AWS Solutions Architect Associate Exam Study Guide [SAA-C02]

AWS Solutions Architect Associate Certificate Exam Study Guide

AWS Solutions Architect Preparation

Preparing for the AWS Solutions Architect Associate (SAA-C02) exam? Don’t know where to start? This post is the AWS Solutions Architect [Associate] Certificate Study Guide (with links to each objective in the exam domain).

I have curated a detailed list of articles from AWS documentation and other websites for each objective of the AWS Certified Solutions Architect [Associate] (SAA-C02) exam. Please share the post within your circles so it helps them to prepare for the exam.

Courses on AWS Solutions Architect Associate

LinkedIn Learning (Free trial)Learning Path for AWS Architect Prep
PluralsightSolutions Architect (with Practice Tests)
UdemyAWS Cert. Architect by Stephane Maarek

AWS Solutions Architect Associate Practice Test

Whizlabs Exam Questions[650 Questions + 42 Labs] for Architect Prep
Udemy Practice TestSolutions Associate Test (260 Questions)

Resources for AWS Solutions Architect Associate

Udacity NanodegreeBecome an AWS Cloud Architect
Amazon e-book (PDF)AWS Architect Associate Exam Notes

AWS Certified Solutions Architect Exam Questions

AWS Certified Solutions Architect - Associate Level Exam Questions

Check out all the other AWS certificate study guides

Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.

Domain 1: Design Resilient Architectures – 30%

1.1 Design a Multi-tier Architecture Solution

Determine a solution design based on access patterns

Common AWS access patterns for your workforce

Architectural patterns for data lakes on AWS

Identify your data access patterns

Analyze access patterns in Amazon WorkSpaces

Determine a scaling strategy for components used in a design

Scale your web app: one step at a time

Scaling on AWS part I: A Primer

Specify the scaling strategy

How do scaling plans work?

Select an appropriate database based on requirements

How to choose a database?

How do you select your database solution?

Select the right database for your application

Database architecture selection

Select an appropriate compute and storage service based on requirements

Compute service

Storage service

1.2 Design Highly Available and/or Fault-tolerant Architectures

Determine the amount of resources needed to provide a fault-tolerant architecture across Availability Zones


Achieving fault-tolerance & redundancy

Designing for fault-tolerance

Select a highly available configuration to mitigate single points of failure

High Availability on AWS

Remove single points of failure by using a High-Availability partition group

Eliminate single points of failure with High Availability clustering

Apply AWS services to improve the reliability of legacy applications when application changes are not possible

Demystify legacy migration options to AWS

Optimize a lift-and-shift for performance

Select an appropriate disaster recovery strategy to meet business requirements

Plan for disaster recovery

How do you plan for disaster recovery (DR)?

Disaster recovery options in the cloud

Disaster Recovery (DR) architecture on AWS

Identify key performance indicators to ensure the high availability of the solution

Measuring Availability in AWS

Example implementations for availability goals

Monitor your resources to ensure they are performing

AWS Monitoring: Metrics to watch out for

1.3 Design Decoupling Mechanisms Using AWS Services

Determine which AWS services can be leveraged to achieve loose coupling of components

Loosely coupled scenarios

Building loosely coupled, scalable apps with Amazon SQS & SNS

Decoupling with SQS, SimpleDB, & SNS

Determine when to leverage serverless technologies to enable decoupling

Decouple larger applications with EventBridge

Decoupled serverless scheduler to run HPC apps

1.4 Choose Appropriate Resilient Storage

Define a strategy to ensure the durability of data

Data protection in Amazon S3

Amazon S3 Reduced Redundancy Storage (RRS)

Backup and data protection solutions

Strategies to ensure data durability

Identify how data service consistency will affect the operation of the application

Consistency model

Managing data consistency

Architect data quality on the AWS Cloud

DAX and DynamoDB consistency models

Select data services that will meet the access requirements of the application

Data Lakes and analytics on AWS

Best practices for securing sensitive data in AWS data stores

Identify storage services that can be used with hybrid or non-cloud-native applications

Storage services for hybrid cloud

AWS Certified Solutions Associate

Amazon link (affiliate)

Domain 2: Design High-performing Architectures – 28%

2.1 Identify Elastic and Scalable Compute Solutions for a Workload

Select the appropriate instance(s) based on Compute, storage, and networking requirements

Choosing the right EC2 instance type for your application

Determine appropriate EC2 instance type for your workload

Get recommendations for an instance type

Choose the appropriate architecture and services that scale to meet performance requirements

How do you select the best-performing architecture?

