AWS Certified Solutions Architect Associate Exam Guide (2026)

AWS Certified Solutions Architect - Associate (SAA-C03) - Complete Exam Guide

Introduction: Why Become an AWS Solutions Architect?

The AWS Certified Solutions Architect - Associate certification is one of the most sought-after and valuable certifications in cloud computing.

It validates your ability to design distributed systems on AWS that are scalable, highly available, fault-tolerant, and cost-effective. This isn't just about knowing AWS services- it's about making architectural decisions that solve real business problems.

Solutions Architects are the technical decision-makers who bridge the gap between business requirements and technical implementation. This certification proves you can evaluate trade-offs, choose appropriate AWS services, and design complete solutions that meet security, performance, and budget requirements. With cloud adoption accelerating across all industries, Solutions Architects are in high demand and command premium salaries.

____

Exam Overview: What You're Getting Into

Exam Details at a Glance

• Exam Code: SAA-C03
• Duration: 130 minutes
• Number of Questions: 65 questions
• Question Format: Multiple choice (1 correct answer) and multiple response (2+ correct answers)
• Passing Score: 720 out of 1000 (approximately 72%)
• Cost: $150 USD
• Validity: 3 years
• Delivery Method: Pearson VUE testing centers or online proctored exam
• Prerequisites: None (but AWS Cloud Practitioner recommended)
• Experience Level: Associate (requires 1+ years of hands-on AWS experience)

____

What Makes This Exam Different

This exam tests your architectural thinking, not just your service knowledge. You'll face complex scenarios that require you to balance multiple concerns: security vs. convenience, performance vs. cost, simplicity vs. flexibility. Questions often have multiple technically correct answers—you must choose the best answer based on the specific requirements.

The exam emphasizes scenario-based questions. You'll see real-world problems like: "A company needs to migrate 500TB of data...," "An application experiences unpredictable traffic spikes...," "A financial services firm requires..." You need to think holistically about solutions, considering infrastructure, networking, security, databases, and cost simultaneously.

____

Exam Domains: Breaking Down What's Tested

The SAA-C03 exam is divided into four domains, each weighted differently. Understanding these weightings helps you allocate your study time effectively.

Domain 1: Design Secure Architectures (30% of exam)

What This Domain Covers:

This is the heaviest-weighted domain and focuses on designing secure access controls, protecting data, and implementing defense-in-depth strategies. Security pervades every architectural decision you make on AWS.

Key Topics You'll Encounter:

• Identity and Access Management: IAM users, groups, roles, policies, ABAC, RBAC, service control policies (SCPs)
• Secure Access Patterns: IAM roles for EC2, Lambda execution roles, cross-account access, federated identities
• Data Encryption: Encryption at rest (EBS, S3, RDS), encryption in transit (TLS/SSL), AWS KMS, CloudHSM
• Network Security: Security groups, NACLs, VPC design, private subnets, NAT gateways, VPC endpoints
• Secure Multi-Tier Architectures: Public vs. private subnets, bastion hosts, VPN connections, Direct Connect
• Secrets Management: AWS Secrets Manager, Systems Manager Parameter Store, credential rotation
• Compliance and Governance: AWS Organizations, Service Control Policies, AWS Config, GuardDuty, Security Hub
• Data Protection: S3 bucket policies, S3 Block Public Access, versioning, MFA Delete, S3 Object Lock

What Success Looks Like:

You should be able to design complete security architectures that implement least privilege, encrypt sensitive data, segment networks properly, and meet compliance requirements. You'll need to understand the shared responsibility model thoroughly and know which security measures are your responsibility.

Exam Question Style:

"A company stores sensitive customer data in S3. They need to ensure that only specific applications can access the data, and all access must be logged. Data must be encrypted at rest and in transit. What combination of services should be implemented? (Select TWO)"

__

Domain 2: Design Resilient Architectures (26% of exam)

What This Domain Covers:

This domain tests your ability to design systems that withstand failures, scale automatically, and remain available even when components fail. Resilient architectures are core to cloud design principles.

