AWS Certified Solutions Architect – Associate SAA-C03 Exam Learning Path

AWS Solutions Architect - Associate Certificate

AWS Certified Solutions Architect – Associate SAA-C03 Exam Learning Path

  • I just cleared the AWS Solutions Architect – Associate SAA-C03 exam with a score of 914/1000.
  • AWS Solutions Architect – Associate SAA-C03 exam is the latest AWS exam released on 30th August 2022 and has replaced the previous AWS Solutions Architect – SAA-C02 certification exam.
  • The SAA-C03 exam continues to be the current version as of June 2026, with enhanced focus on modern AWS services, sustainability considerations, and advanced networking capabilities. Note: AWS announced the SAA-C04 revision rolling out in Q2-Q3 2026 with increased emphasis on resilient architecture design and cost optimization. Both SAA-C03 and SAA-C04 versions remain available until September 30, 2026 (grace period).

AWS Solutions Architect – Associate SAA-C03 Exam Content

  • It basically validates the ability to effectively demonstrate knowledge of how to design, architect, and deploy secure, cost-effective, and robust applications on AWS technologies
  • The exam also validates a candidate’s ability to complete the following tasks:
    • Design solutions that incorporate AWS services to meet current business requirements and future projected needs
    • Design architectures that are secure, resilient, high-performing, and cost-optimized
    • Review existing solutions and determine improvements

Refer AWS Solutions Architect – Associate SAA-C03 Exam Guide

AWS Solutions Architect – Associate SAA-C03 Exam Summary

  • SAA-C03 exam consists of 65 questions in 130 minutes, and the time is more than sufficient if you are well-prepared.
  • SAA-C03 exam includes two types of questions, multiple-choice and multiple-response.
  • SAA-C03 has a scaled score between 100 and 1,000. The scaled score needed to pass the exam is 720.
  • Associate exams currently cost $ 150 + tax.
  • The exam includes 50 scored questions and 15 unscored questions (total 65 questions). The unscored questions are used by AWS to evaluate future exam content.
  • You can get an additional 30 minutes if English is your second language by requesting Exam Accommodations. It might not be needed for Associate exams but is helpful for Professional and Specialty ones.
  • AWS exams can be taken either remotely or online, I prefer to take them online as it provides a lot of flexibility. Just make sure you have a proper place to take the exam with no disturbance and nothing around you.
  • Also, if you are taking the AWS Online exam for the first time try to join at least 30 minutes before the actual time as I have had issues with both PSI and Pearson with long wait times.

🆕 SAA-C04 Exam Update (Announced April 2026)

AWS announced the SAA-C04 revision rolling out Q2-Q3 2026 with the following changes:

  • Increased emphasis on resilient architecture design (now 30% of exam content)
  • Enhanced cost optimization strategies coverage
  • AI/GenAI awareness – Generative AI competency embedded at Professional level; Associate remains focused on core architectural skills
  • Grace period: Both SAA-C03 and SAA-C04 versions active until September 30, 2026

Exam delivery updates (April 2026):

  • AI-assisted identity verification for remote proctoring
  • Score reporting reduced to under 24 hours (from 1-5 business days)
  • ESL exam duration extensions now automatically applied (no separate accommodation request needed in the US)

AWS Solutions Architect – Associate SAA-C03 Exam Resources

AWS Solutions Architect – Associate SAA-C03 Exam Topics

  • SAA-C03 Exam covers the design and architecture aspects in deep, so you must be able to visualize the architecture, even draw them out or prepare a mental picture just to understand how it would work and how different services relate.
  • SAA-C03 exam concepts cover solutions that fall within AWS Well-Architected framework to cover scalable, highly available, cost-effective, performant, and resilient pillars.
  • If you had been preparing for the SAA-C02, SAA-C03 is pretty much similar to SAA-C02 except for the addition of some new services Aurora Serverless, AWS Global Accelerator, FSx for Windows, and FSx for Lustre.
  • New services and features added to exam scope include VPC Lattice, VPC IP Address Manager (IPAM), AWS Network Firewall, Amazon Verified Permissions, and enhanced focus on sustainability and cost optimization.

