worn out

I started preparing using the official guide – I bought it in London in 2018 – the docs, some videos from the digital readiness course and my notes from different projects that I’d been working on; I couldn’t help but thinking that the exam needed a refresh. After all, three years in “cloud-years” are a lot, maybe x2, due to the pace of current innovation. Also, many services were missing from the guide and exam outline, including Transit Gateway, AWS RAM, Global Accelerator … all very relevant for modern architectures.

Well, what do you know? I got an invitation to provide input on the new content outline of the exam!

The Certification

I’m sure that you are aware that AWS Certified Advanced Networking is regarded as one of the most challenging certifications, if not the most. It’s certainly very subjective, depending on many personal factors. In addition, the subject matter is complex, and the official guide it’s not for beginners. It doesn’t hold hands – no funny stories about pets or people – and there is no official practice exam, except for the ones provided with the official guide. Finally, the exam doesn’t take any prisoners; it’s really tough.

As with the other Specialties, you might get questions solely about the subject matter at hand, but many of them will be cross-domain: Security, Architecture, Cost, Compliance, DevOps … It’s not an exam for beginners, and you should hold, at the very least, an associate certification or the equivalent experience.

Don’t forget this exam – and the rest of the certifications – tests experience, not only technical knowledge, so if you don’t have it, you will need to make up for it.

The Exam

Sixty-five questions, multichoice, three hours – you know the drill.

A good surprise was waiting for me. I was expecting a new set of questions – one of my connections on LinkedIn mentioned it – and I got them. But I wasn’t expecting the exam to be so up-to-date! Really surprising, because I’d just finished a survey about the contents of the new revision of the exam.

Luckily, that wasn’t a problem because I prepare comprehensively, and networking seems to a big part of any project I work on.

The current revision goes beyond the official guide and updates services and scenarios. I have to say that the quality of the questions is higher than in previous incarnations: clearer and better wording and common real-life scenarios. Actually, I had faced most of them, so no unique special cases to trick you. However, that doesn’t mean they are easy. They are not. Some are lengthy, with similar responses, multi-choice …

The sample questions are very relevant, but (mostly) they don’t refer to the new services.

Sample question – Image property of

Happily, I passed and improved my score massively from last time, which it’s always nice ๐Ÿ™‚

After the exam, I went online and found a post on the AWS certification blog about the exam, discussing the contents, from April’ 21. So I’d guess this update is quite recent.

Areas of Study

I got the outlines from the original post by Nigel Harris – kudos, mate ๐Ÿ™‚ The contents are absolutely relevant for the exam. I’m adding my personal notes – in cursive – but check the original post for resources and the comments from the original author.

1. Edge network services

AWS LambdaLambda@Edge, Amazon CloudFront – Cloudfront is key; understand how it works with different origins. Remember, the RTMP distribution has been deprecated – mostly outdated content on the official guide – expand and review with other resources.

2. AWS global infrastructure and how to deploy foundational network elements

AWS Global Cloud Infrastructure, Virtual Private Cloud (VPC)

Dynamic Host Configuration Protocol (DHCP) configurations, route tables, network-access control lists (NACLs), and security groups.

NAT gateways (NGW), internet gateways (IGW), egress-only internet gateways (EIGW), and virtual gateways (VGW).

All basic stuff, you should know all that by heart if you are attempting the examโ€”good content on the official guide, but expand with other resources.

3. Hybrid network-connectivity options

VPNs, AWS Direct Connect – everything about them: technical specifications, scenarios, cost … good content on the official guide, but expand with other resources.

4. Inter-VPC connectivity options

VPC peering, AWS Transit Gateway – everything about them: technical specifications, scenarios, cost … outdated content on the official guide – expand and review with other resources. You should know about Transit VPC’s, though. It still appears on the exam, and you may have to deal with it in some project. If you don’t have real-life experience with the services, you should get some through laboratories or actual projects.

5. Automate network management using AWS CloudFormation

CloudFormation – got a few questions about it – good content on the official guide, but expand with other resources.

6.  Integrate VPC networks with other AWS services

AWS PrivateLink, Gateway Endpoints, Interface endpoints – everything about them: technical specifications, scenarios, cost … good content on the official guide, but expand with other resources. If you don’t have real-life experience with the services, you should get some through laboratories or actual projects.

7. Security and compliance

CloudFront and AWS Web Application Firewall (WAF)

IPAA, EU/US Privacy Shield, and PCI.

