🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
SAA-C03
SAA-C03 Amazon Web Services

Solutions Architect Associate

Students learn to design secure, resilient, high‑performing, and cost‑optimized AWS architectures, applying best‑practice patterns and services to meet real‑world enterprise requirements, preparing them for the SAA‑C03 exam.

130
Minutes
65
Questions
720/1000
Passing Score
$150
Exam Cost
11
Languages

Who Should Take This

It is ideal for cloud engineers, system administrators, or developers who have roughly one year of hands‑on experience building or supporting AWS workloads. These professionals seek to validate their ability to craft secure, scalable, and cost‑effective solutions and to advance toward senior architecture roles.

What's Covered

1 Design secure access to AWS resources, secure workloads and applications, and determine appropriate data security controls.
2 Design scalable and loosely coupled architectures, choose appropriate resilient storage, and design multi-tier architectures with high availability.
3 Determine high-performing and scalable storage, compute, database, and network architecture solutions.
4 Design cost-optimized storage, compute, database, and network architectures using appropriate pricing models and resource sizing.

Exam Structure

Question Types

  • Multiple Choice
  • Multiple Response

Scoring Method

Scaled scoring from 100 to 1000, minimum passing score of 720

Delivery Method

Pearson VUE testing center or online proctored

Recertification

Recertify every 3 years by passing the current exam or earning a higher-level AWS certification.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

75 learning goals
1 Domain 1: Design Secure Architectures
5 topics

Design secure access to AWS resources

  • Identify IAM identity types including users, groups, roles, and policies and explain how each enforces least-privilege access for AWS resources.
  • Identify identity-based policies, resource-based policies, permission boundaries, and service control policies and explain their evaluation logic in multi-account environments.
  • Design cross-account access patterns using AWS Organizations, IAM role delegation, STS temporary credentials, and identity federation for multi-team AWS environments.
  • Design service-linked roles and instance profiles for EC2, Lambda, and ECS task roles that grant application-level access without long-term credentials.
  • Analyze identity architecture tradeoffs between centralized and decentralized permission models and select the appropriate combination of SCPs, permission boundaries, and role assumptions for complex multi-account scenarios.

Design secure workloads and applications

  • Identify VPC network isolation controls including security groups, network ACLs, and VPC endpoints and explain how each filters traffic at different OSI layers.
  • Design network segmentation using public and private subnets, NAT gateways, bastion hosts, and VPC peering to isolate application tiers from direct internet access.
  • Design private connectivity to AWS services using gateway VPC endpoints for S3 and DynamoDB and interface VPC endpoints with PrivateLink for other services to eliminate internet exposure.
  • Select managed edge protection and threat detection controls including AWS WAF, Shield, Shield Advanced, GuardDuty, and Inspector for internet-facing workloads with layered defense requirements.
  • Analyze defense-in-depth architectures and evaluate the tradeoffs among network-layer controls, application-layer firewalls, and threat detection services for workloads with varying compliance postures.

Determine appropriate data security controls

  • Identify encryption options for data at rest including SSE-S3, SSE-KMS, SSE-C, and client-side encryption and explain when each is appropriate across S3, EBS, RDS, and DynamoDB.
  • Identify encryption options for data in transit including TLS termination at ALB, ACM certificate management, and HTTPS enforcement policies for application communication channels.
  • Design key management strategies using KMS customer managed keys, automatic key rotation, key policies, and grants to satisfy auditability and compliance requirements for regulated data.
  • Design secret and credential management using Secrets Manager with automatic rotation and Systems Manager Parameter Store with SecureString for runtime configuration security.
  • Analyze data protection architectures and select encryption, key management, and access logging strategies that satisfy confidentiality, integrity, and compliance constraints across storage and transport layers.

Design security monitoring and audit controls

  • Identify AWS security monitoring services including CloudTrail, AWS Config, Security Hub, and Access Analyzer and explain how each provides visibility into configuration compliance and API activity.
  • Design audit logging architectures using CloudTrail with S3 log delivery, CloudWatch Logs integration, and AWS Config rules for continuous compliance monitoring across accounts.
  • Analyze security event data from CloudTrail, GuardDuty findings, and Config rule evaluations to identify misconfigurations, unauthorized access, and remediation priorities.

