The AWS Certified Solutions Architect - Associate (SAA-C03) is AWS's core associate-level architecture certification. It validates whether you can design solutions that are secure, resilient, high-performing, and cost-optimized by using the AWS Well-Architected Framework, not whether you can memorize a long list of services in isolation.
This is a scenario-heavy exam. AWS expects you to read a business requirement, identify the real constraint, and choose the best architecture tradeoff across networking, storage, compute, databases, security, and operations. The strongest preparation is therefore architecture reasoning backed by first-party documentation, not flashcard-only study.
Exam At a Glance
| Attribute | Value |
|---|---|
| Certification | AWS Certified Solutions Architect - Associate |
| Exam code | SAA-C03 |
| Level | Associate |
| Duration | 130 minutes |
| Question count | 65 total questions |
| Question types | Multiple choice and multiple response |
| Scored questions | 50 |
| Unscored questions | 15 |
| Cost | $150 USD |
| Recommended background | At least 1 year of hands-on experience designing cloud solutions with AWS services |
| Target candidate | Someone performing a solutions architect role and reviewing or improving production-oriented AWS designs |
- Official certification page: AWS Certified Solutions Architect - Associate
- Official exam guide: AWS Certified Solutions Architect - Associate exam guide
- Official exam prep plan: AWS Skill Builder 4-step exam prep plan
- Official technologies reference: SAA-C03 technologies and concepts
- Official in-scope services reference: SAA-C03 in-scope AWS services
Official Exam Domains
- Design Secure Architectures (30%)
- Design Resilient Architectures (26%)
- Design High-Performing Architectures (24%)
- Design Cost-Optimized Architectures (20%)
The weighting tells you how to study. Security is the single largest domain, but resilience and performance are close behind. In practice, many questions span multiple domains at once, so aim to understand how AWS wants you to balance security, availability, performance, and cost in the same design.
1. Design Secure Architectures
This domain focuses on identity, network isolation, workload security, and data protection. AWS is testing whether you can design secure access patterns across accounts and services, not just name security products.
- Identity, federation, and multi-account access - Study IAM roles, policies, temporary credentials, federated access, and multi-account governance. The official domain tasks explicitly call out IAM, IAM Identity Center, AWS STS, and service control strategies. Official docs: SAA-C03 Domain 1 objectives, What is IAM?, IAM security best practices.
- VPC isolation and secure connectivity - Know how subnet placement, route tables, security groups, network ACLs, VPN, and private connectivity choices affect workload exposure. Official docs: Domain 1 task statements, What is Amazon VPC?.
- Data protection and key management - The exam expects you to understand encryption at rest, encryption in transit, key access policies, lifecycle controls, and recovery strategy. Official docs: Task 1.3, AWS KMS overview, AWS Shared Responsibility Model.
- Secure application entry points - Be comfortable reasoning about service endpoints, controlled public exposure, API front doors, and how managed services reduce security burden. Official docs: What is Amazon API Gateway?, What is serverless development?.
- Security by design through AWS architecture principles - The exam is aligned to the AWS Well-Architected Framework, so expect answers that prefer least privilege, automation, traceability, and managed controls over ad hoc administration. Official docs: AWS Well-Architected Framework.
Exam tip: Secure architecture answers are rarely about one service. The correct option usually combines identity, network boundaries, and data protection into one coherent design.
2. Design Resilient Architectures
This domain is about scaling, loose coupling, fault tolerance, and recovery. AWS wants to see that you can remove single points of failure and choose managed patterns that remain stable under change or partial outage.
- Loose coupling and event-driven architecture - Study messaging, fanout, workflow orchestration, and decoupled integrations. SAA questions often reward SQS, SNS, EventBridge, and Step Functions when teams need buffering, asynchronous communication, or orchestration. Official docs: SAA-C03 Domain 2 objectives, What is Amazon SQS?, What is Amazon SNS?, What is Amazon EventBridge?, What is AWS Step Functions?.
- High availability across Availability Zones and Regions - Learn how AWS frames resilience through multi-AZ deployment, replication, failover strategies, and recovery objectives. Official docs: Task 2.2, Amazon RDS User Guide, Amazon S3 User Guide.
- Managed compute and serverless resilience - Be able to decide when serverless or managed integrations provide better resilience than self-managed servers. Official docs: AWS Lambda developer guide, Serverless developer guide.
- Database proxies, retries, and workload durability - Domain 2 explicitly includes read replicas, proxy patterns, backups, and durability choices. Official docs: Domain 2 task statements, What is Amazon DynamoDB?, Amazon RDS overview.
- Observability for resilient operations - AWS also expects you to understand how to identify failure, react to thresholds, and build visibility into workloads. Official docs: What is Amazon CloudWatch?.
Exam tip: When the scenario emphasizes resilience, default to designs that isolate failure domains, queue work, and automate recovery before you consider more manually operated solutions.
3. Design High-Performing Architectures
This domain tests your ability to match performance characteristics to the right AWS building blocks. You need to think in terms of throughput, latency, scaling behavior, access patterns, and operational limits.