Mostly outdated content on the official guideexpand and review with other resources.

8. Methods to simplify network management and troubleshooting

VPC flow logs, access logs for your application load balancer, and CloudFront logs.

Traffic Mirroring

Mostly outdated content on the official guideexpand and review with other resources.

9.   Network configuration options for high performance applications

Placement groups, jumbo frames, and elastic network adapters.

Good content on the official guide, but expand with other resources.

10. Designs for reliability

AWS Well Architected Framework

Amazon Route 53 and AWS Global Accelerator 

Amazon VPC  AWS Elastic Load Balancing

Amazon CloudWatch

Mostly outdated content on the official guide, so expand with other resources. All those services are key, so make sure to get some real-life experience with them through laboratories or actual projects.

AWS Network Firewall, one of the latest additions – Image property of

New Revision is Coming

As I mentioned previously, while I was preparing for the recertification, I got an invitation to a survey about the contents of the new revision of the exam.

The thing is, the exam it’s updated. However, the official guide is not. So I’d guess this will be an opportunity to deliver a new guide and training content.

The new contents seem similar to the present incarnation, reducing the domains from five to four, adding new services, increasing security content, networking performance, reliability and monitoring. Potentially, there might be laboratories as well. The exam’s not getting any easier, that’s for sure ๐Ÿ˜‰

I’d guess we may get a beta at the end of the year, looking forward to it!

Virtual Days 2021 – Migrating Apps to AWS


Last Wednesday, 19/05/2021, I attended one of AWS’s Virtual Days that are being organized regularly. This time was about Migrations, which it’s a hot topic in the Enterprise right now. Sometimes it feels like everything is about Machine Learning or other sideline subjects. Still, in reality, most big projects are about migrating apps from on-premises environments to the cloud.

The Virtual Day was organised about the following subjects:

  • Re:host and Re:platform
  • Migration of Analytics workloads from on-premises.
  • Data Migration Service.
  • Migration of SAP workloads.

Image property of

I wanted to share some takeaway points from Day II, as I missed Day I, which I can only presume was about Lift & Shift tools and operations, which AWS has extensively covered. Services like AWS Application Migration Service – console version of Cloud Endure – or AWS Migration Hub are extremely comprehensive and cutting edge, on tops of classic services like Storage Gateway or the Snow family.

The takeaways points are very personal, so if you have additional questions, you can send me an e-mail from the contact page.

  • APP2Container
Image property of

A handy tool for analyzing and containerizing Java and .NET apps. My experience with the tool it’s very positive and can really accelerate the migration of existing applications as it generates several artefacts for services like ECS and Kubernetes.

  • Data Analytics

This part of the webinar was really technical and covered a wide range of topics – I can’t complain, though ๐Ÿ™‚

Image property of

I’m going to highlight two services: AWS Lake Formation and AWS Glue Studio.

Lake Formation is an interesting service that I think has a lot of potential for the future. Actually, new features are on the way; we’ll see the direction that it takes.

At the moment, the most interesting feature is the centralized granular set of permissions to manage the data sets securely. It took me some time to get around it, but after that worked very well.

AWS Glue Studio looks interesting, but I haven’t used it just yet.

  • Database Migration Service

Very well known service and interesting webinar. The only point to highlight is the extensive catalogue of sources and destinations.

  • SAP Workloads

My experience in SAP workloads is minimal, so I was really impressed with AWS’s coverage of the subject. Exciting webinar.

Image property of

Impressions about the Google Professional Cloud Architect Beta – and other ramblings


The past 15th of March, I sat down at Google’s Professional Cloud Architect Beta, so I’d like to share some of my thoughts now that some time has passed.

If you haven’t taken any Google’s certification before, let me tell you that this test could be very different from your expectations. This is not a highly technical exam-focused, just on architecture scenarios. To understand it better and get a contrast, let’s explore another vendor’s version of the test first.

AWS’s version

You are presented with seventy-five questions-scenarios, highly technical and mostly based on their tech. It’s a challenging test, where you need to know many of the platform’s technical intricacies. As with Google’s, I think it reflects the culture and their idea of architecture; in this case, highly specialized in the vendor’s technologies; don’t get me wrong, it’s challenging and a lot of fun. I allocated around nine months to take on that certification, and I had experience with the platform since 2010. The thing is, working for AWS probably’s like that. I had some experienced with them last year, and they were highly specialized in certain areas and technologies.