⚠️ IMPORTANT: AWS SERVICES DEPRECATED / MAINTENANCE MODE

Several AWS services have been deprecated or moved to maintenance mode (updated June 2026):

  • AWS App Mesh – End of support September 30, 2026. Migrate to Amazon VPC Lattice or ECS Service Connect
  • AWS App Runner – Moved to maintenance mode (April 30, 2026). No longer accepting new customers. Consider ECS Fargate, Lambda, or EKS
  • Amazon RDS Custom for Oracle – Entering sunset; end of support March 31, 2027. Migrate to Amazon RDS for Oracle or self-managed EC2
  • Amazon Cloud9 – No longer accepting new customers (July 2024). Use local IDEs with AWS Toolkit or AWS CloudShell
  • AWS CloudTrail Lake – Moved to maintenance mode (May 31, 2026). Use CloudWatch Logs Insights or S3 + Athena

Note: AWS CodeCommit was temporarily de-emphasized in July 2024 but returned to full General Availability in November 2025.

This post has been updated to reflect these changes and include migration guidance.

Networking

  • Virtual Private Network – VPC
    • Create a VPC from scratch with public, private, and dedicated subnets with proper route tables, security groups, and NACLs.
    • Understand what a CIDR is and address patterns.
    • Subnets are public or private depending on whether they can route traffic directly through an Internet gateway
    • Understand how communication happens between the Internet, Public subnets, Private subnets, NAT, Bastion, etc.
    • Bastion (also referred to as a Jump server) can be used to securely access instances in the private subnets.
    • Create two-tier architecture with application in public and database in private subnets
    • Create three-tier architecture with web servers in public, application, and database servers in private. (hint: focus on security group configuration with least privilege)
  • NEW 2025: VPC IP Address Manager (IPAM)
    • Centrally manage and monitor IP addresses across AWS accounts and regions
    • Automate IP address assignments and prevent IP address conflicts
    • Provides visibility into IP address utilization and helps with compliance
    • Essential for large-scale, multi-account AWS deployments
  • Amazon VPC Lattice
    • Application networking service that connects, secures, and monitors service-to-service communications
    • Simplifies microservices connectivity across VPCs, accounts, and compute types
    • Provides Layer 7 load balancing, service discovery, and traffic management
    • Replaces complex service mesh configurations with managed service
    • Ideal migration path from deprecated AWS App Mesh
  • AWS Network Firewall
    • Managed, stateful firewall service for VPC protection
    • Provides deep packet inspection (DPI) and intrusion prevention
    • Supports custom rules and AWS managed threat intelligence
    • Integrates with AWS Firewall Manager for centralized management
    • Essential for compliance and advanced threat protection
  • Security Groups and NACLs
    • Security Groups are Stateful vs NACLs are stateless.
    • Also, only NACLs provide the ability to deny or block IPs
  • NAT Gateway or Instances
    • help enables instances in a private subnet to connect to the Internet.
    • Understand the difference between NAT Gateway & NAT Instance.
    • NAT Gateway is AWS-managed and is scalable and highly available.
  • VPC endpoints
    • enable the creation of a private connection between VPC to supported AWS services and VPC endpoint services powered by PrivateLink using its private IP address without needing an Internet or NAT Gateway.
    • VPC Gateway Endpoints supports S3 and DynamoDB.
    • VPC Interface Endpoints OR Private Links supports others
  • VPN and Direct Connect for on-premises to AWS connectivity
    • VPN provides a quick, cost-effective, secure channel, however, routes through the internet and does not provide consistent throughput
    • Direct Connect provides consistent, dedicated throughput without Internet, however, requires time to set up and is not cost-effective.
  • Understand Data Migration techniques at a high level
    • VPN and Direct Connect for continuous, frequent data transfers.
    • Snow Family is ideal for one-time, cost-effective huge data transfer.
    • Choose a technique depending on the available bandwidth, data transfer needed, time available, encryption, one-time or continuous.
  • CloudFront
    • fully managed, fast CDN service that speeds up the distribution of static, dynamic web, or streaming content to end-users
    • S3 frontend by CloudFront provides low latency, performant experience for global users.
    • provides static and dynamic caching for both AWS and on-premises origin.
  • Global Accelerator
    • optimizes the path to applications to keep packet loss, jitter, and latency consistently low.
    • helps improve the performance by lowering first-byte latency
    • provides 2 static IP address
  • Know CloudFront vs Global Accelerator
  • Route 53
    • highly available and scalable DNS web service.
    • Health checks and failover routing helps provide resilient and active-passive solutions
    • Route 53 Routing Policies and their use cases (hint: focus on weighted, latency, geolocation, failover routing)
  • Elastic Load Balancer
    • Focus on ALB and NLB
    • Differences between ALB vs NLB
      • ALB is layer 7 vs NLB is layer 4
      • ALB provides content-based, host-based, path-based routing
      • ALB provides dynamic port mapping which allows the same tasks to be hosted on the ECS node
      • NLB provides low latency, the ability to scale rapidly, and a static IP address
      • ALB works with WAF while NLB does not.
    • Gateway Load Balancer – GWLB
      • helps deploy, scale, and manage virtual appliances like firewalls, IDS/IPS, and deep packet inspection systems.

