Certification Prep: AWS SAA — Solutions Architect Associate

Metadata

Field	Value
Issuer	Amazon Web Services (AWS)
Exam Code	SAA-C03
Format	Multiple-choice and multiple-response
Duration	130 minutes
Passing Score	720/1000 (scaled scoring)
Cost	$150 USD
Retake Policy	14-day wait between attempts
Wiki Coverage	~60%

Exam Domains & Wiki Mapping

Design Secure Architectures (30%)

Objective	Topic Pack	Coverage
Design secure access to AWS resources (IAM users, roles, policies, federation)	aws-iam	✅ Full
Design secure workloads and applications (security groups, NACLs, WAF)	aws-networking, firewalls	⚠️ Partial
Determine appropriate data security controls (encryption at rest/transit, KMS, CMKs)	secrets-management, tls-pki	⚠️ Partial
Design VPC architecture (subnets, route tables, gateways, peering, endpoints)	aws-networking	⚠️ Partial
Apply AWS shared responsibility model	security-basics	⚠️ Partial
Implement least-privilege IAM policies	aws-iam	✅ Full
Use AWS Organizations and SCPs for multi-account governance	aws-iam	❌ Gap
Implement AWS SSO and identity federation	aws-iam	❌ Gap
Configure AWS CloudTrail and Config for compliance	audit-logging	❌ Gap

Design Resilient Architectures (26%)

Objective	Topic Pack	Coverage
Design scalable and loosely coupled architectures (ELB, ASG, SQS, SNS)	load-balancing, message-queues	⚠️ Partial
Design highly available architectures (Multi-AZ, Multi-Region)	disaster-recovery, cloud-deep-dive	⚠️ Partial
Choose appropriate resilient storage (S3 tiers, EBS, EFS, FSx)	aws-s3-deep-dive	⚠️ Partial
Design disaster recovery strategies (backup/restore, pilot light, warm standby, active-active)	disaster-recovery, backup-restore	✅ Full
Use Auto Scaling to handle demand fluctuations	aws-ec2	⚠️ Partial
Design with Aurora, DynamoDB, and RDS for resilience	database-ops	❌ Gap
Implement caching strategies (ElastiCache, CloudFront, DAX)	redis	❌ Gap
Design event-driven architectures (EventBridge, Step Functions)	message-queues	❌ Gap

Design High-Performing Architectures (24%)

Objective	Topic Pack	Coverage
Determine high-performing compute solutions (EC2 instance types, Lambda, containers)	aws-ec2, aws-lambda, aws-ecs	⚠️ Partial
Determine high-performing storage solutions (S3, EBS types, instance store)	aws-s3-deep-dive	⚠️ Partial
Determine high-performing database solutions (RDS, Aurora, DynamoDB, Redshift)	database-ops	❌ Gap
Design high-performing networking (CloudFront, Global Accelerator, VPC endpoints)	aws-networking, aws-route53	⚠️ Partial
Determine high-performing data ingestion and transformation (Kinesis, Glue, Athena)	—	❌ Gap
Select appropriate EC2 instance types for workloads	aws-ec2	⚠️ Partial
Use placement groups for performance optimization	aws-ec2	❌ Gap

Design Cost-Optimized Architectures (20%)

Objective	Topic Pack	Coverage
Design cost-optimized compute solutions (Spot, Reserved, Savings Plans, Graviton)	finops, aws-ec2	⚠️ Partial
Design cost-optimized storage solutions (S3 lifecycle, tiering, Intelligent-Tiering)	aws-s3-deep-dive, finops	⚠️ Partial
Design cost-optimized database solutions (Aurora Serverless, DynamoDB on-demand)	finops	❌ Gap
Design cost-optimized network architectures (VPC endpoints, NAT optimization)	aws-networking, finops	❌ Gap
Use AWS cost management tools (Cost Explorer, Budgets, Trusted Advisor)	finops	⚠️ Partial
Right-size resources and implement tagging strategies	finops	⚠️ Partial

Study Plan

Phase 1: Foundations (Weeks 1–2)

Goal: Core AWS services and security fundamentals.

• Week 1: IAM, VPC, and compute
• Read: aws-iam — users, roles, policies, cross-account access
• Read: aws-networking — VPC, subnets, route tables, security groups, NACLs
• Read: aws-ec2 — instance types, AMIs, placement groups, user data
• Read: aws-lambda — serverless compute, event triggers, limits
• External: AWS Skill Builder (free) — "Architecting on AWS" fundamentals

• Practice: Build a VPC from scratch with public/private subnets, NAT gateway, bastion host

• Week 2: Storage, databases, and networking

• Read: aws-s3-deep-dive — bucket policies, versioning, lifecycle, replication
• Read: aws-route53 — DNS routing policies, health checks, failover
• Read: database-ops — relational concepts (apply to RDS/Aurora)
• External: AWS documentation for RDS, Aurora, DynamoDB — the wiki has gaps here
• Practice: Set up S3 lifecycle rules, enable cross-region replication
• Practice: Deploy an RDS instance with Multi-AZ, test failover

Phase 2: Deep Dive (Weeks 3–4)

Goal: Architecture patterns, resilience, and cost optimization.

