Skip to main content
AWS 🇺🇸 · 11 min read

AWS Solutions Architect Associate (SAA-C03) Complete Study Guide 2026

The AWS Solutions Architect Associate (SAA-C03) is one of the most valuable cloud certifications in the industry. This complete 2026 guide covers every domain, top topics, sample questions, and a week-by-week study plan to help you pass on your first attempt.

0 likes 0 comments

The AWS Solutions Architect Associate (SAA-C03) certification is widely regarded as the most sought-after cloud credential in the world. With AWS commanding more than 30% of the global cloud market, architects who can design reliable, secure, and cost-efficient solutions on AWS are in enormous demand. Whether you are a developer transitioning into architecture, a sysadmin moving to the cloud, or a recent graduate breaking into tech, the SAA-C03 is an excellent first professional-level cert to pursue. This guide gives you everything you need to plan your preparation, understand the exam structure, and pass confidently in 2026.

Exam Format and Registration Details

Before diving into content, understand exactly what you are signing up for. The SAA-C03 exam has the following structure:

Detail Value
Number of Questions 65 (scored) + up to 15 unscored pilot questions
Time Limit 130 minutes
Passing Score 720 out of 1000
Exam Cost $150 USD (Pearson VUE or PSI)
Delivery Testing center or online proctored
Question Types Multiple choice and multiple response (select 2–3 correct)
Validity 3 years

The exam uses scaled scoring, so the 720 threshold does not directly correspond to 72% of questions answered correctly. AWS uses psychometric analysis to normalize the difficulty of each question set. In practice, aim to answer around 75–80% of questions correctly in practice exams before scheduling your real attempt.

💡 Pro Tip: AWS offers a 30-minute exam accommodation for non-native English speakers. If English is not your first language, request this accommodation when scheduling your exam — it costs nothing and can make a real difference under pressure.

The Four Exam Domains Explained

The SAA-C03 exam is organized into four domains. Each domain tests a different aspect of solution architecture, and understanding the weight of each helps you prioritize your study time effectively.

Domain 1: Design Secure Architectures — 30%

This is the largest domain on the exam, which surprises many candidates who expect architecture or performance to dominate. You must understand how to apply the AWS shared responsibility model, design IAM policies with least privilege, encrypt data at rest and in transit, protect VPC resources with security groups and NACLs, and implement detective controls using CloudTrail, Config, and GuardDuty. Key services: IAM, KMS, Secrets Manager, ACM, WAF, Shield, VPC security groups, S3 bucket policies.

Domain 2: Design Resilient Architectures — 26%

Here you must demonstrate that you can design systems that remain available despite failures. Topics include multi-AZ and multi-region deployments, Auto Scaling, elastic load balancing, decoupled architectures using SQS and SNS, and disaster recovery strategies (Backup and Restore, Pilot Light, Warm Standby, Active-Active). You need to know RTO and RPO concepts deeply.

Domain 3: Design High-Performing Architectures — 24%

This domain focuses on selecting the right compute, storage, database, and networking options for a given workload. You need to know when to use EC2 vs Lambda vs ECS vs EKS, when RDS is better than DynamoDB, and how to use CloudFront, Global Accelerator, and ElastiCache to reduce latency. Storage tiers (S3 Intelligent-Tiering, Glacier, EBS volume types) are also covered here.

Domain 4: Design Cost-Optimized Architectures — 20%

AWS expects architects to control spend while meeting requirements. This domain tests knowledge of Reserved Instances vs Savings Plans vs Spot Instances, right-sizing EC2, choosing cost-efficient storage classes, using S3 Lifecycle policies, and leveraging serverless to eliminate idle compute costs. AWS Cost Explorer and AWS Budgets are also fair game.

Top 10 Topics to Study

Based on exam blueprint analysis and community feedback from thousands of test-takers, the following ten topics generate the highest question volume on the SAA-C03. Spend the most time here before branching out to edge-case services.

1. EC2 and Auto Scaling

Know every instance purchasing option (On-Demand, Reserved, Spot, Dedicated Host), placement groups (cluster, spread, partition), and how to configure Launch Templates for Auto Scaling Groups with target tracking and step scaling policies.

2. S3 and Storage Classes

Memorize all storage classes and their minimum storage durations. Know when to use S3 Transfer Acceleration, Cross-Region Replication, MFA Delete, Object Lock, and Presigned URLs. Lifecycle rules and Intelligent-Tiering transitions appear frequently.