Key Topics You'll Encounter:

• High Availability Design: Multi-AZ deployments, Regional architectures, failover strategies
• Scalability Patterns: Horizontal vs. vertical scaling, Auto Scaling groups, scaling policies
• Decoupling Components: SQS, SNS, EventBridge, Step Functions, loose coupling principles
• Stateless vs. Stateful Design: Session management, ElastiCache, DynamoDB for session storage
• Load Balancing: Application Load Balancer, Network Load Balancer, Gateway Load Balancer, target groups
• Disaster Recovery: Backup and restore, pilot light, warm standby, multi-region active-active
• Data Replication: RDS read replicas, Aurora replicas, DynamoDB global tables, S3 Cross-Region Replication
• Fault Tolerance: Understanding single points of failure, designing for component failure
• Elastic Services: Lambda for serverless, ECS/Fargate for containers, Elastic Beanstalk for managed applications

What Success Looks Like:

You should be able to identify single points of failure in architectures and recommend solutions. You'll need to understand when to use Auto Scaling, how to implement proper load balancing, and how to decouple application components for reliability.

Exam Question Style:

"An application experiences unpredictable traffic patterns with sudden spikes. The application must remain responsive during peaks and minimize costs during low usage. Which architecture provides the best balance of performance and cost?"

__

Domain 3: Design High-Performing Architectures (24% of exam)

What This Domain Covers:

This domain focuses on designing solutions that deliver optimal performance for compute, storage, databases, and networking. Performance optimization often involves trade-offs with cost and complexity.

Key Topics You'll Encounter:

• Compute Solutions: EC2 instance types and families, Lambda configuration, ECS/EKS, Fargate, Elastic Beanstalk
• Storage Solutions: S3 storage classes, EBS volume types (gp3, io2, st1, sc1), EFS, FSx, Instance Store
• Database Solutions: RDS vs. DynamoDB, Aurora, ElastiCache (Redis vs. Memcached), Redshift, Neptune
• Caching Strategies: CloudFront, ElastiCache, DAX (DynamoDB Accelerator), API Gateway caching
• Network Performance: Enhanced networking, Placement groups, VPC design, Direct Connect, Transit Gateway
• Data Transfer Optimization: S3 Transfer Acceleration, CloudFront, multipart uploads, byte-range fetches
• Database Performance: Read replicas, database caching, query optimization, choosing partition keys
• Architecting for Performance: Asynchronous processing, parallel processing, edge computing

What Success Looks Like:

You should be able to select appropriate instance types for workloads, choose the right storage solution based on access patterns, implement effective caching strategies, and design high-throughput data processing pipelines.

Exam Question Style:

"A media company needs to serve 4K video content to a global audience with minimal latency. The videos are stored in S3. Which solution provides the best performance for viewers worldwide?"

__

Domain 4: Design Cost-Optimized Architectures (20% of exam)

What This Domain Covers:

This domain tests your ability to design solutions that meet requirements while minimizing costs. Cost optimization is a continuous process that balances performance and budget.

Key Topics You'll Encounter:

• EC2 Pricing Models: On-Demand, Reserved Instances, Savings Plans, Spot Instances, when to use each
• Storage Cost Optimization: S3 storage classes, S3 Intelligent-Tiering, S3 Lifecycle policies, EBS snapshots
• Database Cost Optimization: RDS Reserved Instances, Aurora Serverless, DynamoDB on-demand vs. provisioned
• Right-Sizing: Choosing appropriate instance sizes, using AWS Compute Optimizer recommendations
• Data Transfer Costs: Understanding data transfer charges, VPC endpoints, CloudFront for egress reduction
• Serverless for Cost: Lambda vs. always-on servers, paying only for what you use
• Cost Monitoring: AWS Cost Explorer, AWS Budgets, cost allocation tags, billing alerts
• Architecture Patterns: Using managed services to reduce operational costs, avoiding over-provisioning

What Success Looks Like:

You should be able to identify cost-inefficient architectures and recommend improvements. You'll need to understand AWS pricing models thoroughly and know which architectural patterns reduce costs while maintaining performance and reliability.

Exam Question Style:

"A company runs batch processing jobs that can tolerate interruptions and have flexible start times. The jobs currently run on On-Demand EC2 instances. How can the company reduce costs by 70% or more?"

