🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
SAP-C02
SAP-C02 Amazon Web Services

Solutions Architect Professional

Learn to design, implement, and optimize complex AWS environments, addressing organizational challenges, creating new solutions, improving existing systems, and accelerating migrations across multiple clouds with professional‑level expertise.

180
Minutes
75
Questions
750/1000
Passing Score
$300
Exam Cost
11
Languages

Who Should Take This

The exam targets seasoned AWS architects who have several years of experience designing, migrating, and managing enterprise‑scale cloud solutions. Candidates should be proficient in multi‑account governance, hybrid integrations, and continuous optimization, and they aim to validate their ability to lead complex, high‑impact projects.

What's Covered

1 Architect network connectivity strategies for multiple AWS accounts and VPCs, design multi-account governance and compliance solutions using AWS Organizations and Control Tower.
2 Design deployment strategies for business requirements, determine security controls, and architect compute, storage, database, and network solutions for complex workloads.
3 Determine strategies to improve overall operational excellence, reliability, performance, and security of existing architectures.
4 Select migration strategies for existing workloads, determine the appropriate modernization path, and implement migration tooling and approaches.

Exam Structure

Question Types

  • Multiple Choice
  • Multiple Response

Scoring Method

Scaled scoring from 100 to 1000, minimum passing score of 750

Delivery Method

Pearson VUE testing center or online proctored

Recertification

Recertify every 3 years by passing the current exam or earning a higher-level AWS certification.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

78 learning goals
1 Domain 1: Design Solutions for Organizational Complexity
5 topics

Multi-account strategy and governance

  • Design an AWS Organizations structure with organizational units, account vending, and consolidated billing to enforce enterprise governance and workload isolation boundaries.
  • Design a Control Tower landing zone with guardrails, account factory customizations, and drift detection to establish and maintain enterprise-wide compliance baselines.
  • Design service control policies that enforce preventive guardrails across organizational units while preserving operational flexibility for workload teams.
  • Analyze competing multi-account strategies and recommend an account topology that balances blast radius, operational overhead, and regulatory segmentation requirements.

Cross-account identity and access control

  • Design cross-account IAM role assumption chains and permission boundaries for delegated administration across organizational units.
  • Design an IAM Identity Center (SSO) integration with enterprise identity providers using SAML or SCIM for centralized workforce access across accounts.
  • Analyze identity trust boundaries and recommend a least-privilege access strategy that integrates SCPs, permission boundaries, and session policies across a multi-account environment.

Enterprise network architecture

  • Design a Transit Gateway topology with route tables, inter-region peering, and attachment strategies to connect VPCs, on-premises data centers, and shared-services accounts.
  • Design a Direct Connect architecture with virtual interfaces, LAG groups, and failover paths to establish dedicated hybrid connectivity with predictable latency and throughput.
  • Design VPN-over-Direct Connect and Site-to-Site VPN architectures with redundancy to provide encrypted hybrid connectivity for compliance-sensitive workloads.
  • Analyze hybrid network connectivity options and recommend a network architecture that balances bandwidth, latency, cost, and encryption requirements for enterprise workloads.

Security controls and threat detection

  • Design a centralized security operations architecture using Security Hub, GuardDuty, Config rules, and CloudTrail organization trails for enterprise-wide threat detection and compliance monitoring.
  • Analyze regulatory compliance requirements and design preventive and detective security controls using AWS Config conformance packs, custom rules, and automated remediation actions.
  • Design encryption governance using KMS multi-Region keys, key policies, grants, and cross-account key sharing to enforce data protection across organizational boundaries.
  • Recommend a layered security strategy that integrates identity, network, data, and application controls with defense-in-depth principles and residual risk treatment plans.

