SOA-C03 Preparation Details
Preparing for the SOA-C03 AWS Certified CloudOps Engineer Associate certification exam? Start here with a complete, objective-wise SOA-C03 study guide designed to help you pass faster.
This guide brings together official AWS documentation, key concepts, and curated resources for every SOA-C03 exam objective, making it ideal for both beginners and last-minute revision.
Looking for the best SOA-C03 preparation resources in one place? This page covers everything you need to get exam-ready with confidence.
If this helped you, share it with others preparing for the SOA-C03 certification exam.
AWS CloudOps Engineer Prep
| Coursera | Exam Prep: AWS Certified CloudOps Engineer Specialization |
| Udemy | AWS Certified CloudOps Engineer Associate SOA-C03 |
Content Domain 1: Monitoring, Logging, Analysis, Remediation, and Performance Optimization (22% of scored content)
Task 1.1: Implement metrics, alarms, and filters by using AWS monitoring and logging services
Skill 1.1.1: Configure AWS monitoring and logging by using AWS services (for example, Amazon CloudWatch, AWS CloudTrail, Amazon Managed Service for Prometheus)
What is Amazon Managed Service for Prometheus?
AWS CloudTrail or Amazon CloudWatch? – AWS Decision Guides
Skill 1.1.2: Configure and manage the CloudWatch agent to collect metrics and logs from Amazon EC2 instances, Amazon ECS clusters, or Amazon EKS clusters
Collect metrics, logs, and traces using the CloudWatch agent
Collect metrics from Amazon ECS using Container Insights
Collect metrics from Amazon EKS and Kubernetes clusters using Container Insights
Set up and configure Prometheus metrics collection on Amazon EC2 instances
Skill 1.1.3: Configure, identify, and troubleshoot CloudWatch alarms that can invoke AWS services directly or through Amazon EventBridge (for example, by creating composite alarms and identifying their invokable actions)
Using Amazon CloudWatch alarms
Composite alarms – Amazon CloudWatch
Troubleshoot Amazon CloudWatch alarms
Skill 1.1.4: Create, implement, and manage customizable and shareable CloudWatch dashboards that display metrics and alarms for AWS resources across multiple accounts and AWS Regions
Using Amazon CloudWatch dashboards
Create a cross-account cross-Region dashboard
Share your CloudWatch dashboards
Skill 1.1.5: Configure AWS services to send notifications to Amazon SNS and to invoke alarms that send notifications to Amazon SNS
What is Amazon Simple Notification Service?
Set up Amazon SNS notifications
Alarm actions – Amazon CloudWatch
Task 1.2: Identify and remediate issues by using monitoring and availability metrics
Skill 1.2.1: Analyze performance metrics and automate remediation strategies by using AWS services and functionality (for example, CloudWatch, AWS User Notifications, AWS Lambda, AWS Systems Manager, CloudTrail, auto scaling)
AWS User Notifications User Guide
AWS Systems Manager Automation
Skill 1.2.2: Use EventBridge to route, enrich, and deliver events, and troubleshoot any issues with event bus rules
Amazon EventBridge event buses
Troubleshoot Amazon EventBridge
Skill 1.2.3: Create or run custom and predefined Systems Manager Automation runbooks (for example, by using AWS SDKs or custom scripts) to automate tasks and streamline processes on AWS
AWS Systems Manager Automation
Systems Manager Automation Runbook Reference
Run automations based on EventBridge events – AWS Systems Manager
Sample scenarios: Systems Manager targets in Amazon EventBridge rules
Task 1.3: Implement performance optimization strategies for compute, storage, and database resources
Skill 1.3.1: Optimize compute resources and remediate performance problems by using performance metrics, resource tags, and AWS tools
Monitor your Amazon EC2 instances
AWS Compute Optimizer User Guide
Tagging your Amazon EC2 resources
Skill 1.3.2: Analyze Amazon EBS performance metrics, troubleshoot issues, and optimize volume types to improve performance and reduce cost
Monitor the status of your volumes – Amazon EBS
AWSSupport-CalculateEBSPerformanceMetrics – Systems Manager Automation Runbook Reference
Amazon CloudWatch metrics for Amazon EBS
Skill 1.3.3: Implement and optimize Amazon S3 performance strategies (for example, AWS DataSync, S3 Transfer Acceleration, multipart uploads, S3 Lifecycle policies) to enhance data transfer, storage efficiency, and access patterns
Best practices design patterns: Optimizing Amazon S3 performance
Uploading and copying objects using multipart upload – Amazon S3
Setting lifecycle configuration on a bucket – Amazon S3
Skill 1.3.4: Evaluate and select shared storage solutions (for example, Amazon EFS, Amazon FSx), and optimize the solutions (for example, EFS lifecycle policies) for specific use cases and requirements
What is Amazon Elastic File System?