____

The Must-Know Services: Your Priority List

Not all AWS services are tested equally on the Solutions Architect exam. Master these and you'll be well-prepared.

Critical Services (Master These Thoroughly)

Compute:

• Amazon EC2: Instance types, families, pricing models, placement groups, Auto Scaling, lifecycle
• AWS Lambda: Serverless architecture, event sources, use cases, limitations
• Elastic Load Balancing: ALB vs. NLB vs. GWLB, target groups, health checks, cross-zone load balancing

Storage:

• Amazon S3: Storage classes (Standard, IA, One Zone-IA, Glacier, Glacier Deep Archive, Intelligent-Tiering), lifecycle policies, versioning, replication, bucket policies, pre-signed URLs
• Amazon EBS: Volume types (gp3, io2, st1, sc1), snapshots, encryption, RAID configurations
• Amazon EFS: Network file system, performance modes, throughput modes, lifecycle management
• AWS Storage Gateway: File Gateway, Volume Gateway, Tape Gateway for hybrid cloud

Database:

• Amazon RDS: Multi-AZ, read replicas, automated backups, snapshots, encryption, engine options
• Amazon Aurora: Performance advantages, Aurora Serverless, Aurora Global Database, read replicas
• Amazon DynamoDB: Partition keys, sort keys, indexes (GSI/LSI), capacity modes, streams, global tables
• Amazon ElastiCache: Redis vs. Memcached, caching strategies, cluster modes

Networking:

• Amazon VPC: Subnets, route tables, internet gateways, NAT gateways, VPC peering, Transit Gateway
• AWS Direct Connect: Dedicated network connections, Virtual Private Gateways, hybrid connectivity
• Amazon CloudFront: CDN, origins, behaviors, cache behaviors, signed URLs/cookies
• Amazon Route 53: DNS, routing policies (simple, weighted, latency, failover, geolocation, geoproximity, multivalue)
• VPC Endpoints: Gateway endpoints (S3, DynamoDB), Interface endpoints (PrivateLink)

Security & Identity:

• AWS IAM: Users, groups, roles, policies, policy evaluation logic, identity federation, STS
• AWS KMS: Encryption keys, key policies, envelope encryption, cross-account access
• AWS Organizations: Consolidated billing, SCPs, organizational units, member accounts
• AWS Secrets Manager: Secret storage, automatic rotation, integration with RDS
• AWS Systems Manager: Parameter Store, Session Manager, Patch Manager

Migration & Transfer:

• AWS Snow Family: Snowcone, Snowball Edge, Snowmobile for large data transfers
• AWS DataSync: Automated data transfer, on-premises to AWS
• AWS Database Migration Service: Homogeneous and heterogeneous migrations, continuous replication

Integration & Messaging:

• Amazon SQS: Standard vs. FIFO queues, visibility timeout, dead-letter queues
• Amazon SNS: Pub/sub messaging, topics, subscriptions, fanout pattern
• AWS Step Functions: Workflow orchestration, state machines
• Amazon EventBridge: Event-driven architectures, rules, event buses

Management & Monitoring:

• Amazon CloudWatch: Metrics, logs, alarms, dashboards, log insights
• AWS CloudTrail: API logging, governance, compliance, security analysis
• AWS Config: Resource inventory, configuration history, compliance rules
• AWS Trusted Advisor: Best practice recommendations, cost optimization, security checks

Analytics:

• Amazon Athena: Serverless SQL queries on S3 data
• Amazon Kinesis: Data Streams, Data Firehose, Data Analytics for streaming data
• AWS Glue: ETL service, data catalog, crawlers
• Amazon Redshift: Data warehousing, columnar storage, massive parallel processing

Important Services (Know These Well)

• AWS Elastic Beanstalk: Platform as a Service, application deployment
• Amazon ECS/EKS: Container orchestration with Fargate or EC2
• Amazon API Gateway: REST APIs, WebSocket APIs, API management
• AWS WAF & Shield: Web application firewall, DDoS protection
• Amazon GuardDuty: Threat detection, security monitoring
• AWS CloudFormation: Infrastructure as Code, stacks, change sets
• Amazon SageMaker: Machine learning model building and deployment
• AWS Backup: Centralized backup across AWS services