Security

  • Identity Access Management – IAM
    • IAM role
      • provides permissions that are not associated with a particular user, group, or service and are intended to be assumable by anyone who needs it.
      • can be used for EC2 application access and Cross-account access
    • IAM identity providers and federation and use cases – Although did not see much in SAA-C03
  • NEW 2025: Amazon Verified Permissions
    • Centrally manage fine-grained permissions and authorization for applications
    • Uses Cedar policy language for defining access control policies
    • Provides scalable, consistent authorization across microservices
    • Integrates with existing identity providers and AWS services
    • Essential for zero-trust architecture implementations
  • Key Management Services – KMS encryption service
  • AWS WAF
    • integrates with CloudFront, and ALB to provide protection against Cross-site scripting (XSS), and SQL injection attacks.
    • provides IP blocking and geo-protection, rate limiting, etc.
  • AWS Shield
    • managed DDoS protection service
    • integrates with CloudFront, ALB, and Route 53
    • Advanced provides additional detection and mitigation against large and sophisticated DDoS attacks, near real-time visibility into attacks
  • AWS GuardDuty
    • managed threat detection service and provides Malware protection
    • Enhanced with machine learning-based threat detection and integration with Security Hub
  • AWS Inspector
    • is a vulnerability management service that continuously scans the AWS workloads for vulnerabilities
    • Now includes container image scanning and enhanced software vulnerability detection
  • AWS Secrets Manager
    • helps protect secrets needed to access applications, services, and IT resources.
    • supports rotations of secrets, which Systems Manager Parameter Stores does not support.
  • Disaster Recovery whitepaper
    • Be sure you know the different recovery types with impact on RTO/RPO.
    • Enhanced focus on cross-region disaster recovery and automated failover strategies