Amazon EFS lifecycle management
Choosing an AWS storage service – AWS Decision Guides
Skill 1.3.5: Monitor Amazon RDS metrics (for example, Amazon RDS Performance Insights, CloudWatch alarms), and modify configurations to increase performance efficiency (for example, Performance Insights proactive recommendations, RDS Proxy)
Using Amazon RDS Performance Insights
Monitoring metrics in an Amazon RDS instance
CloudWatch metrics for Amazon RDS
Skill 1.3.6: Implement, monitor, and optimize EC2 instances and their associated storage and networking capabilities (for example, EC2 placement groups)
Placement groups for your EC2 instances
Monitor your Amazon EC2 instances
Enhanced networking on Linux instances
Content Domain 2: Reliability and Business Continuity (22% of scored content)
Task 2.1: Implement scalability and elasticity
Skill 2.1.1: Configure and manage scaling mechanisms in compute environments
Auto Scaling groups – Amazon EC2 Auto Scaling
Dynamic scaling for Amazon EC2 Auto Scaling
Application Auto Scaling User Guide
Skill 2.1.2: Implement caching by using AWS services to enhance dynamic scalability (for example, Amazon CloudFront, Amazon ElastiCache)
Caching overview – Amazon CloudFront
Skill 2.1.3: Configure and manage scaling in AWS managed databases (for example, Amazon RDS, Amazon DynamoDB)
Using Amazon Aurora Auto Scaling with Aurora Replicas
Managing throughput capacity with DynamoDB auto scaling
Multi-AZ DB cluster deployments – Amazon RDS
Task 2.2: Implement highly available and resilient environments
Skill 2.2.1: Configure and troubleshoot Elastic Load Balancing (ELB) and Amazon Route 53 health checks
What is Elastic Load Balancing?
Configure health checks for your target group – Elastic Load Balancing
Types of Amazon Route 53 health checks
Troubleshoot a Classic Load Balancer
Skill 2.2.2: Configure fault-tolerant systems (for example, Multi-AZ deployments)
High availability (Multi-AZ) for Amazon RDS
REL11-BP02 Fail over to healthy resources – Reliability Pillar
Reliability Pillar – AWS Well-Architected Framework
Task 2.3: Implement backup and restore strategies
Skill 2.3.1: Automate snapshots and backups for AWS resources (for example, EC2 instances, RDS DB instances, Amazon EBS volumes, Amazon S3 buckets, DynamoDB tables) by using AWS services (for example, AWS Backup)
Getting started with AWS Backup
Skill 2.3.2: Use various methods to restore databases (for example, point-in-time restore) to meet RTO, RPO, and cost requirements
Restoring a DB instance to a specified time – Amazon RDS
Point-in-time recovery for DynamoDB
Disaster Recovery of Workloads on AWS – AWS Whitepaper
Skill 2.3.3: Implement versioning for storage services (for example, Amazon S3, Amazon FSx)
Using versioning in S3 buckets
Enabling versioning on buckets – Amazon S3
Protecting data with backups – Amazon FSx for Windows File Server
Skill 2.3.4: Follow disaster recovery procedures
Disaster Recovery of Workloads on AWS – AWS Whitepaper
REL13-BP01 Define recovery objectives for downtime and data loss – Reliability Pillar
Content Domain 3: Deployment, Provisioning, and Automation (22% of scored content)
Task 3.1: Provision and maintain cloud resources
Skill 3.1.1: Create and manage AMIs and container images (for example, Amazon EC2 Image Builder)
What is Image Builder? – EC2 Image Builder
Amazon Machine Images (AMI) – Amazon EC2
Skill 3.1.2: Create and manage stacks of resources by using AWS CloudFormation and the AWS Cloud Development Kit (AWS CDK)
Getting started with the AWS CDK
Working with stacks – AWS CloudFormation
Nested stacks – AWS CloudFormation
Skill 3.1.3: Identify and remediate deployment issues (for example, subnet sizing issues, CloudFormation errors, permissions issues)
Troubleshooting CloudFormation
Troubleshooting CloudFormation StackSets
Troubleshooting common AWS CDK issues
Skill 3.1.4: Provision and share resources across multiple AWS Regions and accounts (for example, AWS Resource Access Manager [AWS RAM], CloudFormation StackSets)
What is AWS CloudFormation StackSets?
