SAA-C03 (AWS Certified Solutions Architect - Associate) is one of the most in-demand cloud certifications in the world. It validates your ability to design reliable, secure, performant and cost-effective cloud architectures on AWS. This guide gives you a strategic approach to tackle the exam with method and confidence.
Table of contents
SAA-C03 exam overview
The SAA-C03 version, released in August 2022, increased the focus on resilient architectures and cost optimization, reflecting the real-world expectations of the market.
| Characteristic | Detail |
|---|---|
| Number of questions | 65 questions |
| Duration | 130 minutes |
| Passing score | 720/1000 |
| Format | Multiple choice + multiple response |
| Cost | USD 150 |
| Validity | 3 years |
Exam domains and their weightings:
- Domain 1 - Design Resilient Architectures (26%)
- Domain 2 - Design High-Performing Architectures (24%)
- Domain 3 - Design Secure Applications and Architectures (30%)
- Domain 4 - Design Cost-Optimized Architectures (20%)
Core AWS services to master
Compute: EC2 and beyond
Amazon EC2 is essential. Master the following:
- Instance families (general purpose, memory optimized, compute optimized, storage optimized)
- Pricing models: On-Demand, Reserved Instances, Spot Instances, Savings Plans
- Auto Scaling Groups (ASG): automated scale-out and scale-in based on policies
- Elastic Load Balancing (ALB, NLB, CLB): traffic distribution
- Placement Groups: Cluster, Spread, Partition for critical workloads
Also know AWS Lambda (serverless), Amazon ECS/EKS (containers) and AWS Fargate (serverless containers).
Storage: S3, EBS, EFS and Glacier
- Amazon S3: object storage with 11 nines of durability (99.999999999%). Storage classes: Standard, Intelligent-Tiering, Standard-IA, One Zone-IA, Glacier Instant Retrieval, Glacier Flexible Retrieval, Glacier Deep Archive
- Amazon EBS: persistent block volumes for EC2. Types: gp3, io2 (high performance), st1, sc1
- Amazon EFS: NFS file system shared across multiple EC2 instances
- AWS Storage Gateway: hybrid gateway between on-premises and AWS
Databases: RDS, DynamoDB and Aurora
- Amazon RDS: managed relational databases (MySQL, PostgreSQL, Oracle, SQL Server, MariaDB). Supports Multi-AZ for high availability and Read Replicas for read performance
- Amazon Aurora: MySQL/PostgreSQL-compatible relational database, up to 5x faster, automatic replication across 3 AZs
- Amazon DynamoDB: serverless NoSQL database, millisecond latency, unlimited scalability. DynamoDB Streams + Lambda for event-driven architectures
- Amazon ElastiCache: in-memory cache (Redis or Memcached) to reduce database load
Networking: VPC in depth
The VPC (Virtual Private Cloud) is probably the most complex and most heavily tested topic on the exam:
- Public and private subnets: a foundational distinction for security
- Internet Gateway: internet access for public subnets
- NAT Gateway: outbound internet access for instances in private subnets
- Security Groups: stateful firewall at the instance level
- Network ACL (NACL): stateless firewall at the subnet level
- VPC Peering: private communication between two VPCs
- AWS Transit Gateway: centralized hub to connect multiple VPCs and on-premises networks
- AWS Direct Connect: dedicated physical link between your data center and AWS
Designing AWS architectures
High availability and resilience
The exam tests your ability to design failure-resistant architectures. Key principles:
- Multi-AZ: deploy components across at least 2 availability zones
- Multi-Region: for critical disaster recovery requirements (low RTO/RPO)
- Loose coupling: decouple components via SQS, SNS or EventBridge to avoid single points of failure
- Health checks: Route 53 and ALB monitor instance health and reroute traffic on failure
Typical 3-tier web application architecture
This pattern shows up very often in SAA-C03 questions:
- Presentation tier: CloudFront + S3 (static content) or ALB + EC2 in public subnets
- Application tier: EC2 Auto Scaling Group in private subnets, behind an internal ALB
- Data tier: RDS Multi-AZ or Aurora in isolated database subnets
The AWS Well-Architected framework
The Well-Architected Framework is essential reading for SAA-C03. It is built on 6 pillars:
- Operational excellence: automate operations, monitor systems, continuously improve
- Security: protect data, systems and assets by applying the principle of least privilege
- Reliability: recover from failures, scale dynamically, maintain availability
- Performance efficiency: use compute resources efficiently to meet system requirements
- Cost optimization: avoid unnecessary spend, choose the right pricing model
- Sustainability: minimize the environmental impact of cloud workloads
Security and networking
IAM: Identity and Access Management
IAM is the foundation of AWS security. Key points to master:
- Principle of least privilege: grant only the permissions strictly required
- IAM Roles: temporary permissions assigned to services or applications (preferred over access keys)
- IAM Policies: JSON defining permissions (Allow/Deny on Actions/Resources)
- AWS Organizations + SCP: centralized governance across multiple AWS accounts
Encryption and secrets
- AWS KMS (Key Management Service): centralized management of encryption keys
- AWS Secrets Manager: storage and automatic rotation of secrets (passwords, API keys)
- AWS Certificate Manager (ACM): free SSL/TLS certificates for AWS services
Cost optimization
With 20% of the score, cost optimization deserves real attention.
- Reserved Instances (RI) and Savings Plans: up to 72% savings on EC2 for predictable workloads (1- or 3-year commitment)
- Spot Instances: up to 90% off for interruption-tolerant workloads (batch, data processing)
- S3 Intelligent-Tiering: automatic storage cost optimization based on access patterns
- AWS Trusted Advisor: cost and performance optimization recommendations
- AWS Cost Explorer: spend analysis and forecasting
Preparation strategy
Most candidates spend 6 to 10 weeks preparing for SAA-C03, depending on their AWS experience.
| Phase | Duration | Activities |
|---|---|---|
| Foundations | Weeks 1-2 | IAM, VPC, EC2, S3 - theory + hands-on labs |
| Advanced services | Weeks 3-4 | RDS, Aurora, DynamoDB, ECS, Lambda, Route 53 |
| Architecture | Weeks 5-6 | Well-Architected, design scenarios, security |
| Review | Weeks 7-8 | SAA-C03 mock exams, error analysis, targeted review |
SAA-C03-specific exam tips
- Each question presents a real-world scenario: identify the main concern (cost, performance, security, resilience) before looking at the answers
- Be wary of technically correct but suboptimal answers: the exam looks for the best solution, not just a valid one
- For cost questions, Spot Instances or Savings Plans almost always beat On-Demand
- For security questions, IAM Roles are always preferred over static access keys
- For high availability questions, if Multi-AZ is not part of the answer, it is probably wrong
Conclusion
SAA-C03 is a demanding but highly rewarding certification, recognized as one of the most sought-after on the cloud job market. Preparing for it forces you to build a solid grasp of cloud architecture best practices, which translates directly into skills you can apply at work. With structured preparation and regular practice on real-exam-style questions, you give yourself every chance to succeed.
Ready to practice for SAA-C03?
Access hundreds of SAA-C03 questions in the official AWS format, with detailed explanations for every correct answer.
Practice SAA-C03 on CertifexpressFound this article useful? Share it!