Storage

  • Understand various storage options S3, EBS, Instance store, EFS, Glacier, FSx, and what are the use cases and anti-patterns for each
  • Instance Store
    • is physically attached to the EC2 instance and provides the lowest latency and highest IOPS
  • Elastic Block Storage – EBS
    • EBS volume types and their use cases in terms of IOPS and throughput. SSD for IOPS and HDD for throughput
    • EBS Snapshots
      • Backups are automated, snapshots are manual
      • Can be used to encrypt an unencrypted EBS volume
    • Multi-Attach EBS feature allows attaching an EBS volume to multiple instances within the same AZ only.
    • EBS fast snapshot restore feature helps ensure that the EBS volumes created from a snapshot are fully-initialized at creation and instantly deliver all of their provisioned performance.
  • Simple Storage Service – S3
    • S3 storage classes with lifecycle policies
      • Understand the difference between SA Standard vs SA IA vs SA IA One Zone in terms of cost and durability
      • New S3 Express One Zone storage class for high-performance workloads
    • S3 Data Protection
      • S3 Client-side encryption encrypts data before storing it in S3
    • S3 features including
      • S3 provides cost-effective static website hosting. However, it does not support HTTPS endpoint. Can be integrated with CloudFront for HTTPS, caching, performance, and low-latency access.
      • S3 versioning provides protection against accidental overwrites and deletions. Used with MFA Delete feature.
      • S3 Pre-Signed URLs for both upload and download provide access without needing AWS credentials.
      • S3 CORS allows cross-domain calls
      • S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.
      • S3 Event Notifications to trigger events on various S3 events like objects added or deleted. Supports SQS, SNS, and Lambda functions.
      • Integrates with Amazon Macie to detect PII data
      • Replication that supports the same and cross-region replication required versioning to be enabled.
      • Integrates with Athena to analyze data in S3 using standard SQL.
  • ⚠️ NOTE: Amazon S3 Glacier (standalone vault-based API) has been superseded by S3 Glacier storage classes. Use S3 Glacier Instant Retrieval, S3 Glacier Flexible Retrieval, or S3 Glacier Deep Archive with S3 lifecycle policies for archival storage.
  • Storage gateway and its different types.
    • Cached Volume Gateway provides access to frequently accessed data while using AWS as the actual storage
    • Stored Volume gateway uses AWS as a backup, while the data is being stored on-premises as well
    • File Gateway supports SMB protocol
  • FSx is easy and cost-effective to launch and run popular file systems.
    • FSx provides two file systems to choose from:
    • Amazon FSx for Windows File Server
      • works with both Linux and Windows
      • provides Windows File System features including integration with Active Directory.
    • Amazon FSx for Lustre
      • for high-performance workloads
      • works with only Linux
    • FSx for NetApp ONTAP and FSx for OpenZFS now available for additional file system options
  • Elastic File System – EFS
    • simple, fully managed, scalable, serverless, and cost-optimized file storage for use with AWS Cloud and on-premises resources.
    • provides shared volume across multiple EC2 instances, while EBS can be attached to a single instance within the same AZ or EBS Multi-Attach can be attached to multiple instances within the same AZ
    • supports the NFS protocol, and is compatible with Linux-based AMIs
    • supports cross-region replication, storage classes for cost.
  • AWS Transfer Family
    • secure transfer service that helps transfer files into and out of AWS storage services using FTP, SFTP and FTPS protocol.
  • Difference between EBS vs S3 vs EFS
  • Difference between EBS vs Instance Store
  • Would recommend referring Storage Options whitepaper, although a bit dated 90% still holds right