High-Frequency Exam Topics

These concepts appear repeatedly across multiple questions:

1. Multi-AZ vs. Read Replicas - Know the difference for RDS and when to use each
2. S3 Storage Classes - Understand access patterns and costs for each class
3. VPC Design - Public vs. private subnets, routing, security groups vs. NACLs
4. High Availability Patterns - Multi-AZ, multi-region, load balancing, Auto Scaling
5. Cost Optimization - Reserved Instances, Spot Instances, Savings Plans, S3 lifecycle
6. Security Best Practices - Least privilege, encryption, network segmentation
7. Disaster Recovery Strategies - RTO/RPO, backup strategies, multi-region failover
8. Database Selection - Relational vs. NoSQL, when to use which database
9. Caching Strategies - Where to cache (CloudFront, ElastiCache, DAX, API Gateway)
10. Decoupling Patterns - Using SQS, SNS, EventBridge for loose coupling

Services You Can Deprioritize

These services rarely appear or appear only in specific contexts:

• Advanced analytics (EMR, Glue DataBrew, Lake Formation)
• Most IoT services (unless specifically mentioned)
• Quantum computing (Braket)
• Blockchain (Managed Blockchain)
• Robotics (RoboMaker)
• Satellite (Ground Station)
• Most media services (MediaConvert, MediaLive)

Don't completely ignore these, but don't spend extensive time on them.

_____

Study Strategy: Your Path to Success

Phase 1: Foundation Building (2-3 Weeks)

Start with core compute, storage, and networking services. These are the building blocks of all architectures.

Focus Areas:

• Master EC2: instance types, pricing, Auto Scaling
• Learn S3 thoroughly: storage classes, policies, replication
• Understand VPC: subnets, routing, gateways, security

Phase 2: Database and Storage Deep-Dive (2 Weeks)

Databases are heavily tested. Understand when to use each database type.

Focus Areas:

• RDS Multi-AZ vs. read replicas vs. Aurora
• DynamoDB design patterns and use cases
• ElastiCache for performance optimization
• Storage Gateway for hybrid architectures

Phase 3: Security and Networking (2-3 Weeks)

Security is the largest domain. Network design is critical for every architecture.

Focus Areas:

• IAM policies, roles, and best practices
• VPC design patterns and security
• Encryption at rest and in transit
• Direct Connect and hybrid connectivity

Phase 4: High Availability and Disaster Recovery (2 Weeks)

Learn to design systems that never go down.

Focus Areas:

• Multi-AZ and multi-region architectures
• Load balancing strategies
• Backup and disaster recovery patterns
• Decoupling with messaging services

Phase 5: Cost Optimization and Best Practices (1-2 Weeks)

Understand how to build cost-effective architectures.

Focus Areas:

• EC2 pricing models and when to use each
• S3 lifecycle policies and storage class transitions
• Reserved capacity and Savings Plans
• Right-sizing and cost monitoring

Phase 6: Practice and Refinement (2-3 Weeks)

Use practice exams to identify weak areas and refine knowledge.

Strategy:

• Take Practice Set 1 under exam conditions
• Analyze results by domain
• Study weak areas intensively
• Take Practice Set 2 and measure improvement
• Repeat until consistently scoring 85%+

_____

Architectural Thinking: How to Approach Questions

The Well-Architected Framework

Every architecture decision should consider the six pillars:

1. Operational Excellence: Automation, monitoring, continuous improvement
2. Security: Identity management, data protection, infrastructure protection
3. Reliability: Fault tolerance, recovery planning, availability
4. Performance Efficiency: Right-sizing, caching, monitoring
5. Cost Optimization: Resource optimization, expenditure awareness
6. Sustainability: Energy efficiency, resource utilization

Common Question Patterns

"Most cost-effective" → Look for:

• Reserved Instances or Savings Plans over On-Demand
• Spot Instances for fault-tolerant workloads
• S3 Intelligent-Tiering or lifecycle policies
• Serverless options (Lambda, Fargate)

