The AWS Certified Solutions Architect Associate (SAA-C03) remains the single most valuable cloud certification for IT professionals in 2026. It validates your ability to design scalable, secure, and cost-optimized systems on AWS — and employers pay a premium for that skill set. With 65 questions across four domains in a 130-minute window, passing on your first attempt requires a structured study plan, hands-on labs, and exam-specific strategy. This guide covers exactly what changed, how each domain is weighted, which resources actually move the needle, and a week-by-week study plan that has helped thousands of candidates pass.
Key Points at a Glance
- SAA-C03 is the current exam version, with four domains: Security (30%), Resilience (26%), Performance (24%), Cost (20%)
- 65 questions, 130 minutes, 720/1000 passing score, costs $150 USD
- AWS recommends at least 1 year of hands-on experience designing cloud solutions
- Valid for 3 years; recertify by retaking the exam or earning Solutions Architect Professional
- Consistently ranked among the top-paying IT certifications globally
Exam Format and Scoring
The SAA-C03 exam is delivered through Pearson VUE testing centers or via online proctoring. You will face 65 questions — a mix of multiple-choice (single answer) and multiple-response (select all that apply). AWS does not disclose which questions are scored versus unscored, so treat every question as if it counts. The scoring model uses a scaled range of 100 to 1,000, and you need a minimum of 720 to pass.
The compensating scoring model means you do not need to pass each domain individually. A strong performance in one area can offset a weaker performance in another. However, relying on this is a risky strategy — the exam is designed to test breadth and depth across all four domains simultaneously.
If you are just starting your cloud certification journey, our AWS Cloud Practitioner study guide covers the foundational exam that AWS recommends as a prerequisite. For practice test resources across all major IT certifications, see our ranked list of the best practice tests for 2026.
You have 130 minutes to complete the exam, which breaks down to roughly 2 minutes per question. This feels generous until you encounter scenario-based questions that require reading a paragraph-long prompt, analyzing a diagram, and evaluating four possible solutions. Time management is critical. Mark difficult questions and revisit them after clearing the easier ones.
Domain 1: Design Secure Architectures (30%)
This is the highest-weighted domain on the exam, and for good reason. Every architecture decision on AWS has a security implication. AWS operates under the Shared Responsibility Model: AWS secures the infrastructure (physical servers, hypervisor, networking hardware), while you secure everything you deploy on top — data, access controls, encryption, network configuration, and application-level security.
Expect scenario-based questions testing your ability to design secure access patterns using IAM policies, roles, and resource-based policies. You need to understand when to use an IAM role versus an IAM user, how cross-account access works with IAM assume-role, and the principle of least privilege. Know the difference between identity-based policies and resource-based policies — this distinction trips up more candidates than almost any other concept.
Encryption is a recurring theme. Understand server-side encryption options for S3 (SSE-S3, SSE-KMS, SSE-C), how KMS key policies work, client-side encryption patterns, and the difference between symmetric and asymmetric KMS keys. Know when to use AWS Certificate Manager (ACM) for TLS termination versus managing your own certificates. Understand how AWS WAF, Shield, and GuardDuty fit into a defense-in-depth strategy.
For data classification, know the difference between public, private, and sensitive workloads. Understand how to implement data residency requirements using AWS Regions, and how Macie, Config, and CloudTrail support compliance monitoring. Be prepared to answer questions about VPC security groups versus network ACLs — know that security groups are stateful and evaluated at the instance level, while NACLs are stateless and evaluated at the subnet level.
Domain 2: Design Resilient Architectures (26%)
Resilience on AWS means designing systems that tolerate failures gracefully. The exam tests your ability to architect highly available and fault-tolerant solutions across multiple Availability Zones and Regions. Expect questions about Multi-AZ deployments for RDS, Auto Scaling groups with multiple AZs, and global acceleration patterns using Route 53 and CloudFront.
