--- title: AWS Certified Solutions Architect — Associate description: The most popular AWS certification, validating ability to design cost-optimized, resilient, secure, and high-performing architectures on AWS. Updated August 2025 (SAA-C03 v2 with GenAI and Aurora DSQL coverage). url: https://www.factualminds.com/certifications/aws-solutions-architect-associate/ examCode: SAA-C03 level: associate publishDate: 2026-04-30 updateDate: 2026-04-30 --- # AWS Certified Solutions Architect — Associate > Everything you need to plan a 6-week study sprint for the SAA-C03 v2: domain weights, the topics each domain actually tests, and the resources that paid back the time we put into them. ## How we wrote this guide Every architect on the FactualMinds team holds the SAA-C03. This guide reflects what we tell engineers we mentor: where the exam actually puts weight, which official resources are worth your time, and where the 2025 content refresh changed things. Treat it as the spine of your study plan — fill in the muscles with hands-on labs and practice exams. ## A 6-week study plan that works **Week 1 — Foundation.** Read the official exam guide and the Well-Architected framework whitepaper. Set up an AWS Free Tier account if you don't have one, and a separate AWS Organizations sandbox account for labs. Watch the IAM, VPC, and EC2 sections of your chosen video course. **Week 2 — Compute and storage.** Cover EC2, ECS, EKS, Lambda, S3, EBS, EFS, FSx. Build at least one lab: a multi-AZ ASG behind an ALB, with an RDS Multi-AZ database. Take your first Tutorials Dojo practice exam — expect 50–60% on the first attempt. **Week 3 — Networking and databases.** VPC, Route 53, CloudFront, RDS, Aurora, DynamoDB, ElastiCache. Lab: VPC peering, transit gateway, VPC endpoints. Read the FAQs for each service. **Week 4 — Security and identity.** IAM, KMS, Secrets Manager, Parameter Store, GuardDuty, Macie, WAF, Shield. Lab: IAM Identity Center with an external IdP, KMS-encrypted S3 with bucket policies, WAF with managed rule groups. **Week 5 — Cost optimization and monitoring.** Cost Explorer, Cost Optimization Hub, Compute Optimizer, Budgets, CloudWatch, X-Ray. Take a second full-length practice exam — aim for 70%+. **Week 6 — Final ramp.** Take three more full-length practice exams. Review every wrong answer. Re-read the exam guide. Book the exam for the end of the week. Sleep. ## What changed in the 2025 refresh - **Aurora DSQL** appears in cost-optimization and high-performance architecture questions. Know when distributed Postgres is the right call vs traditional Aurora. - **S3 Vectors** is referenced in GenAI scenarios as a Bedrock Knowledge Base vector store option. - **Cost Optimization Hub** replaces older question patterns about Trusted Advisor for right-sizing recommendations. - **Bedrock Provisioned Throughput** appears in cost-optimization scenarios as the steady-traffic alternative to on-demand. ## How we use this in our consulting Most of the architecture decisions covered in SAA-C03 — multi-AZ vs multi-region, Savings Plans strategy, KMS key design, VPC endpoint usage — show up in real engagements. Our [AWS Architecture Review](/services/aws-architecture-review/) is essentially a Well-Architected pass over the same six pillars the exam tests, just at a workload level instead of a question level. ## Exam Details - **Duration:** 130 minutes - **Questions:** 65 - **Passing score:** 720 / 1000 - **Cost:** $150 USD - **Format:** Multiple choice and multiple response - **Validity:** 3 years - **Recommended experience:** 1 year of hands-on AWS production experience designing solutions that use AWS services ## Exam Domains ### Design Secure Architectures (30%) - IAM users, groups, roles, identity providers; IAM policies, SCPs, permission boundaries - IAM Identity Center (formerly AWS SSO) for workforce SSO with external IdPs - AWS Organizations: OUs, account vending via Control Tower Account Factory - Encryption at rest with KMS — symmetric vs asymmetric keys, multi-region keys, customer-managed keys - Encryption in transit with ACM-issued certificates, ALB/NLB/CloudFront termination - Secrets Manager rotation patterns vs Parameter Store SecureString - VPC security: security groups, NACLs, VPC endpoints (Gateway and Interface), PrivateLink - AWS WAF (managed rule groups, rate-based rules, geo-match), Shield Standard vs Advanced - GuardDuty findings, Macie for S3 PII detection, Security Hub aggregation - Trade-offs: bastion host vs Systems Manager Session Manager (Session Manager wins) ### Design Resilient Architectures (26%) - Multi-AZ vs multi-region — when each is required (RPO/RTO targets, regulatory) - Auto Scaling groups: target tracking, predictive scaling, lifecycle hooks - Route 53 routing policies: weighted, latency-based, geolocation, failover, health checks - RDS Multi-AZ deployments vs read replicas; Aurora Global Database for sub-second cross-region replication - DynamoDB global tables, point-in-time recovery, on-demand backups - S3 Cross-Region Replication, Same-Region Replication, S3 Replication Time Control - Disaster recovery patterns: backup-restore, pilot light, warm standby, multi-site active-active - SQS dead-letter queues, retry policies, visibility timeout tuning - Step Functions for orchestrating retries and compensating transactions - Decoupling: SQS standard vs FIFO, EventBridge buses, SNS fan-out ### Design High-Performing Architectures (24%) - EBS volume types: gp3 (default), io2 Block Express for IOPS-critical, st1/sc1 for throughput - EFS performance modes (general purpose vs max I/O) and throughput modes - FSx for Lustre/Windows/NetApp ONTAP — when each is the right answer - CloudFront caching strategies, origin failover, Lambda@Edge vs CloudFront Functions - Global Accelerator for non-HTTP traffic that needs anycast routing - ElastiCache (Valkey/Redis OSS) vs DAX vs DynamoDB on-demand caching trade-offs - Aurora read replicas vs RDS read replicas (15 vs 5) - Aurora DSQL for distributed Postgres at scale (added in 2025 exam refresh) - Lambda concurrency: provisioned concurrency, reserved concurrency, SnapStart for Java/Python - API Gateway throttling, caching, usage plans ### Design Cost-Optimized Architectures (20%) - EC2 pricing: on-demand vs Savings Plans (Compute vs EC2 Instance) vs Reserved Instances vs Spot - Compute Savings Plans cover Lambda, Fargate, and EC2 — the most flexible option - S3 storage classes: Standard, Standard-IA, Intelligent-Tiering (default for unknown), Glacier Instant/Flexible/Deep Archive - S3 Lifecycle policies, Storage Lens for visibility - Right-sizing recommendations from Compute Optimizer and Cost Optimization Hub - Data transfer cost minimization: VPC endpoints, S3 Transfer Acceleration trade-offs, CloudFront for outbound - NAT Gateway cost — VPC Endpoint alternatives for AWS service traffic - Serverless cost model: pay-per-request vs provisioned - Bedrock cost levers: model selection, Prompt Caching, Provisioned Throughput, Batch Inference - AWS Budgets alerts and Cost Anomaly Detection --- *Source: https://www.factualminds.com/certifications/aws-solutions-architect-associate/*