What is AWS Resource Access Manager?
Working with AWS CloudFormation StackSets
Skill 3.1.5: Implement deployment strategies and services
CodeDeploy deployment configurations
What is AWS Elastic Beanstalk?
Blue/green deployments on AWS – AWS Whitepaper
Skill 3.1.6: Use and manage third-party tools to automate resource deployment (for example, Terraform, Git)
Use Terraform with AWS Systems Manager
AWS CDK and Terraform comparison – AWS Prescriptive Guidance
Source control integrations for AWS CodePipeline
Task 3.2: Automate the management of existing resources
Skill 3.2.1: Use AWS services to automate operational processes (for example, AWS Systems Manager)
AWS Systems Manager Automation
AWS Systems Manager Run Command
AWS Systems Manager Patch Manager
Skill 3.2.2: Implement event-driven automation by using AWS services and features (for example, AWS Lambda, Amazon S3 Event Notifications)
Using AWS Lambda with Amazon S3
Content Domain 4: Security and Compliance (16% of scored content)
Task 4.1: Implement and manage security and compliance tools and policies
Skill 4.1.1: Implement AWS Identity and Access Management (IAM) features (for example, password policies, multi-factor authentication [MFA], roles, federated identity, resource policies, policy conditions)
Security best practices in IAM
Policies and permissions in AWS Identity and Access Management
Using multi-factor authentication (MFA) in AWS
IAM roles – AWS Identity and Access Management
Skill 4.1.2: Troubleshoot and audit access issues by using AWS tools (for example, AWS CloudTrail, IAM Access Analyzer, IAM policy simulator)
IAM Access Analyzer policy generation
Testing IAM policies with the IAM policy simulator
Skill 4.1.3: Implement multi-account strategies securely
What is AWS IAM Identity Center?
Service control policies (SCPs)
Skill 4.1.4: Implement remediation based on the results of AWS Trusted Advisor security checks
AWS Trusted Advisor security checks
Skill 4.1.5: Enforce compliance requirements (for example, AWS Region and service selections)
Service control policies (SCPs)
Task 4.2: Implement strategies to protect data and infrastructure
Skill 4.2.1: Implement and enforce a data classification scheme
Data tagging best practices – AWS Prescriptive Guidance
AWS Privacy Reference Architecture – AWS Prescriptive Guidance
Skill 4.2.2: Implement, configure, and troubleshoot encryption at rest (for example, AWS Key Management Service [AWS KMS])
AWS Key Management Service Developer Guide
Choosing an AWS cryptography service – AWS Decision Guides
Troubleshooting key access – AWS KMS
Skill 4.2.3: Implement, configure, and troubleshoot encryption in transit (for example, AWS Certificate Manager [ACM])
What is AWS Certificate Manager?
