Back to All Certifications
AWS Certified Solutions Architect - Associate logo
Amazon Web Services

AWS Certified Solutions Architect - Associate

The AWS Certified Solutions Architect - Associate (SAA-C03) exam validates a candidate's ability to design solutions based on the AWS Well-Architected Framework. It targets individuals who perform a solutions architect role and need to design secure, resilient, high-performing, and cost-optimized architectures using AWS services. The target candidate should have at least 1 year of hands-on experience designing cloud solutions with AWS services.

Exam Details

Duration
130 minutes
Questions
65 questions
Passing Score
72%
Format
Multiple choice and multiple response

What This Exam Really Tests

This exam fundamentally tests your ability to navigate trade-offs between the four pillars of the Well-Architected Framework — security, resilience, performance, and cost — in realistic, multi-constraint scenarios where optimizing for one pillar creates tension with another. It evaluates whether you can think like a practicing architect who must justify decisions to stakeholders, not just a technician who knows service features. The core skill being assessed is contextual judgment: given specific business requirements, constraints, and existing infrastructure, which AWS-native pattern produces the most appropriate outcome.

Key Success Factors

  • The exam is overwhelmingly a test of elimination, not recall — AWS deliberately constructs distractors that are technically correct but contextually wrong, so knowing WHEN to use a service matters far more than knowing WHAT the service does. For example, all four answer choices for a caching question might involve ElastiCache, but only one fits the read pattern described.
  • Security is the silent constraint on every question, not just Domain 1 — even a 'performance' or 'cost' question will disqualify answers that introduce IAM over-permission, unencrypted data at rest, or public exposure, meaning you must apply the principle of least privilege as a filter across all 65 questions.
  • The exam heavily rewards understanding the architectural boundaries between services — knowing that SQS decouples producers from consumers, that Aurora Global Database serves read-heavy cross-region workloads, or that S3 Transfer Acceleration solves last-mile latency — because most questions describe a symptom or business outcome and ask you to identify the root cause and corresponding AWS pattern rather than asking you to define a service directly.
  • Cost-optimization questions almost always hide a compute or storage pricing model trap — candidates who memorize instance types without understanding Reserved Instance commitment tiers, Savings Plans flexibility, S3 storage class transition rules, or the per-request cost implications of NAT Gateway versus VPC endpoints will consistently choose the plausible but financially suboptimal answer.

Common Pitfalls to Avoid

  • Candidates over-index on memorizing service limits and feature lists from documentation, then fail scenario questions because the exam tests architectural reasoning — a candidate who knows every Lambda limit but cannot identify when Lambda is the wrong tool for a sustained, CPU-intensive workload will consistently miss questions that penalize feature-knowledge without contextual judgment.
  • Treating the four pillars as independent categories rather than competing forces causes candidates to select the 'most resilient' or 'most secure' answer without noticing that the question stem explicitly constrains budget or mandates simplicity, leading to architecturally over-engineered answers that AWS specifically plants as attractive wrong answers for candidates who confuse 'more services' with 'better design'.
  • Underestimating the networking and IAM depth required — many candidates study compute and storage thoroughly but arrive underprepared for questions involving VPC peering versus Transit Gateway trade-offs, resource-based versus identity-based policies, cross-account access patterns, and the behavioral differences between Security Groups and NACLs in layered defense architectures, which appear across all four domains not just in security.
💡

Pass this exam by reading every question as a product manager would — identify the binding constraint first (budget cap, latency SLA, compliance requirement, operational overhead limit), eliminate answers that violate that constraint regardless of how technically sophisticated they appear, and select the answer that an experienced AWS architect would defend in a design review, not the answer that uses the most services or the newest features.

Exam Domains

Design Secure Architectures

30%

This is the heaviest-weighted domain and heavily tests your ability to select the right IAM mechanism for a given scenario — knowing when to use roles vs. policies vs. resource-based policies vs. SCPs is critical. AWS frequently tests least-privilege principles in multi-account environments using AWS Organizations, and scenarios often involve cross-account access patterns. Expect trick questions that conflate authentication with authorization, or that offer overly permissive solutions as distractors.

IAM roles for EC2, Lambda, and cross-account access vs. IAM users and access keysVPC security layering: Security Groups (stateful) vs. NACLs (stateless), and when to use eachData encryption: KMS CMKs vs. AWS-managed keys, S3 bucket policies vs. ACLs, and encryption in-transit vs. at-rest controls

💡 The most common pitfall is confusing when to use AWS Secrets Manager vs. SSM Parameter Store, and when to use S3 Block Public Access vs. bucket policies. Also watch for questions testing whether you know that Security Groups do NOT deny traffic explicitly — only NACLs support explicit deny rules.

Practice this domain's questions

Design Resilient Architectures

26%

This domain tests your architectural judgment around failure isolation and recovery, not just your knowledge of individual services. You must understand the difference between high availability (minimize downtime) and fault tolerance (zero downtime with no degradation), and AWS maps specific service configurations to each. Multi-AZ vs. Multi-Region trade-offs appear frequently, and you must know which services are inherently regional/global vs. which require explicit configuration.

RDS Multi-AZ (synchronous, automatic failover) vs. Read Replicas (asynchronous, read scaling) — these are frequently confusedDecoupling patterns: SQS for async decoupling, SNS for fan-out, and when to use EventBridge vs. SQS vs. SNSAuto Scaling group configurations: target tracking vs. step scaling vs. scheduled scaling, and how they interact with ELB health checks

💡 A common trap is selecting Multi-AZ RDS when the question actually needs a read replica for performance, or vice versa. Also, candidates frequently overlook that S3 is already highly durable and regionally redundant by default — adding cross-region replication is only needed for disaster recovery scenarios, not basic HA.