Understand the difference between high availability and disaster recovery. High availability means your system stays operational during normal failures — an AZ goes down, an instance fails, a database replica takes over. Disaster recovery means you can recover from catastrophic events — an entire Region becomes unavailable. Know the four DR strategies: backup and restore, pilot light, warm standby, and active-active. The exam often presents a scenario describing a business requirement (RPO and RTO targets) and asks which strategy fits best.
Loose coupling is a core architectural principle tested here. Know when to use Amazon SQS versus Amazon SNS for decoupling. Understand how to use Amazon EventBridge for event-driven architectures. Be ready to design solutions that isolate failures — circuit breakers, health checks, and failover routing in Route 53. Know how Amazon Aurora Global Database and DynamoDB Global Tables enable cross-region replication.
Infrastructure as Code (IaC) is part of resilience. Expect questions about using AWS CloudFormation or AWS CDK for repeatable, version-controlled deployments. Understand change sets, stack policies, and rollback mechanisms. The exam assumes you know that manual console clicks are not a valid production deployment strategy.
Domain 3: High-Performing Architectures (24%)
This domain covers choosing the right AWS services for performance requirements. It is the broadest domain, spanning compute, storage, databases, networking, and data processing. Expect scenario-based questions where you must compare multiple AWS services and select the best fit based on requirements like latency, throughput, durability, and access patterns.
For compute, know the difference between EC2 instance families (General Purpose, Compute Optimized, Memory Optimized, Accelerated Computing, Storage Optimized). Understand when to use AWS Lambda versus EC2 versus ECS/EKS versus Fargate. Know the concept of right-sizing — matching instance types to actual workload requirements rather than over-provisioning.
Storage comparison questions are guaranteed. Know when to use S3 Standard versus S3 Intelligent-Tiering versus S3 Standard-IA versus S3 Glacier. Understand EBS volume types (gp3, io2, st1, sc1) and when each is appropriate. Know how EFS works for shared file storage and how FSx provides Windows and Lustre file systems. Understand the S3 lifecycle policies for transitioning objects between storage classes.
Database selection is a major subtopic. Understand relational databases (RDS, Aurora), key-value stores (DynamoDB), document databases (DocumentDB), in-memory caches (ElastiCache), graph databases (Neptune), and time-series databases (Timestream). The exam frequently presents a scenario with specific access patterns and asks which database service is the best fit. Know Aurora’s architecture — separate storage layer, 6 copies across 3 AZs, automatic failover.
For networking, understand how VPCs, subnets, route tables, and internet gateways work together. Know Transit Gateway for hub-and-spoke network architectures. Understand AWS Direct Connect versus VPN for hybrid connectivity. Know how CloudFront uses edge locations and origin groups for content delivery.
Domain 4: Design Cost-Optimized Architectures (20%)
Cost optimization is about maximizing value per dollar spent. This domain tests your ability to identify wasteful spending and recommend efficient alternatives. Expect questions about Reserved Instances, Savings Plans, Spot Instances, and the AWS Pricing Calculator.
Know the difference between Reserved Instances (committed use for 1 or 3 years, specific instance type and Region) and Savings Plans (committed spend amount, flexible across instance types and Regions). Understand that Spot Instances offer up to 90% savings but can be interrupted with 2 minutes of notice. Know when Spot is appropriate (fault-tolerant workloads, batch processing, CI/CD) and when it is not (databases, production web servers).
The Well-Architected Framework’s cost optimization pillar is fair game. Understand the principles of cost-effective resource tagging, the AWS Cost and Usage Report, AWS Budgets for alerting, and Cost Explorer for trend analysis. Know that S3 lifecycle policies are a direct cost-saving mechanism — moving infrequently accessed data to cheaper storage tiers.
Expect scenario questions where a company is spending too much on EC2 and asks for recommendations. The correct answer often involves right-sizing instances, using Reserved Instances for steady-state workloads, using Auto Scaling to scale down during off-peak hours, and using Spot Instances for fault-tolerant tasks.
8-Week Study Plan That Works
This plan assumes roughly 10-12 hours of study per week. Adjust based on your existing AWS experience. If you already work with AWS daily, you can compress this to 4-5 weeks. If you are new to cloud, consider extending to 12 weeks.