Compute

  • Elastic Cloud Compute – EC2
  • Auto Scaling and ELB
    • Auto Scaling provides the ability to ensure a correct number of EC2 instances are always running to handle the load of the application
    • Elastic Load Balancer allows the incoming traffic to be distributed automatically across multiple healthy EC2 instances
  • Autoscaling & ELB
    • work together to provide High Availability and Scalability.
    • Span both ELB and Auto Scaling across Multi-AZs to provide High Availability
    • Do not span across regions. Use Route 53 or Global Accelerator to route traffic across regions.
  • EC2 Instance Purchase Types – Reserved, Scheduled Reserved, On-demand, and Spot and their use cases
    • Reserved instances provide cost benefits for long terms requirements over On-demand instances for continuous persistent load
    • Scheduled Reserved Instances for load with fixed scheduled and time interval
    • Spot instances provide cost benefits for temporary, fault-tolerant, spiky load
    • Savings Plans now preferred over Reserved Instances for flexibility across instance families
  • EC2 Placement Groups
    • Cluster placement groups provide low latency and high throughput communication
    • Spread placement group provides high availability
    • Partition placement groups for distributed workloads like Hadoop and Cassandra
  • Lambda and serverless architecture, its features, and use cases.
    • Lambda integrated with API Gateway to provide a serverless, highly scalable, cost-effective architecture
    • Enhanced with container image support and improved cold start performance
  • Elastic Container Service – ECS with its ability to deploy containers and microservices architecture.
    • ECS role for tasks can be provided through taskRoleArn
    • ALB provides dynamic port mapping to allow multiple same tasks on the same node.
    • ECS Anywhere allows running containers on-premises
  • Elastic Kubernetes Service – EKS
    • managed Kubernetes service to run Kubernetes in the AWS cloud and on-premises data centers
    • ideal for migration of an existing workload on Kubernetes
    • EKS Anywhere and EKS Distro for hybrid deployments
  • Elastic Beanstalk at a high level, what it provides, and its ability to get an application running quickly.

Databases

  • Understand relational and NoSQL data storage options which include RDS, DynamoDB, and Aurora with their use cases
  • Relational Database Service – RDS
    • Read Replicas vs Multi-AZ
      • Read Replicas for scalability, Multi-AZ for High Availability
      • Multi-AZ are regional only
      • Read Replicas can span across regions and can be used for disaster recovery
    • Understand Automated Backups, underlying volume types (which are the same as EBS volume types)
    • RDS Custom for Oracle⚠️ Entering sunset (end of support March 31, 2027). RDS Custom for SQL Server remains available. For Oracle with OS-level access, consider self-managed EC2 or standard RDS for Oracle.
  • Aurora
    • provides multiple read replicas and replicates 6 copies of data across AZs
    • Aurora Serverless
      • provides a highly scalable cost-effective database solution
      • automatically starts up, shuts down, and scales capacity up or down based on the application’s needs.
      • supports only MySQL and PostgreSQL
      • Aurora Serverless v2 with instant scaling and better cost optimization
    • Aurora Global Database for cross-region disaster recovery
  • DynamoDB
    • provides low latency performance, a key-value store
    • is not a relational database
    • DynamoDB DAX provides caching for DynamoDB
    • DynamoDB TTL helps expire data in DynamoDB without any cost or consuming any write throughput.
    • DynamoDB Standard-IA storage class for cost optimization
  • ElastiCache use cases, mainly for caching performance

Integration Tools

  • Simple Queue Service
    • as message queuing service and SNS as pub/sub notification service
    • as a decoupling service and provide resiliency
    • SQS features like visibility, and long poll vs short poll
    • provide scaling for the Auto Scaling group based on the SQS size.
    • SQS Standard vs SQS FIFO difference
      • FIFO provides exactly-once delivery but with low throughput
  • Simple Notification Service – SNS
    • is a web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients
    • Fanout pattern can be used to push messages to multiple subscribers
  • Amazon EventBridge for event-driven architectures and cross-service integration

Analytics

  • Redshift as a business intelligence tool
    • Redshift Serverless for automatic scaling and cost optimization
  • Kinesis
    • for real-time data capture and analytics.
    • Integrates with Lambda functions to perform transformations
  • AWS Glue
    • fully-managed, ETL service that automates the time-consuming steps of data preparation for analytics
    • AWS Glue for Ray for distributed data processing
  • Amazon OpenSearch Service (successor to Elasticsearch Service) for search and analytics

Management Tools

  • CloudWatch
    • monitoring to provide operational transparency
    • is extendable with custom metrics
    • CloudWatch -> (Subscription filter) -> Kinesis Data Firehose -> S3
    • CloudWatch Application Insights for automated application monitoring
  • CloudTrail
    • helps enable governance, compliance, and operational and risk auditing of the AWS account.
    • helps to get a history of AWS API calls and related events for the AWS account.
  • CloudFormation
    • easy way to create and manage a collection of related AWS resources, and provision and update them in an orderly and predictable fashion.
  • AWS Config
    • fully managed service that provides AWS resource inventory, configuration history, and configuration change notifications to enable security, compliance, and governance.
  • AWS Systems Manager enhanced with better patch management and automation capabilities