Design secure infrastructure deployment and management

  • Identify infrastructure-as-code services including CloudFormation stacks, templates, change sets, and stack policies and explain how they enforce repeatable, auditable infrastructure provisioning.
  • Design CloudFormation templates with IAM role constraints, DeletionPolicy attributes, and drift detection to prevent unauthorized resource modification and accidental data loss.
  • Design automated compliance enforcement using AWS Config managed rules, custom rules, and remediation actions to continuously validate infrastructure against security baselines.
  • Analyze infrastructure deployment security patterns and evaluate tradeoffs among preventive controls, detective controls, and automated remediation for maintaining security posture at scale.
2 Domain 2: Design Resilient Architectures
5 topics

Design scalable and loosely coupled architectures

  • Identify Elastic Load Balancing types including ALB, NLB, and GLB and explain the routing algorithms, health check mechanisms, and protocol support for each.
  • Identify Auto Scaling group components including launch templates, scaling policies, cooldown periods, and lifecycle hooks and explain how they automate capacity management.
  • Design multi-tier web application architectures using ALB target groups, Auto Scaling groups, and stateless application patterns across multiple Availability Zones.
  • Design scaling policies using target tracking, step scaling, and scheduled scaling to match capacity to demand patterns with predictable and unpredictable workloads.
  • Analyze scaling architecture tradeoffs among horizontal and vertical scaling approaches and select load balancing strategies for workloads with session affinity, WebSocket, or TCP requirements.

Design highly available and fault-tolerant architectures

  • Identify high availability primitives including multi-AZ deployments, Availability Zone independence, and automated failover mechanisms for compute, database, and storage services.
  • Design multi-AZ database architectures using RDS Multi-AZ deployments, Aurora multi-AZ clusters, and DynamoDB global tables for automated failover and cross-region replication.
  • Design multi-Region disaster recovery architectures using backup-and-restore, pilot light, warm standby, and active-active patterns aligned to RPO and RTO requirements.
  • Analyze recovery objectives and evaluate disaster recovery strategy tradeoffs among cost, complexity, RPO, and RTO for workloads with different criticality levels.

Design decoupled architectures

  • Identify asynchronous messaging services including SQS standard and FIFO queues, SNS topics, and EventBridge event buses and explain their delivery semantics and ordering guarantees.
  • Design queue-based decoupling using SQS with visibility timeouts, dead-letter queues, and long polling to buffer workload spikes and enable independent tier scaling.
  • Design fan-out and event-driven architectures using SNS-to-SQS subscriptions, EventBridge rules with target routing, and Step Functions for multi-service orchestration workflows.
  • Analyze reliability and latency tradeoffs between synchronous and asynchronous communication patterns and select messaging architectures for workloads with ordering, deduplication, and throughput constraints.

Design serverless and container-based resilient architectures

  • Identify serverless compute services including Lambda, API Gateway, and Fargate and explain how each eliminates infrastructure management while providing built-in availability.
  • Design serverless application architectures using Lambda with API Gateway, DynamoDB, S3 event triggers, and SQS event source mappings for event-driven workloads requiring automatic scaling.
  • Design container-based architectures using ECS with Fargate launch type, ECR for image storage, and service auto scaling with rolling deployment configurations for resilient microservices.
  • Analyze compute platform tradeoffs among EC2, Lambda, and ECS/Fargate based on workload duration, concurrency, cold-start sensitivity, and operational complexity to select the resilient architecture pattern.

Design backup and data protection strategies

  • Identify AWS backup mechanisms including EBS snapshots, RDS automated backups, S3 versioning, and AWS Backup and explain retention, recovery, and cross-region copy capabilities.
  • Design data protection strategies using S3 cross-region replication, RDS read replicas with promotion, and AWS Backup policies to meet recovery point and recovery time objectives.
3 Domain 3: Design High-Performing Architectures
5 topics

Determine high-performing and scalable storage solutions

  • Identify S3 storage classes including Standard, Intelligent-Tiering, Standard-IA, One Zone-IA, Glacier Instant Retrieval, Glacier Flexible Retrieval, and Glacier Deep Archive and explain their durability, availability, and retrieval characteristics.
  • Identify EBS volume types including gp3, gp2, io2, st1, and sc1 and EFS and FSx file storage services and explain their IOPS, throughput, protocol, and concurrent access characteristics for block and file storage workloads.
  • Design S3 lifecycle policies with transition rules, expiration actions, and Intelligent-Tiering configurations to automate data movement across storage tiers based on access patterns.
  • Analyze storage architecture tradeoffs and select the optimal combination of S3, EBS, EFS, and FSx based on throughput, latency, durability, sharing, and access-pattern requirements.