Weeks 1-2: Foundations
Start with the official AWS SAA-C03 exam guide. Read every task statement and knowledge area. Then complete the AWS Skill Builder digital training for Solutions Architect Associate — it is free and covers all four domains with video lectures and knowledge checks. Set up a free tier AWS account and deploy basic resources: an EC2 instance, an S3 bucket with versioning, an RDS database, and a Lambda function.
Weeks 3-4: Deep Dive into Each Domain
Focus on one domain per week. Read AWS documentation pages for every service mentioned in the exam guide. Build hands-on labs: configure IAM roles with cross-account access, set up a Multi-AZ RDS deployment, create an S3 lifecycle policy, configure Auto Scaling with target tracking. Use AWS Builder Labs if you have access to Skill Builder — the guided labs simulate exam scenarios directly.
Weeks 5-6: Practice Exams and Gap Analysis
Take full-length practice exams from reputable sources. Tutorials Dojo, Udemy courses by Stephane Maarek or Neal Davis, and the official AWS practice exam on Skill Builder are all solid options. Review every wrong answer — not just the correct one, but why the other options are wrong. Build a weakness spreadsheet and prioritize studying the domains where you scored below 70%.
Weeks 7-8: Final Review and Exam Simulation
Revisit your weakness spreadsheet. Take 2-3 more practice exams targeting a score above 80%. Review the AWS Well-Architected Framework whitepapers for Security and Reliability pillars — direct exam questions come from these documents. The day before the exam, review your notes and get a full night of sleep. During the exam, read every question carefully — AWS loves subtle wording differences between “most cost-effective” and “most operationally efficient.”
Study Resources Ranked by Value
| Resource | Cost | Best For |
|---|---|---|
| AWS Skill Builder (Free Tier) | Free | Official content, exam-style questions |
| Stephane Maarek (Udemy) | $15-20 | Structured video course with labs |
| Tutorials Dojo | $20-40 | Practice exams with detailed explanations |
| AWS Builder Labs | $29/month | Hands-on guided labs in real AWS console |
| AWS Well-Architected Labs | Free | Practical application of framework principles |
| A Cloud Guru (Pluralsight) | $35/month | Broad coverage with labs and quizzes |
Common Exam Mistakes to Avoid
The number one mistake candidates make is studying theory without hands-on practice. You cannot pass SAA-C03 by memorizing service descriptions. The exam presents real-world scenarios where you must evaluate tradeoffs between multiple valid AWS services. If you have never created an S3 lifecycle policy or configured an Auto Scaling group, you will struggle with the scenario questions.
Another frequent mistake is ignoring the wording of the question. AWS exam questions are precise. “Most cost-effective” means the cheapest option that meets all requirements — not the most feature-rich. “Most operationally efficient” means the solution requiring the least management overhead. Read the last sentence of the prompt twice, because that sentence typically states the primary constraint.
Do not waste time memorizing every AWS service. Focus on the services listed in the exam guide. The exam tests depth in core services (EC2, S3, RDS, DynamoDB, Lambda, VPC, IAM, CloudFront, Route 53, CloudFormation, Auto Scaling) rather than breadth across the entire AWS portfolio.
Finally, avoid “brain dump” materials. These violate the AWS Certification Agreement, can result in a lifetime ban from all AWS certifications, and the questions they provide are often outdated or incorrect. Stick to legitimate practice exams from reputable providers.
What Comes After SAA-C03
Passing SAA-C03 opens several career paths. The natural progression is the AWS Certified Solutions Architect Professional (SAP-C02), which tests advanced architectural patterns across multiple accounts and complex distributed systems. If security is your focus, the AWS Certified Security Specialty (SCS-C02) validates deep expertise in AWS security services and incident response. For data-focused professionals, the AWS Certified Data Engineer Associate is a newer addition worth considering.
Regardless of which path you choose, SAA-C03 provides the foundational architecture knowledge that makes every other AWS certification easier. It forces you to think in terms of tradeoffs — cost versus performance, availability versus cost, security versus usability — which is exactly how solutions architects make decisions in real organizations.