Issuing and managing certificates – AWS Certificate Manager
Troubleshoot certificate request issues – AWS Certificate Manager
Skill 4.2.4: Securely store secrets by using AWS services
AWS Systems Manager Parameter Store
Choose between Secrets Manager and Parameter Store – AWS Decision Guides
Skill 4.2.5: Configure reports and remediate findings from AWS services (for example, AWS Security Hub, Amazon GuardDuty, AWS Config, Amazon Inspector)
Automated response and remediation – AWS Security Hub
Content Domain 5: Networking and Content Delivery (18% of scored content)
Task 5.1: Implement and optimize networking features and connectivity
Skill 5.1.1: Configure a VPC (for example, subnets, route tables, network ACLs, security groups, NAT gateways, internet gateway, egress-only internet gateway)
Subnets for your VPC – Amazon VPC
Route tables for your VPC – Amazon VPC
Security groups for your VPC – Amazon VPC
Skill 5.1.2: Configure private networking connectivity
Skill 5.1.3: Audit AWS network protection services (for example, Amazon Route 53 Resolver DNS Firewall, AWS WAF, AWS Shield, AWS Network Firewall) in a single account
What are AWS WAF, AWS Shield Advanced, and AWS Firewall Manager?
Using DNS Firewall to filter outbound DNS traffic – Amazon Route 53
Skill 5.1.4: Optimize the cost of network architectures
Reduce costs with Amazon CloudFront
Building a Scalable and Secure Multi-VPC AWS Network Infrastructure – AWS Whitepaper
Task 5.2: Configure domains, DNS services, and content delivery
Skill 5.2.1: Configure DNS (for example, Route 53 Resolver)
What is Route 53 VPC Resolver?
Forwarding outbound DNS queries to your network – Amazon Route 53
Forwarding inbound DNS queries from your network – Amazon Route 53
Skill 5.2.2: Implement Route 53 routing policies, configurations, and query logging
Choosing a routing policy – Amazon Route 53
Public DNS query logging – Amazon Route 53
Configuring VPC Resolver query logging – Amazon Route 53
Skill 5.2.3: Configure content and service distribution (for example, Amazon CloudFront, AWS Global Accelerator)
What is AWS Global Accelerator?
CloudFront distributions – Amazon CloudFront
Task 5.3: Troubleshoot network connectivity issues
Skill 5.3.1: Troubleshoot VPC configurations (for example, subnets, route tables, network ACLs, security groups, transit gateways, NAT gateways)
Troubleshoot EC2 network connectivity issues – Amazon VPC
Troubleshoot NAT gateways – Amazon VPC
Transit Gateway troubleshooting
Network Access Analyzer – Amazon VPC
Skill 5.3.2: Collect and interpret networking logs to troubleshoot issues (for example, VPC flow logs, ELB access logs, AWS WAF web ACL logs, CloudFront logs, container logs)
Publish flow logs to Amazon CloudWatch Logs – Amazon VPC
Access logs for your Classic Load Balancer
Configuring and using standard logs (access logs) in Amazon CloudFront
Logging web ACL traffic – AWS WAF
Skill 5.3.3: Identify and remediate CloudFront caching issues
Optimizing caching and availability – Amazon CloudFront
CloudFront cache statistics – Amazon CloudFront
Skill 5.3.4: Identify and troubleshoot hybrid connectivity issues and private connectivity issues
Troubleshoot your customer gateway device – AWS Site-to-Site VPN
Troubleshooting AWS Direct Connect
Troubleshooting PrivateLink connections – Amazon VPC
Skill 5.3.5: Configure and analyze Amazon CloudWatch network monitoring services
What is Amazon CloudWatch Network Monitor?
Using VPC Flow Logs – Amazon CloudWatch
Amazon CloudWatch Internet Monitor
This brings us to the end of the SOA-C03 AWS Certified CloudOps Engineer Associate exam study guide.
What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you how your preparation is going on!
In case you are preparing for other AWS certification exams, check out the AWS study guides for those exams.
Follow Me to Receive Updates on SOA-C03 Exam
Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.