What’s the problem with that approach? I think that type of certification is confusing many. AWS is very clear, though; you’d need “Two or more years of hands-on experience designing and deploying cloud architecture on AWS”. This is a professional test and means that you should back that certification with professional experience because the exam is only a highly abstract version of the job’s technical side. You are supposed to have the soft skills, broad experience in different technologies and industries, and the intuition that comes with the job to succeed in real life.

Most architectures don’t live in a vacuum, and any change requires a lot of technical work – usually integrating with other technologies. But no company or customer it’s going to take your proposal at face value. Still, a lot of discussions with different teams, questions, presentations, budgets, validations, certifications will happen even before you could do any change … in a few words, it’s not all about knowing the technical side of things; sometimes, it’s the easiest part.

I get many messages from people from other fields and even other industries – Finance, Entertainment, Hospitality – that reversed the process. They took the certification with little experience in Cloud or Architecture, and now they can’t find a job. Why? Because you are missing many other skills, and some you’d need to get at the job. It’s an organic process.

Google’s version

I’m discussing the Beta version of the test, but I don’t think the final version will be very different, at least in the core values. I think this test pushes you to show the experience as an Architect as a whole, not just the technical side of things. So it can be a more difficult exam than AWS’s, even though it could be seen as easier on the surface as you don’t get that many complex scenarios with multi-choice answers that look very similar.

  • You will get questions reflecting Google’s SRE culture. Some of them just about that with not other aspects involved. I was surprised to find questions delivered in that way in an Architect test.
  • You will get questions including other technologies and, of course, about Open Source, again reflecting the vendor’s culture: Istio, Terraform, Vault, Github,Kubernetes and Google’s offering, GKE, are always present, and this test is no exception. This relates directly with my main complaint about AWS’s take, which leaves containers underrepresented in their certifications, not only Kubernetes – non-existent – but also with their own technologies, meaning Fargate or EKS, which are very cool.
  • You will get typical questions about classic Computing and Storage, nothing really stands up there as extremely difficult.
  • You will get many questions about Networking, Security, Compliance, APIS, Serverless and their no-ops container offering Cloud Run. Definitely, a step-up in complexity and scope. Without a good knowledge of Networking and Security, I think this test could be challenging to pass.
  • You will get questions about Data Analytics, Machine Learning and tools: Tensorflow, AI Platform, DataFlow, Pub/Sub, DataPrep, DataStudio … not many and not especially difficult. I was expecting more questions of this type, to be honest.
  • You will get questions about the case studies. There are now four of them, two new and two up-to-dated. In the beta, there were like 20 to 25 questions, and they were really challenging. Don’t expect a simple selection between technologies. They are questions related to certain aspects of the system, technical or business, and are not straightforward. It could be Security, Networking, SRE, Compliance, Computing … In my case, I struggled because I got the two up-to-dated scenarios linked to the old spec; I guess that was a glitch in the beta exam. So I picked up questions based on the best possible answer to the related scenario using what I remembered. In any case, it’s the most difficult part of the test – at least in the beta.


Overall, I think it’s a good and challenging update that now ranks high in terms of difficulty and reflects a bit better the Architect’s job – and Google’s take on it.

AWS Innovate – AI/ML Edition Takeaways


The past 24th of February, I attended the AWS Innovate – AI/ML Edition, Technical Decision Maker Track; it was an exciting event, so I’d like to share some quick takeaways:

๐Ÿ“Œ Scaling ML as a Journey; 7 fundamentals steps: Culture, Team Enablement, Data Strategy, PoC, Repeatability, Scale, Evolution.

๐Ÿ“Œ S3 strong after-read-consistency: was introduced at last re:Invent, but now I had time to check it out properly. It’s an essential feature for migrations or Data Lakes to ensure having the latest version of documents or files.

๐Ÿ“Œ New AWS AI Services such as Amazon Lookout for Vision: also introduced at last re:Invent; again, now I had the chance to try it. It seems very appropriate for industrial applications, such as finding defective parts.

๐Ÿ“Œ The proper way to architect AWS ML Apps: ML Lens

๐Ÿ“Œ Secure Machine Learning for Regulated Industries: I especially enjoyed this presentation, quite hand-on and lots of RL security practices for Sagemaker.

I’m still going through the other tracks, so expect a full post in the coming weeks.

Image property of