3. VPC Networking

Understand subnets (public vs private), route tables, Internet Gateways, NAT Gateways, VPC Peering, Transit Gateway, VPN connections, and Direct Connect. Know what a Bastion Host is and when to use Systems Manager Session Manager instead.

4. RDS and Database Services

Multi-AZ vs Read Replicas, Aurora Serverless, Aurora Global Database, RDS Proxy, DynamoDB Global Tables, and ElastiCache (Redis vs Memcached) are critical. Know which workloads suit each engine.

5. IAM

Policies (identity-based, resource-based, permission boundaries, SCPs), roles for EC2 instance profiles, cross-account access, and IAM Identity Center (formerly AWS SSO) are all tested heavily.

6. Lambda and Serverless

Lambda triggers (API Gateway, S3, SQS, EventBridge), concurrency limits, provisioned concurrency, Lambda Layers, and Step Functions orchestration are common question drivers.

7. CloudFront and Global Delivery

Know how CloudFront caches content, how to set up Origin Access Control (OAC) for S3 origins, cache behaviors, signed URLs vs signed cookies, and how it integrates with WAF and Shield Advanced.

8. Route 53

All routing policies (Simple, Failover, Latency, Geolocation, Geoproximity, Weighted, Multi-Value) and their use cases, plus health checks and private hosted zones, are testable topics.

9. SQS and SNS

Understand standard queues vs FIFO queues, visibility timeout, dead-letter queues, long polling, and the fanout pattern (SNS + SQS). EventBridge is increasingly replacing legacy SNS patterns for complex routing.

10. Elastic Load Balancing

Know when to use an Application Load Balancer (layer 7, path/host-based routing), Network Load Balancer (layer 4, static IP, TLS termination), and Gateway Load Balancer (third-party appliances). Understand sticky sessions and connection draining.

3 Realistic Sample Questions

The following questions reflect the style and difficulty of actual SAA-C03 exam questions. Read each carefully, attempt an answer, then review the explanation.

Question 1

A company runs a web application on EC2 instances behind an Application Load Balancer. The application stores user session data in local instance memory. When the Auto Scaling group scales in, users report being logged out unexpectedly. Which solution resolves this issue with the LEAST operational overhead?

  • A. Enable sticky sessions (session affinity) on the ALB target group
  • B. Store session data in an Amazon ElastiCache for Redis cluster
  • C. Configure connection draining on the ALB target group
  • D. Use an Amazon RDS Multi-AZ instance to store session data

Correct Answer: B

Explanation: Moving session data out of local instance memory and into a shared, low-latency data store like ElastiCache for Redis is the canonical AWS pattern for stateless EC2 architectures. Any instance can then serve any user's request without losing session context. Option A (sticky sessions) keeps users tied to a specific instance, which breaks down during scale-in events — the very problem described. Option C (connection draining) gracefully completes in-flight requests but does not preserve session data. Option D (RDS) works but adds unnecessary relational database complexity and latency compared to an in-memory cache.

Question 2

A solutions architect must design a disaster recovery architecture for an on-premises application with an RTO of 30 minutes and an RPO of 15 minutes. The company wants to minimize cost while meeting these requirements. Which DR strategy should the architect recommend?

  • A. Backup and Restore
  • B. Pilot Light
  • C. Warm Standby
  • D. Multi-Site Active/Active

Correct Answer: C

Explanation: A 30-minute RTO rules out Backup and Restore (recovery typically takes hours) and Pilot Light (requires time to start and scale up a minimal core). Warm Standby keeps a scaled-down but fully functional environment running at all times, allowing failover within minutes by simply scaling up — meeting the 30-minute RTO and 15-minute RPO. Multi-Site Active/Active achieves near-zero RTO/RPO but is the most expensive option and exceeds the stated requirements.

Question 3

A company needs to allow an EC2 instance in Account A to read objects from an S3 bucket in Account B. Which combination of actions is required? (Select TWO)

  • A. Create an IAM role in Account A with an S3 read policy and attach it to the EC2 instance
  • B. Create an IAM user in Account B and share its access keys with Account A
  • C. Add a bucket policy in Account B that grants the Account A IAM role permission to read objects
  • D. Enable S3 Transfer Acceleration on the bucket in Account B
  • E. Create a VPC endpoint for S3 in Account A's VPC

Correct Answers: A and C

Explanation: Cross-account S3 access requires permission grants on both sides. The EC2 instance needs an IAM role (identity-based policy) in its own account (A) that grants S3 read actions. The S3 bucket in Account B needs a resource-based bucket policy that explicitly allows the IAM role ARN from Account A to perform those actions. Both grants must exist simultaneously — one alone is insufficient. Sharing IAM user credentials (B) is a security anti-pattern. S3 Transfer Acceleration (D) speeds up transfers but does not grant access. A VPC endpoint (E) provides private network routing but does not address cross-account authorization.