Design high-performing and elastic compute solutions

  • Identify EC2 instance families and explain how general purpose, compute optimized, memory optimized, storage optimized, and accelerated computing instances map to workload requirements.
  • Design elastic compute architectures using EC2 placement groups, enhanced networking, and instance store volumes for workloads requiring low-latency, high-throughput, or GPU acceleration.
  • Analyze compute selection tradeoffs among EC2 instance types, Lambda concurrency, and Fargate task sizing to optimize for startup time, sustained throughput, and burst capacity requirements.

Determine high-performing database solutions

  • Identify managed relational database options including RDS engines, Aurora, and Aurora Serverless and explain their replication, failover, and read scaling capabilities.
  • Identify DynamoDB table design concepts including partition keys, sort keys, global secondary indexes, local secondary indexes, and capacity modes and explain their impact on read/write performance.
  • Design read-heavy database architectures using RDS read replicas, Aurora reader endpoints, and ElastiCache with cache-aside or read-through patterns to reduce database load.
  • Design DynamoDB-based architectures with DAX caching, DynamoDB Streams, and global tables for low-latency key-value and document workloads requiring single-digit millisecond response.
  • Analyze database architecture tradeoffs among RDS, Aurora, DynamoDB, and ElastiCache and select the optimal database strategy based on consistency, throughput, latency, and query pattern requirements.

Design high-performing and scalable network architectures

  • Identify Route 53 routing policies including simple, weighted, latency-based, failover, geolocation, and geoproximity and CloudFront distribution components including origins, behaviors, edge locations, and cache policies and explain how each accelerates and distributes traffic.
  • Design content delivery architectures using CloudFront with S3 origins, custom origins, origin access control, cache invalidation, and Lambda@Edge for dynamic content processing at edge locations.
  • Design hybrid network architectures using Direct Connect, Site-to-Site VPN, Transit Gateway, and VPC peering for private, low-latency connectivity between on-premises and cloud workloads.
  • Analyze network topology tradeoffs and select the optimal combination of Route 53 routing, CloudFront caching, Global Accelerator, and hybrid connectivity for workloads with latency-sensitive, global, or compliance-constrained traffic patterns.

Determine high-performing data ingestion and transformation solutions

  • Identify data ingestion and streaming services including Kinesis Data Streams, Kinesis Data Firehose, and S3 Transfer Acceleration and explain their throughput, latency, and delivery guarantee characteristics.
  • Design data pipeline architectures using Kinesis for real-time ingestion, Glue for ETL, and Athena for serverless querying against S3 data lakes and evaluate batch versus streaming tradeoffs for analytics workloads.
4 Domain 4: Design Cost-Optimized Architectures
5 topics

Design cost-optimized storage solutions

  • Identify storage cost drivers including capacity, request counts, retrieval fees, and data transfer charges and map data access patterns to cost-efficient S3 storage classes.
  • Design storage lifecycle and archival strategies using S3 lifecycle rules, Glacier retrieval tiers, and S3 Intelligent-Tiering to minimize cost while preserving retrieval SLAs and compliance retention requirements.
  • Design EBS volume cost optimization using gp3 migration from gp2, snapshot lifecycle management, and volume right-sizing based on observed IOPS and throughput utilization.
  • Analyze total storage cost across S3, EBS, and EFS and evaluate tradeoffs among storage class, retrieval latency, and durability to select the lowest-cost architecture meeting performance requirements.

Design cost-optimized compute solutions

  • Identify EC2 pricing models including On-Demand, Reserved Instances, Savings Plans, Spot Instances, and Dedicated Hosts and explain the commitment, discount, and interruption characteristics of each.
  • Design Spot Instance architectures using Spot Fleet, mixed instance policies, and interruption handling for fault-tolerant batch processing, CI/CD, and stateless workloads.
  • Design right-sized compute architectures using CloudWatch utilization metrics, Compute Optimizer recommendations, and Savings Plans coverage analysis to eliminate idle or oversized resources.
  • Analyze compute cost optimization strategies and select the optimal mix of On-Demand, Reserved, Savings Plans, and Spot capacity to minimize cost while satisfying availability and performance constraints.