NEW 2025: Sustainability and Cost Optimization

  • AWS Sustainability: Understanding the AWS commitment to net-zero carbon by 2040
    • Carbon footprint tracking and optimization
    • Sustainable architecture patterns
    • Right-sizing resources for environmental impact
  • Enhanced Cost Optimization:
    • AWS Cost Explorer and Cost Anomaly Detection
    • Savings Plans vs Reserved Instances comparison
    • Spot Instance best practices and interruption handling
    • Resource tagging strategies for cost allocation

NEW 2025: Practice Questions for Updated Services

  • VPC Lattice Questions:
    • Q: A company needs to connect microservices across multiple VPCs and AWS accounts with centralized security policies. Which service should they use?
      • A) VPC Peering
      • B) Transit Gateway
      • C) Amazon VPC Lattice ✓
      • D) AWS PrivateLink
  • Network Firewall Questions:
    • Q: Which AWS service provides stateful firewall capabilities with deep packet inspection for VPC traffic?
      • A) Security Groups
      • B) Network ACLs
      • C) AWS WAF
      • D) AWS Network Firewall ✓
  • IPAM Questions:
    • Q: A large enterprise needs to manage IP address allocation across 50+ AWS accounts. Which service provides centralized IP address management?
      • A) VPC DHCP Options
      • B) Amazon VPC IP Address Manager (IPAM) ✓
      • C) Route 53 Resolver
      • D) AWS Config
  • Verified Permissions Questions:
    • Q: Which service provides fine-grained authorization using Cedar policy language?
      • A) AWS IAM
      • B) Amazon Cognito
      • C) Amazon Verified Permissions ✓
      • D) AWS Directory Service
  • Deprecated Services Questions:
    • Q: AWS App Mesh reached end-of-life in September 2026. What is the recommended migration path?
      • A) AWS Service Mesh
      • B) Amazon VPC Lattice ✓
      • C) Application Load Balancer
      • D) AWS Transit Gateway
    • Q: A company is using AWS App Runner to deploy containerized web applications. Given that App Runner moved to maintenance mode in April 2026, which service provides the most similar fully-managed container deployment experience?
      • A) Amazon EC2 with Auto Scaling
      • B) Amazon ECS with Fargate ✓
      • C) AWS Lambda
      • D) Amazon EKS with managed node groups

AWS Whitepapers & Cheatsheets

Important Migration Notes for Deprecated Services

Service Migration Guide (Updated June 2026)

  • AWS App Mesh → Amazon VPC Lattice / ECS Service Connect:
    • VPC Lattice provides simpler service-to-service connectivity
    • ECS Service Connect for ECS-native service mesh capabilities
    • No need for sidecar proxies or complex mesh configuration
    • Built-in security policies and observability
    • Deadline: September 30, 2026
  • AWS App Runner → ECS Fargate / Lambda / EKS:
    • ECS Fargate for containerized workloads with more control
    • Lambda for event-driven, short-duration workloads
    • EKS for Kubernetes-native deployments
    • Status: Maintenance mode from April 30, 2026
  • Amazon RDS Custom for Oracle → RDS for Oracle / EC2:
    • Standard RDS for Oracle if OS-level access not critical
    • Self-managed Oracle on EC2 for full customization
    • Deadline: March 31, 2027
  • AWS CloudTrail Lake → CloudWatch Logs Insights / S3 + Athena:
    • CloudWatch Logs Insights for querying CloudTrail logs
    • S3 with Athena for long-term log analysis at scale
    • Status: No new customers from May 31, 2026
  • Amazon S3 Glacier (standalone) → S3 Glacier Storage Classes:
    • Use S3 Glacier Instant Retrieval for frequent access
    • Use S3 Glacier Flexible Retrieval for standard archival
    • Use S3 Glacier Deep Archive for long-term archival

✅ AWS CodeCommit: Returned to full General Availability (November 2025) after being temporarily de-emphasized. Git LFS support coming Q1 2026, regional expansions Q3 2026.