Organizational complexity tradeoff evaluation

  • Evaluate competing architecture alternatives across security, reliability, performance, and cost dimensions using the Well-Architected Framework for enterprise decision support.
  • Recommend architecture direction with explicit tradeoff rationale, residual risk treatment, and a phased implementation roadmap for organizational stakeholders.
2 Domain 2: Design for New Solutions
6 topics

Compute architecture design

  • Design compute architectures using EC2 instance families, placement groups, and Elastic Fabric Adapter to satisfy performance-sensitive workload requirements.
  • Design container orchestration architectures using ECS and EKS with Fargate and EC2 launch types, service mesh integration, and auto-scaling policies for microservices workloads.
  • Design serverless compute architectures using Lambda with event source mappings, provisioned concurrency, Step Functions orchestration, and EventBridge integration for event-driven workloads.
  • Analyze compute architecture tradeoffs across EC2, containers, and serverless and recommend the optimal compute model based on workload characteristics, scaling patterns, and operational maturity.

Data store and database architecture

  • Design relational database architectures using Aurora Global Database, RDS Multi-AZ, and read replicas with failover and replication strategies for high-availability requirements.
  • Design DynamoDB architectures with global tables, on-demand and provisioned capacity modes, DynamoDB Accelerator, and stream-based event processing for globally distributed workloads.
  • Design purpose-built data store architectures selecting among Redshift, OpenSearch, ElastiCache, Neptune, and Timestream based on query patterns, latency, and data model requirements.
  • Design S3 storage architectures with replication rules, intelligent tiering, lifecycle policies, and cross-region replication for cost-optimized data management at scale.
  • Analyze data access patterns, consistency requirements, and cost constraints to recommend an optimal multi-database architecture with caching, replication, and partitioning strategies.

Content delivery and edge architecture

  • Design CloudFront distributions with origin groups, cache behaviors, origin access controls, and Lambda@Edge functions for dynamic content personalization at the edge.
  • Design Global Accelerator architectures with endpoint groups, health checks, and traffic dials to improve availability and performance for latency-sensitive global applications.
  • Analyze edge delivery requirements and recommend a content acceleration strategy selecting between CloudFront, Global Accelerator, and S3 Transfer Acceleration based on protocol, caching, and routing needs.

Resilience and disaster recovery design

  • Design multi-AZ and multi-Region fault isolation architectures using Route 53 health checks, failover routing, and cell-based deployment patterns for critical workloads.
  • Design disaster recovery architectures across backup-and-restore, pilot light, warm standby, and multi-site active-active patterns with defined RTO and RPO targets.
  • Design fault-tolerant distributed system patterns including retries with exponential backoff, circuit breakers, idempotency controls, and graceful degradation for service interactions.
  • Recommend a resilience strategy that balances recovery objectives, operational complexity, and cost across a portfolio of workloads with differing criticality tiers.

Deployment and release architecture

  • Design infrastructure-as-code architectures using CloudFormation StackSets, nested stacks, and Service Catalog portfolios for consistent multi-account provisioning.
  • Design deployment strategies using blue-green, canary, and rolling approaches with CodeDeploy, CodePipeline, and cross-account promotion pipelines aligned to release risk tolerance.
  • Analyze deployment strategy tradeoffs and recommend release governance controls that enable progressive delivery and safe rollback across multi-account environments.

Cost optimization architecture

  • Design cost-optimized compute architectures using Savings Plans, Reserved Instances, Spot Fleet, and Compute Optimizer recommendations for variable and predictable workload patterns.
  • Design cost allocation and visibility architectures using tagging strategies, Cost Explorer, budgets, and anomaly detection for organizational financial governance.
  • Design storage cost optimization architectures using S3 Intelligent-Tiering, lifecycle transitions, Glacier retrieval tiers, and EBS volume right-sizing for data-intensive workloads.
  • Recommend a holistic cost optimization strategy integrating commitment planning, rightsizing, architecture refactoring, and unit economics visibility across the workload portfolio.
3 Domain 3: Continuous Improvement for Existing Solutions
6 topics

Operational excellence and observability improvement

  • Design centralized observability architectures using CloudWatch cross-account dashboards, Logs Insights, Container Insights, and X-Ray service maps for enterprise workload visibility.
  • Design operational runbook automation using Systems Manager documents, maintenance windows, and Incident Manager response plans to reduce mean time to recovery.
  • Analyze operational telemetry data and identify high-impact improvement opportunities by correlating failure patterns, deployment events, and configuration drift across workloads.
  • Recommend an operational excellence improvement strategy using service-level objectives, error budgets, and incident learning governance to drive continuous reliability gains.