Design cost-optimized database solutions

  • Identify database cost factors including instance sizing, storage type, I/O pricing, read replica charges, and Reserved Instance options for RDS, Aurora, and DynamoDB.
  • Design cost-efficient database architectures using Aurora Serverless for variable workloads, DynamoDB on-demand capacity for unpredictable traffic, and ElastiCache to offload expensive database reads.
  • Analyze database cost tradeoffs among managed relational, NoSQL, serverless, and cache-augmented architectures and select the lowest total cost option that meets consistency, throughput, and latency requirements.

Design cost-optimized network architectures

  • Identify network cost drivers including data transfer between AZs, Regions, and the internet, NAT Gateway processing charges, and VPC endpoint pricing models.
  • Design network architectures that minimize data transfer costs using CloudFront caching, S3 gateway endpoints, VPC endpoint consolidation, and same-AZ resource placement strategies.
  • Analyze network cost tradeoffs between Direct Connect, VPN, NAT Gateway, and VPC endpoints and select connectivity architectures that minimize transfer and routing cost without violating performance or resilience objectives.

Design cost-aware monitoring and governance

  • Identify AWS cost management tools including Cost Explorer, Budgets, Cost Anomaly Detection, and resource tagging strategies and explain how each supports cost visibility and governance.
  • Design cost allocation and budget alerting using resource tagging taxonomies, AWS Budgets with threshold alerts, and Cost Anomaly Detection to enable proactive cost governance across teams.

Hands-On Labs

30 labs ~550 min total Console Simulator

Practice in a simulated cloud console or Python code sandbox — no account needed. Each lab runs entirely in your browser.

Certification Benefits

Salary Impact

$150,000
Average Salary

Related Job Roles

Solutions Architect Cloud Architect Systems Administrator Cloud Engineer DevOps Engineer

Industry Recognition

The AWS Solutions Architect Associate is consistently ranked as one of the most valuable IT certifications worldwide. It is the most popular AWS certification by exam volume, and holders command premium salaries reflecting strong demand for cloud architecture skills across every industry.

Scope

Included Topics

  • All domains and task statements in the AWS Certified Solutions Architect - Associate (SAA-C03) exam guide: Domain 1 Design Secure Architectures (30%), Domain 2 Design Resilient Architectures (26%), Domain 3 Design High-Performing Architectures (24%), and Domain 4 Design Cost-Optimized Architectures (20%).
  • Foundational to intermediate architecture design decisions for AWS workloads, including secure identity and data controls, resilient multi-tier patterns, performance-aware service selection, and cost optimization tradeoff analysis.
  • Service-selection reasoning for common architect scenarios that require balancing security, reliability, performance efficiency, and cost optimization.
  • Key AWS services for solutions architects: EC2, ELB, ASG, S3, EBS, EFS, RDS, Aurora, DynamoDB, ElastiCache, VPC, CloudFront, Route 53, IAM, KMS, CloudWatch, CloudFormation, CloudTrail, Lambda, SQS, SNS, EventBridge, ECS/Fargate, API Gateway, Step Functions, Kinesis, Athena, Direct Connect, Transit Gateway, AWS Organizations, AWS Config, Secrets Manager, Systems Manager, WAF, Shield, GuardDuty.

Not Covered

  • Implementation detail depth expected only for AWS Certified Solutions Architect - Professional or specialty-level certifications.
  • Low-level SDK and CLI command syntax, infrastructure automation script authoring, and code-level framework implementation patterns.
  • Current list prices, promotional discounts, and region-specific pricing values that change frequently over time.
  • Service domains not emphasized by the SAA-C03 blueprint, including deep enterprise governance strategy and extensive organizational operating model design.
  • AWS Partner Network, Marketplace listings, and third-party integration specifics not covered in the SAA-C03 exam guide.

Official Exam Page

Learn more at Amazon Web Services

Visit

Ready to master SAA-C03?

Adaptive learning that maps your knowledge and closes your gaps.

Subscribe to Access

Trademark Notice

AWS, Amazon Web Services, and all related names, logos, product and service names, designs and slogans are trademarks of Amazon.com, Inc. or its affiliates. Amazon does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.