Practice this domain's questions

Design High-Performing Architectures

24%

This domain rewards candidates who understand service-specific performance levers rather than general concepts — you need to know, for example, that ElastiCache with Redis supports complex data structures while Memcached is simpler and multi-threaded, or that EBS gp3 allows you to provision IOPS independently of volume size. Questions are heavily focused on bottleneck identification: given a slow system, which specific AWS feature or service change resolves the constraint.

Storage performance: EBS volume types (gp3 vs. io2 Block Express vs. st1 vs. sc1) and their use cases by workload typeDatabase caching and read scaling: ElastiCache placement, RDS Proxy for connection pooling, and DynamoDB DAX for microsecond readsNetwork performance: placement groups (cluster vs. spread vs. partition), enhanced networking (ENA), and CloudFront cache behaviors for dynamic vs. static content

💡 Candidates frequently confuse Kinesis Data Streams (real-time, custom consumers, retention) with Kinesis Data Firehose (near-real-time, managed delivery to S3/Redshift/Elasticsearch, no custom consumers). Also watch for questions about Global Accelerator vs. CloudFront — GA is for TCP/UDP non-HTTP workloads and static IPs, not for caching.

Practice this domain's questions

Design Cost-Optimized Architectures

20%

This domain tests your ability to match AWS purchasing models and storage tiers to workload characteristics — the right answer almost always involves the most specific tool rather than the most powerful one. AWS consistently rewards right-sizing and lifecycle automation over brute-force provisioning. Expect scenarios that require you to balance cost reduction against a minimum service level, meaning you cannot simply choose the cheapest option if it violates the stated availability or performance requirement.

EC2 pricing models: On-Demand vs. Reserved Instances (Standard vs. Convertible) vs. Savings Plans vs. Spot — and which workload types map to eachS3 storage class selection and lifecycle policies: moving objects through S3 Standard → S3-IA → S3 Glacier Instant Retrieval → Glacier Deep Archive based on access patternsData transfer cost optimization: using VPC endpoints to avoid NAT Gateway charges, and CloudFront to reduce origin data transfer costs

💡 The most common mistake is recommending Reserved Instances for unpredictable or short-lived workloads where Savings Plans or Spot would be cheaper and more flexible. Also, candidates often overlook that S3 Intelligent-Tiering has a monitoring fee per object, making it cost-ineffective for very small objects or infrequently accessed buckets with millions of tiny files.

Practice this domain's questions

Pass the AWS Solutions Architect Associate on Your First Attempt — Let AI Show You Exactly How

CertForge maps every practice question to SAA-C03's four domains, so you never study blind.

Domain-Targeted Practice Questions

AI generates questions across all four SAA-C03 domains, exposing real gaps in your architecture knowledge.

AWS Service Mastery Tracking

See exactly which services — EC2, S3, RDS, VPC — are costing you points before exam day.

Adaptive Weak-Spot Elimination

CertForge auto-prioritizes your weakest SAA-C03 domains so every study session delivers maximum score improvement.

Pass Threshold Prediction

Know if you're ready to sit the exam — our scoring model predicts your likelihood of clearing 720.

Why CertForge? Unlike static study guides, CertForge adapts in real time to your specific AWS knowledge gaps.

Amazon Web Services Services Covered

This exam touches 130 Amazon Web Services services, but focuses heavily on a smaller core set.

The AWS SAA-C03 exam is heavily weighted toward architectural decision-making across security (30%), resilience (26%), performance (24%), and cost (20%), meaning core services like EC2, S3, VPC, IAM, RDS, and ELB are virtually guaranteed to appear in multi-service scenario questions, while secondary services are tested as supporting design choices rather than standalone topics — candidates who can reason about trade-offs between services will outperform those who simply memorize individual service features.

Service Coverage Explained

The 33 curriculum-count services are those explicitly named within the extracted exam outline topics and objectives, making them the strongest exam signals; the remaining 97 official in-scope services are confirmed by AWS as testable but are not directly called out in the outline text, so they are weighted accordingly in tier placement based on architectural relevance and exam domain focus.

Official exam guide: 130 in-scope services • Extracted outline/objective mentions: 33 services • Total unique: 130 services

🔥

Core Services (High Frequency)

These foundational compute, storage, networking, database, and security services form the backbone of virtually every AWS architecture scenario and appear across all four exam domains.

Amazon EC2Amazon S3Amazon VPCAWS Identity and Access Management (IAM)Amazon RDSAmazon CloudFrontElastic Load Balancing (ELB)Amazon Route 53AWS LambdaAmazon DynamoDBAmazon CloudWatchAWS CloudFormationAWS Auto Scaling
⚠️

Secondary Services (Contextual)

These services frequently appear in scenario-based questions involving high availability, security layering, messaging, containerization, hybrid connectivity, and data persistence decisions across architecture design.

Amazon AuroraAmazon ECSAmazon EKSAmazon SQSAmazon SNSAmazon API GatewayAWS Key Management ServiceAmazon ElastiCacheAmazon S3 GlacierAmazon EBSAmazon EFSAWS Direct ConnectAWS Site-to-Site VPNAmazon EventBridgeAWS IAM Identity CenterAWS WAFAWS ShieldAmazon GuardDutyAWS CloudTrailAWS Secrets Manager
📦

Long-Tail Services (Awareness Level)

These services represent specialized, migration, analytics, ML, governance, and niche infrastructure tools that candidates should recognize and understand at a conceptual level to handle edge-case exam scenarios.

Compare with Other Certifications

Select a certification to compare exam structure and domain coverage side-by-side.

Ready to Start Your Journey?

Begin your AWS Certified Solutions Architect - Associate preparation with CertForge's curriculum-aware learning system