8–12 Week Study Timeline

Below is a structured study plan designed for candidates with basic cloud familiarity. If you are new to AWS entirely, follow the 12-week track. If you already work with AWS daily, the 8-week track is sufficient.

Week 1–2: Foundations
  • Create a free-tier AWS account and explore the console hands-on
  • Study the AWS global infrastructure (Regions, AZs, Edge Locations)
  • Complete the AWS Certified Solutions Architect – Associate official exam guide
  • Begin a structured video course (Stephane Maarek on Udemy is the community favorite)
Week 3–4: Core Compute and Networking
  • EC2, Auto Scaling, ELB — launch instances, configure ASGs, set up ALB
  • VPC deep dive: build a full 3-tier VPC from scratch with public, private, and data subnets
  • Route 53 routing policies — create lab scenarios for each policy type
  • Take a 20-question domain 2 practice quiz and review all wrong answers
Week 5–6: Storage, Databases, and Security
  • S3 storage classes, lifecycle policies, replication, and encryption
  • RDS Multi-AZ vs Read Replicas, Aurora, DynamoDB, ElastiCache
  • IAM policies, roles, and cross-account patterns
  • KMS, Secrets Manager, ACM, WAF, Shield — domain 1 security sweep
Week 7–8: Serverless, Integration, and Cost
  • Lambda, API Gateway, Step Functions, EventBridge, SQS, SNS
  • CloudFront, Global Accelerator, and CDN caching strategies
  • EC2 pricing models, Savings Plans, Spot instances, and cost tagging strategies
  • Take two full 65-question timed practice exams — target 75%+ before proceeding
Week 9–10 (Optional Extended Track): Weak Area Review
  • Review every wrong answer from practice exams and trace back to source documentation
  • Focus extra time on domain 3 (performance) if scoring below 70% there
  • Complete AWS Skill Builder labs for hands-on reinforcement
  • Review AWS architecture whitepapers: Well-Architected Framework, Disaster Recovery
Final Week: Exam Prep
  • Take one final timed practice exam under real conditions (no pausing)
  • Review flashcard decks for service limits, storage tiers, and routing policies
  • Do a light review the night before — do not cram
  • Schedule your exam for morning if possible — mental fatigue increases in the afternoon

Exam Day Tips

Flag and Move On

With 65 questions and 130 minutes, you have exactly 2 minutes per question. Any question that requires more than 90 seconds of deliberation should be flagged and revisited. Spending 5 minutes on one hard question at the cost of easier questions later is a common failure mode.

Eliminate Clearly Wrong Answers First

On almost every SAA-C03 question, two of the four answers can be eliminated immediately because they introduce unnecessary complexity, use the wrong service, or are factually incorrect. Narrowing to two options makes guessing far more effective if needed.

Look for "Least Operational Overhead" Clues

When the question asks for the solution with "least operational overhead" or "minimal management," AWS almost always expects you to choose a managed or serverless service over a self-managed one. Lambda over EC2, RDS over a self-installed database on EC2, Managed AD over self-hosted LDAP, and so on.

💡 Pro Tip: The AWS Well-Architected Framework's five pillars — Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization — map directly to the SAA-C03 exam domains. Internalizing the framework's design principles will help you reason through unfamiliar scenarios on exam day rather than relying purely on memorization.

Recommended Practice Resources

  • AWS Skill Builder: Official labs and the AWS-authored practice exam
  • AWS Whitepapers: Well-Architected Framework, Storage Services Overview, Disaster Recovery
  • CertLand Practice Exams: Scenario-based questions that mirror real exam difficulty

Ready to Practice?

Test your knowledge with our full AWS SAA-C03 practice exam — 340 scenario-based questions, detailed explanations, and no login required to get started.

Browse Practice Exams →

Comments

Sign in to leave a comment.

No comments yet. Be the first!

Comments are reviewed before publication.