Reliability improvement for existing solutions

  • Assess reliability posture of existing architectures by mapping single points of failure, evaluating recovery paths, and measuring current RTO and RPO against business requirements.
  • Design reliability improvements by introducing multi-AZ deployments, automated failover, health-check-driven recovery, and chaos engineering validation for degraded workloads.
  • Recommend a prioritized reliability improvement roadmap that sequences remediation by business impact, engineering effort, and residual risk reduction across the workload portfolio.

Performance improvement for existing solutions

  • Assess performance bottlenecks using CloudWatch metrics, X-Ray traces, and load testing data to identify constrained compute, database, and network paths in existing workloads.
  • Design performance improvements using caching layers, read replicas, connection pooling, partitioning strategies, and edge acceleration for identified bottleneck paths.
  • Design auto-scaling improvements using target tracking policies, predictive scaling, step scaling, and scheduled actions to match capacity to demand patterns with minimal over-provisioning.
  • Recommend a performance improvement strategy that balances latency gains, engineering effort, operational complexity, and cost impact for workloads with competing optimization pressures.

Security posture improvement

  • Assess security posture gaps using Security Hub findings, IAM Access Analyzer, and Config compliance dashboards to prioritize control enhancements across identity, data, and network planes.
  • Design security remediation actions including IAM policy tightening, encryption enablement, VPC endpoint adoption, and WAF rule tuning for existing workloads with identified vulnerabilities.
  • Recommend a security improvement strategy that aligns threat models, compliance obligations, and development workflows with minimal disruption to existing operational processes.

Cost optimization for existing solutions

  • Assess spending inefficiencies using Cost Explorer, Trusted Advisor, and Compute Optimizer to identify idle resources, over-provisioned instances, and suboptimal commitment coverage.
  • Design cost remediation actions including instance rightsizing, storage tier migration, commitment purchases, and architecture refactoring for workloads with identified waste.
  • Recommend a cost improvement strategy integrating engineering ownership, FinOps governance, and measurable financial outcomes with organizational accountability mechanisms.

Deployment pipeline and release improvement

  • Assess deployment pipeline maturity by evaluating lead time, deployment frequency, change failure rate, and mean time to recovery against target DevOps metrics.
  • Design deployment improvements using automated testing gates, policy-as-code checks, progressive canary releases, and rollback automation to reduce change failure rate.
  • Recommend a CI/CD maturity improvement strategy with phased automation adoption, cross-account promotion controls, and organizational change management for deployment modernization.
4 Domain 4: Accelerate Workload Migration and Modernization
5 topics

Migration assessment and planning

  • Analyze workload portfolio characteristics using Migration Evaluator and Application Discovery Service to determine migration patterns across the 7 Rs (rehost, replatform, repurchase, refactor, retire, retain, relocate).
  • Design a migration wave strategy using dependency mapping, business criticality scoring, and technical readiness constraints to sequence workload groups for staged migration.
  • Design a migration landing zone with networking, security baselines, and shared-services accounts to provide a target environment ready for migrated workloads.

Server and application migration

  • Design rehost migration architectures using AWS Application Migration Service (MGN) with continuous replication, test instances, and cutover orchestration for lift-and-shift server migrations.
  • Design replatform migration architectures that move workloads to managed services like RDS, ElastiCache, or ECS without full application refactoring to reduce operational burden.
  • Design large-scale offline data transfer architectures using Snow Family devices (Snowball Edge, Snowmobile) with encryption, chain of custody, and logistics planning for bandwidth-constrained migrations.
  • Analyze server migration options and recommend the optimal migration pattern for each workload based on technical complexity, dependency coupling, business risk tolerance, and time constraints.

Data migration and replication

  • Design database migration architectures using DMS with continuous replication, schema conversion (SCT), and validation for homogeneous and heterogeneous database migrations.
  • Design file and object data migration architectures using DataSync agents, transfer tasks, and scheduling for NFS, SMB, HDFS, and S3-to-S3 data movement with integrity validation.
  • Design cutover and reconciliation controls with data validation checksums, dual-write patterns, and rollback procedures for zero-data-loss migration of critical datasets.
  • Recommend a data migration strategy that addresses consistency requirements, downtime constraints, and validation procedures across heterogeneous data stores in a migration wave.