• Week 3: High availability and resilience patterns
• Read: disaster-recovery — DR strategies, RPO/RTO calculations
• Read: load-balancing — apply concepts to ALB/NLB/CLB
• Read: message-queues — apply concepts to SQS/SNS
• Read: aws-ecs — ECS on Fargate, task definitions
• Read: aws-cloudwatch — metrics, alarms, logs, dashboards
• External: AWS Well-Architected Framework — Reliability Pillar

• Practice: Design a multi-AZ web application with ALB, ASG, RDS Multi-AZ

• Week 4: Cost optimization and advanced patterns

• Read: finops — cost management principles
• Read: security-basics — shared responsibility model
• Read: cloud-deep-dive — multi-cloud concepts, cloud-native patterns
• External: AWS Well-Architected Framework — Cost Optimization Pillar
• External: AWS Pricing Calculator — practice estimating costs for architectures
• Practice: Review and optimize a sample architecture for cost (switch to Spot, right-size, add lifecycle)
• Practice: Take the AWS Skill Builder practice exam

Phase 3: Exam Simulation (Weeks 5–6)

Goal: Drill AWS-specific services and take practice exams.

• Focus study on wiki gaps: RDS/Aurora details, DynamoDB, ElastiCache, CloudFront, Kinesis
• Take at least 3 full-length practice exams (AWS Skill Builder, Tutorials Dojo, or similar)
• Review every wrong answer — map it to the specific service and domain
• Build flashcards for: EC2 instance type families, S3 storage classes, RDS engine options, EBS volume types
• Study the AWS service comparison tables (when to use SQS vs SNS vs EventBridge, ALB vs NLB)
• Review AWS-specific terminology: AZ, Region, Edge Location, Outpost

Gap Analysis

Gap	Exam Weight	Recommended External Resource
AWS Organizations and SCPs	High (within 30%)	AWS Organizations documentation
RDS, Aurora, DynamoDB (configuration, pricing, HA)	High (across 26% + 24%)	AWS Database specialty docs, Tutorials Dojo cheat sheets
ElastiCache (Redis/Memcached) and DAX	Medium (within 26%)	AWS ElastiCache documentation
CloudFront, Global Accelerator	Medium (within 24%)	AWS Networking specialty docs
Kinesis, Glue, Athena (data ingestion)	Medium (within 24%)	AWS Analytics documentation
EventBridge, Step Functions	Medium (within 26%)	AWS event-driven architecture whitepapers
AWS CloudTrail, Config, GuardDuty	Medium (within 30%)	AWS Security specialty documentation
EC2 placement groups and instance store	Low (within 24%)	EC2 user guide — placement groups section
S3 Transfer Acceleration, multipart upload	Low (within 24%)	S3 developer guide — performance optimization
AWS SSO and identity federation (SAML, Cognito)	Medium (within 30%)	AWS IAM Identity Center documentation

Exam-Day Strategy

Time Management

• 65 questions in 130 minutes = ~2 min per question
• Multiple-choice format — no terminal, no hands-on
• Flag and skip questions you are unsure about — review at the end
• Eliminate obviously wrong answers first, then reason through remaining options

Question Triage

1. Read the full question and all answer options before selecting
2. Identify the domain: security, resilience, performance, or cost
3. Look for key phrases: "most cost-effective," "highest availability," "most secure," "least operational overhead"
4. "Least operational overhead" almost always means a managed/serverless service
5. "Most cost-effective" often means Spot instances, S3 Intelligent-Tiering, or reserved capacity

Common Traps

• Confusing security groups (stateful) with NACLs (stateless)
• Forgetting that S3 is eventually consistent for overwrite PUTs (now strong consistency as of Dec 2020)
• Mixing up EBS volume types: gp3 vs io2 vs st1 vs sc1
• ALB vs NLB: ALB for HTTP/HTTPS (Layer 7), NLB for TCP/UDP (Layer 4)
• Aurora vs RDS: Aurora is AWS-proprietary, 5x MySQL / 3x PostgreSQL performance, but costs more
• DynamoDB: remember partition key design is critical; hot partitions kill performance
• CloudFront vs Global Accelerator: CloudFront caches content, Global Accelerator routes TCP/UDP

AWS Service Selection Framework

When the question asks "which service?", use this decision tree: - Need caching? CloudFront (edge), ElastiCache (app-level), DAX (DynamoDB) - Need messaging? SQS (queue), SNS (pub/sub), EventBridge (event bus) - Need compute? Lambda (short tasks <15 min), Fargate (containers, no servers), EC2 (full control) - Need database? DynamoDB (key-value, scale), RDS (relational, managed), Aurora (relational, high perf) - Need storage? S3 (objects), EBS (block, single AZ), EFS (file, multi-AZ)

If You're Stuck

• Eliminate answers that use a service incorrectly (e.g., S3 for low-latency database)
• "Most" and "least" qualifiers are critical — re-read the question
• If two options seem correct, the one with less operational overhead is usually preferred
• Flag and move on — your subconscious may solve it while working other questions

Cross-References

• Learning Paths: Cloud Path
• Skill Checks: skillchecks/
• Deep Dives: cloud-deep-dive
• FinOps: finops — cost optimization fundamentals
• Production Readiness: production-readiness/
• AWS Troubleshooting: aws-troubleshooting

Pages that link here

• AWS CloudWatch - Primer
• AWS EC2 - Primer
• AWS ECS - Primer
• AWS IAM - Primer
• AWS Lambda - Primer
• AWS Networking - Primer
• AWS Route 53 - Primer
• AWS S3 Deep Dive - Primer
• AWS Troubleshooting - Primer
• Audit Logging Primer
• Backup & Restore Primer
• Certification Exam Prep
• Cloud Provider Deep-Dive (AWS & GCP) - Primer
• Cost Optimization & FinOps - Primer
• Database Operations on Kubernetes - Primer