"Highest availability" → Look for:

• Multi-AZ deployments
• Multi-region architectures
• Auto Scaling and load balancing
• Decoupled architecture with SQS/SNS

"Least operational overhead" → Look for:

• Managed services over self-managed
• Aurora Serverless over managing capacity
• S3 over managing storage servers
• Lambda over EC2 for event-driven tasks

"Lowest latency" → Look for:

• CloudFront for global content delivery
• ElastiCache for database caching
• Direct Connect for on-premises connectivity
• Placement groups for compute-intensive workloads

Trade-Off Analysis

Often multiple answers work. Choose based on priorities:

• Security vs. Convenience: Always favor security
• Cost vs. Performance: Depends on the scenario—look for keywords
• Simplicity vs. Flexibility: Lean toward simpler solutions
• Managed vs. Self-Managed: Prefer managed unless specific requirements dictate otherwise

_____

Exam Day Strategy: Maximizing Your Performance

Before the Exam

• Review architectural patterns the night before
• Get adequate rest—complex scenarios require clear thinking
• Arrive early (testing center) or test your setup (online exam)
• Have water and take bathroom break before starting

During the Exam

• Read Carefully: Identify the core requirement—cost, performance, security, or availability
• Eliminate Wrong Answers: Rule out obviously incorrect options first
• Keywords Matter: "MOST cost-effective," "HIGHEST availability," "LEAST operational overhead"
• Flag and Move: Don't get stuck—flag difficult questions and return to them
• Time Management: 130 minutes for 65 questions = 2 minutes per question
• Multi-Response Questions: Pay attention to how many answers to select

Common Traps to Avoid

• Overengineering: The simplest solution that meets requirements is usually correct
• Ignoring Requirements: Make sure your answer addresses ALL stated requirements
• Confusing Similar Services: EFS vs. EBS, Aurora vs. RDS, CloudWatch vs. CloudTrail
• Cost Mistakes: Assuming all managed services are more expensive (sometimes they're cheaper)
• Security Shortcuts: Never choose a less secure option for convenience

_____

Resources for Success

Official AWS Resources

• AWS Free Tier: Build architectures hands-on
• AWS Architecture Center: Reference architectures and best practices
• AWS Well-Architected Tool: Review and improve architectures
• AWS Whitepapers: Especially Well-Architected Framework and Overview of AWS
• AWS Workshops: Free hands-on labs (workshops.aws)

CloudFluently Course Package Includes

• Comprehensive Study Notes: Architecture-focused explanations with design patterns
• 195 Practice Questions: Three full-length exams with detailed explanations
• Hands-On Projects: Build complete multi-tier architectures
• Quick Reference Cheatsheets: Service comparisons, decision trees, pricing models
• Flashcards: Active recall for key architectural concepts

____

After You Pass: What's Next?

Career Advancement

• Update Credentials: Add certification to LinkedIn and resume prominently
• Build Portfolio: Document architectures you've designed on GitHub
• Join Communities: AWS User Groups, r/aws, AWS re:Post
• Pursue Advanced Certifications: Solutions Architect Professional, Security Specialty, Advanced Networking Specialty

Continued Learning

• Stay Current: AWS releases new services weekly—follow AWS News Blog
• Deep Dive: Master advanced topics like multi-account strategies, hybrid architectures
• Learn Adjacent Skills: Terraform, Kubernetes, DevOps practices
• Teach Others: Best way to solidify knowledge is to explain it

____

Final Thoughts: You're Ready for This

The AWS Solutions Architect - Associate certification is challenging but achievable with proper preparation. This exam rewards architectural thinking, trade-off analysis, and comprehensive service knowledge. If you've spent time designing AWS architectures and understand the "why" behind service choices, you're well-positioned to succeed.

Remember: this isn't about memorizing fact, it's about making sound architectural decisions. Every question is a mini architecture review. Think about requirements, constraints, and trade-offs. Choose the solution that best balances all concerns.

The combination of study notes, practice exams, and hands-on projects in this package gives you everything you need to pass confidently. Design architectures, break them, improve them, and learn from the process.

Good luck, future AWS Certified Solutions Architect! 🏗️☁️