On the Exam Day

  • Make sure you are relaxed and get some good night’s sleep. The exam is not tough if you are well-prepared.
  • If you are taking the AWS Online exam
    • Try to join at least 30 minutes before the actual time as I have had issues with both PSI and Pearson with long wait times.
    • The online verification process does take some time and usually, there are glitches.
    • Remember, you would not be allowed to take the take if you are late by more than 30 minutes.
    • Make sure you have your desk clear, no hand-watches, or external monitors, keep your phones away, and nobody can enter the room.
  • Be prepared for scenario-based questions focusing on cost optimization, sustainability considerations, and modern networking architectures.
  • Key Focus Areas for 2026:
    • Service-to-service connectivity patterns (VPC Lattice)
    • Advanced security implementations (Verified Permissions, Network Firewall)
    • Cost optimization strategies (Savings Plans, right-sizing)
    • Sustainability considerations in architecture decisions
    • Migration strategies for deprecated services (App Mesh, App Runner, RDS Custom for Oracle)
    • Resilient architecture design (increased to 30% in SAA-C04)

Finally, All the Best 🙂

June 2026 Update Summary

This post has been updated to reflect the latest AWS certification and service changes. Key additions include: the SAA-C04 exam revision announcement (Q2-Q3 2026 rollout with grace period until Sept 30, 2026), AWS CodeCommit’s return to General Availability (Nov 2025), new service deprecations (App Runner maintenance mode, RDS Custom for Oracle sunset, CloudTrail Lake maintenance mode), and updated exam delivery improvements. The post continues to cover VPC Lattice, IPAM, Network Firewall, Verified Permissions, and essential migration guidance for deprecated services.

AWS Certified Solutions Architect – Associate SAA-C01 Exam Learning Path (Obsolete)

AWS Certified Solutions Architect – Associate SAA-C01 Exam Learning Path (Retired)

⚠️ EXAM RETIRED — SAA-C01 is No Longer Available

AWS Solutions Architect – Associate SAA-C01 was retired in 2020. It was succeeded by SAA-C02 (also retired August 29, 2022), and then by the current SAA-C03 exam.

This content is maintained for historical reference only. You cannot register for or take the SAA-C01 exam.

Current Exam:

What Changed (SAA-C01 → SAA-C03):

  • Greater focus on AWS Well-Architected Framework pillars
  • New services added: AWS Organizations, Control Tower, Lake Formation, EventBridge, Step Functions, EKS, Fargate, and more
  • Expanded security and governance coverage
  • More emphasis on hybrid cloud and migration strategies
  • Updated to reflect current AWS service landscape (2022+)

AWS Solutions Architect – Associate SAA-C01 Exam Summary (Historical)

AWS Solutions Architect – Associate SAA-C01 validated the ability to effectively demonstrate knowledge of how to architect and deploy secure and robust applications on AWS technologies:

  • Define a solution using architectural design principles based on customer requirements.
  • Provide implementation guidance based on best practices to the organization throughout the life cycle of the project.