Application modernization

  • Design monolith-to-microservices decomposition strategies using strangler fig patterns, API facades, and event-driven decoupling to modernize legacy applications incrementally.
  • Design containerization strategies for legacy workloads using App2Container, ECS task definitions, and EKS pod specifications with appropriate service discovery and load balancing patterns.
  • Analyze modernization opportunities for migrated workloads and evaluate target-state architecture options across containers, serverless, and managed services for each application tier.
  • Recommend a modernization roadmap that sequences refactoring phases by business value, technical debt reduction, and operational risk to achieve target-state architecture outcomes over time.

Migration operations and governance

  • Design a migration operating model with standardized runbooks, governance gates, and measurable delivery quality metrics for migration factory execution at scale.
  • Design post-migration validation and optimization processes including functional testing, performance benchmarking, security scanning, and cost baseline comparison against pre-migration state.
  • Recommend a post-migration optimization strategy that improves reliability, security, performance, and cost outcomes using Well-Architected reviews and continuous improvement processes.

Hands-On Labs

25 labs ~850 min total Console Simulator

Practice in a simulated cloud console or Python code sandbox — no account needed. Each lab runs entirely in your browser.

Certification Benefits

Salary Impact

$175,000
Average Salary

Related Job Roles

Senior Solutions Architect Principal Cloud Architect Enterprise Architect Cloud Infrastructure Lead Technical Director

Industry Recognition

The AWS Solutions Architect Professional is consistently ranked among the highest-paying IT certifications globally. It validates elite-level cloud architecture expertise and is a career differentiator for senior technical roles, with certified professionals earning a significant premium over associate-level peers.

Scope

Included Topics

  • All domains and task statements in the AWS Certified Solutions Architect - Professional (SAP-C02) exam guide: Domain 1 Design Solutions for Organizational Complexity (26%), Domain 2 Design for New Solutions (29%), Domain 3 Continuous Improvement for Existing Solutions (25%), and Domain 4 Accelerate Workload Migration and Modernization (20%).
  • Advanced architecture decisions for multi-account governance, enterprise control design, new solution architecture, continuous optimization, and large-scale migration and modernization programs.
  • Scenario-driven architectural tradeoff analysis that integrates AWS Well-Architected priorities across security, reliability, performance, and cost outcomes.
  • Key AWS services for professional-level architecture: Organizations, Control Tower, Landing Zone, IAM Identity Center, Transit Gateway, Direct Connect, Global Accelerator, CloudFront with Lambda@Edge, Aurora Global Database, DynamoDB Global Tables, S3 Cross-Region Replication, Route 53, EKS, ECS, Lambda, Step Functions, EventBridge, SQS, SNS, Kinesis, DMS, MGN, DataSync, Snow Family, Savings Plans, Reserved Instances, Spot Fleet, Compute Optimizer, Cost Explorer, CloudFormation StackSets, Service Catalog, AWS Config, GuardDuty, Security Hub, CloudTrail, Systems Manager, and CloudWatch.

Not Covered

  • Low-level implementation coding detail, command syntax, and hands-on scripting depth that is not required for architecture decision-making in SAP-C02.
  • Specialty certification depth that is outside SAP-C02 objectives, including deeply specialized machine learning model engineering and niche domain implementations.
  • Current region-specific price points, temporary promotions, and other rapidly changing commercial details not stable for enduring architecture specifications.
  • Vendor-neutral strategy content that does not map to AWS architecture choices and SAP-C02 task statements.

Official Exam Page

Learn more at Amazon Web Services

Visit

Ready to master SAP-C02?

Adaptive learning that maps your knowledge and closes your gaps.

Subscribe to Access

Trademark Notice

AWS, Amazon Web Services, and all related names, logos, product and service names, designs and slogans are trademarks of Amazon.com, Inc. or its affiliates. Amazon does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.