- Storage performance choices - You should be able to distinguish object, block, and file storage and know when to prefer S3, EBS, or EFS based on throughput, elasticity, and access needs. Official docs: SAA-C03 Domain 3 objectives, Amazon S3 User Guide, What is Amazon EBS?, What is Amazon EFS?.
- Elastic compute and scaling strategy - Domain 3 covers compute selection, resource sizing, scaling conditions, serverless options, and decoupled scaling. Official docs: Amazon EC2 concepts, AWS Lambda, Serverless development overview.
- Database engine and data access tradeoffs - Expect heavy comparison questions around relational versus non-relational, replication, caching, and capacity planning. Official docs: Task 3.3, Amazon RDS, Amazon DynamoDB, Amazon Redshift overview.
- Network and API path efficiency - You should understand how network topology, placement, load balancing, and service front doors influence latency and scale. Official docs: Amazon VPC overview, Amazon API Gateway.
- Data ingestion and analytics architecture - The official domain outline explicitly includes ingestion, transformation, streaming, and data lake patterns. Official docs: Task 3.5, What is AWS Glue?, Amazon Kinesis Data Streams, What is Amazon Athena?, What is AWS Lake Formation?.
Exam tip: High-performing architecture questions often hinge on one phrase like bursty traffic, low latency, read-heavy, or streaming ingestion. Train yourself to map those phrases to service behavior.
4. Design Cost-Optimized Architectures
This domain is smaller than the first three, but it decides many close-call questions. AWS is testing whether you can meet requirements without overbuilding the solution.
- Storage tiering and lifecycle strategy - Know how lifecycle policies, tiering, backup choices, and transfer methods affect total storage cost. Official docs: SAA-C03 Domain 4 objectives, Amazon S3 User Guide.
- Compute purchasing and right-sizing - Study how AWS frames cost optimization through instance family selection, auto scaling, and serverless or managed alternatives when they reduce idle spend. Official docs: Amazon EC2 concepts, Serverless development guide, AWS Pricing Calculator.
- Cost-aware database selection - You should be able to reason about when a managed relational engine, DynamoDB, or analytics service is the most cost-effective fit for the access pattern. Official docs: Amazon RDS, Amazon DynamoDB, Amazon Redshift.
- Monitoring, budgeting, and spend visibility - Cost-optimized architecture is not only service choice. It also includes visibility, alarms, and governance over actual usage. Official docs: AWS Cost Explorer, AWS Budgets.
- Network transfer awareness - Domain 4 explicitly includes connectivity and routing decisions that reduce transfer cost while preserving required reachability and availability. Official docs: Task 4.4, Amazon VPC.
Exam tip: The cheapest answer is not always correct. The right answer is the lowest-cost option that still satisfies the stated performance, resilience, and security requirements.
Recommended 5-Week Study Plan
| Week | Focus | Primary resources |
|---|---|---|
| 1 | Exam guide, Well-Architected mindset, IAM, VPC, encryption fundamentals | Exam guide, Domain 1 page, IAM intro, IAM best practices, VPC overview, KMS overview, shared responsibility model |
| 2 | Resilience patterns, messaging, orchestration, backups, monitoring | Domain 2 page, SQS, SNS, EventBridge, Step Functions, Lambda, RDS, S3, CloudWatch |
| 3 | Performance-focused compute, storage, database, and API choices | Domain 3 page, EC2, S3, EBS, EFS, RDS, DynamoDB, API Gateway |
| 4 | Analytics and data movement patterns plus cost optimization | Glue, Kinesis, Athena, Lake Formation, Domain 4 page, Pricing Calculator, Cost Explorer, Budgets |
| 5 | Mixed scenario practice and weak-area repair | Official domain pages, in-scope services list, practice questions, architecture review of missed topics |
Last-Mile Exam Strategy
- Read every scenario twice: first for the business requirement, then for the hidden constraint such as multi-AZ, least operational overhead, cost-sensitive, or private connectivity.
- Memorize the core service comparisons that appear repeatedly: S3 vs EBS vs EFS, RDS vs DynamoDB, SQS vs SNS vs EventBridge, and EC2 vs Lambda vs managed/serverless alternatives.
- Prefer managed services when the question emphasizes reliability, elasticity, or reduced operational burden. AWS intentionally rewards that bias in many architecture questions.
- Use the official domain pages as the study boundary. SAA-C03 is broad, but the exam guide already tells you which task statements and service families deserve your time.
- Practice explaining each answer choice in one sentence. If you cannot say why a service fits better than the distractor, you probably do not understand the architecture tradeoff deeply enough yet.
If you want the practice layer after the official docs, work through our AWS Solutions Architect Associate practice questions. If you need to strengthen your base before going deeper into architecture scenarios, review our AWS Cloud Practitioner study guide first.
The fastest path to passing SAA-C03 is to think like AWS thinks: choose architectures that meet the requirement with the right balance of security, resilience, performance, and cost, while minimizing unnecessary operational work. The official documentation above is enough to build that judgment if you study it systematically.