The SAA-C01 exam focused on building scalable, highly available, cost-effective, performant, resilient, and operationally effective architectures across the following topic areas:

  • Be sure to cover the following topics
    • Networking
      • Be sure to create VPC from scratch. This is mandatory.
        • Create VPC and understand what’s a CIDR.
        • Create public and private subnets, configure proper routes, security groups, NACLs.
        • Create Bastion for communication with instances
        • Create NAT Gateway or Instances for instances in private subnets to interact with internet
        • Create two tier architecture with application in public and database in private subnets
        • Create three tier architecture with web servers in public, application and database servers in private.
        • Make sure to understand how the communication happens between Internet, Public subnets, Private subnets, NAT, Bastion etc.
      • Understand VPC endpoints and what services it can help interact
      • Understand difference between NAT Gateway and NAT Instance
      • Understand how NAT high availability can be achieved
      • Understand CloudFront as CDN and the static and dynamic caching it provides, what can be its origin (it can point to on-premises sources)
      • Understand Route 53 for routing, health checks and various routing policies it provides and their use cases mainly for high availability
      • Be sure to cover ELB in deep. AWS has introduced ALB and NLB and there are lot of questions on ALB
      • Understand ALB features with its ability for content based and URL based routing with support for dynamic port mapping with ECS
    • Storage
      • Understand various storage options S3, EBS, Instance store, EFS, Glacier and what are the use cases and anti patterns for each
      • Understand various EBS volume types and their use cases in terms of IOPS and throughput. SSD for IOPS and HDD for throughput
      • Understand Burst performance and I/O credits to handle occasional peaks
      • Understand S3 features like different storage classes with lifecycle policies, static website hosting, versioning, Pre-Signed URLs for both upload and download, CORS
      • Understand Glacier as an archival storage with various retrieval patterns
      • Understand Storage gateway and its different types
    • Compute
      • Understand EC2 as a whole
      • Understand Auto Scaling and ELB, how they work together to provide High Available and Scalable solution
      • Understand EC2 various purchase types – Reserved, On-demand and Spot and their use cases
      • Understand Lambda and serverless architecture, its features and use cases
      • Understand ECS with its ability to deploy containers and micro services architecture
      • Know Elastic Beanstalk at a high level, what it provides and its ability to get an application running quickly
    • Databases
    • Analytics
      • Understand Redshift as a data warehousing tool
      • Know Kinesis for real time data capture and analytics
    • Security
    • Management Tools
      • Understand CloudWatch monitoring to provide operational transparency
      • Know which EC2 metrics it can track. Remember, it cannot track memory and disk space/swap utilization
      • Understand CloudWatch is extendable with custom metrics
      • Understand CloudTrail for Audit
    • Integration Tools
      • Understand SQS as message queuing service and SNS as pub/sub notification service
      • Understand SQS features like visibility, long poll vs short poll
      • Focus on SQS as a decoupling service
      • Understand SQS FIFO and the differences between standard and FIFO

AWS Solutions Architect – Associate SAA-C01 Exam Resources (Archived)

Note: The resources below were relevant for the SAA-C01 exam (retired 2020). For current SAA-C03 study resources, visit the SAA-C03 Learning Path.

  • Online Courses (Historical)
  • General Preparation Tips (Still Valid)
    • Sign up with AWS for the Free Tier account which provides a lot of services to try for free
    • Read the FAQs for important topics, as they cover key points and are good for quick review

AWS Cloud Computing Whitepapers (Still Relevant)

AWS Solutions Architect – Associate SAA-C01 Exam Domains (Historical)

Domain 1: Design Resilient Architectures

  1. Choose reliable/resilient storage.
  2. Determine how to design decoupling mechanisms using AWS services.
  3. Determine how to design a multi-tier architecture solution.
  4. Determine how to design high availability and/or fault tolerant architectures.

Domain 2: Define Performant Architectures

  1. Choose performant storage and databases.
  2. Apply caching to improve performance.
  3. Design solutions for elasticity and scalability.

Domain 3: Specify Secure Applications and Architectures

  1. Determine how to secure application tiers.
  2. Determine how to secure data.
  3. Define the networking infrastructure for a single VPC application.

Domain 4: Design Cost-Optimized Architectures

  1. Determine how to design cost-optimized storage.
  2. Determine how to design cost-optimized compute.

Domain 5: Define Operationally-Excellent Architectures

  1. Choose design features in solutions that enable operational excellence.

Related Posts