Compute architecture selection

Optimize performance for your AWS compute

Identify metrics to monitor the performance of the solution

Using Amazon CloudWatch metrics

Monitoring performance with CloudWatch dashboards

Monitor performance of Amazon ECS applications

2.2 Select High-performing and Scalable Storage Solutions for a Workload

Select a storage service and configuration that meets performance demands

Storage architecture selection

Performance Efficiency design principles

How do you select your storage solution?

Determine storage services that can scale to accommodate future needs

Object storage

Block storage

File system storage

Amazon Elastic File System

Amazon FSx

Archival storage

Other Storage solutions for high-performance

S3 Transfer Acceleration

2.3 Select High-performing Networking Solutions for a Workload

Select appropriate AWS connectivity options to meet performance demands

Network-to-Amazon VPC connectivity options

Amazon VPC-to-Amazon VPC connectivity options

Software remote access-to-Amazon VPC connectivity options

Select appropriate features to optimize connectivity to AWS public services

How do you configure your networking solution?

Network architecture selection

Optimizing latency and bandwidth for AWS Traffic

Achieve up to 60% better performance with Global Accelerator

Determine an edge caching strategy to provide performance benefits

How caching works with CloudFront edge locations?

Define your caching strategy

Improving the cache hit ratio

Select appropriate data transfer service for migration and/or ingestion

AWS DataSync

Migration and transfer

Top 10 data migration best practices

Migrating data to AWS: understanding your options

Easily ingest data into AWS

Other AWS networking services for building high-performing networking solutions are:

AWS Global Accelerator

AWS Direct Connect

Establishes a dedicated network connection from the on-premises network to the cloud

AWS Direct Connect (for connecting to the on-premises network)

Connect your data center to AWS with Direct Connect

AWS Virtual Private Network

AWS VPN connections extend your on-premises networks to the cloud. Similar to Direct Connect. But VPNs use IPSec (with the help of the Internet) to connect your network with AWS. Whereas Direct Connect uses a dedicated private network to establish connections (does not use the Internet). Similar to Express Route if you come from the Azure world.

Getting started – AWS Site-to-Site VPN

Improve VPN Network Performance with Global Accelerator

Troubleshoot low bandwidth issues on my VPN connection

AWS Transit Gateway

A cloud router. It connects multiple VPCs in your account with the on-premises network (if needed) with a central hub. Replaces many 1-1 connections between the VPCs.

AWS Transit Gateway

Scaling VPN throughput using AWS Transit Gateway

Increasing bandwidth between VPCs by using Transit Gateway

AWS CloudFront

CloudFront is a Content Delivery Network (CDN). It stores a copy of your website assets in different edge locations around the world. When a user requests a resource, it is served from the nearest edge location, thereby reducing latency.

Amazon CloudFront

Improve your website performance with CloudFront

Amazon S3+CloudFront: A match made in the Cloud

AWS Outposts

For running AWS infrastructure and other services in an on-premises environment. So you needn’t move your sensitive data to the cloud. You move the cloud to the location of your data.

What are AWS Outposts?

AWS Outposts: A deep-dive

AWS Local Zones

AWS Wavelength

Move AWS services to the edge of the 5G network, so traffic from 5G devices can reach servers in Wavelength Zones.

Introduction to AWS Wavelength

AWS Wavelength for delivering ultra-low latency apps for 5G

Use Wavelength to deliver apps that require ultra-low latency

2.4 Choose High-performing Database Solutions for a Workload

Select an appropriate database scaling strategy

Database scaling strategies for startups

Scaling your application with AWS Relational Databases

Auto-scaling a MySQL database to meet fluctuating demand

Managing scaling for Aurora DB clusters

Determine when database caching is required for performance improvement

Database caching

Database caching strategies using Redis

Boost MySQL DB performance with ElastiCache for Redis

Caching for performance with ElastiCache

Choose a suitable database service to meet performance needs

How do you select your database solution?

How to choose the right database?

AWS databases: How to choose the right one?

Other articles for understanding how to choose high-performing database solutions

Relational databases

Simple stuff, data tables related to each other via primary-foreign key relationships. A great fit for transactions (OLTP) in the financial world.

What is Amazon Aurora?

Amazon Redshift

Key-value database

A type of NoSQL database (not only SQL). The unique identifier is the key. The value can be any data structure. It is widely used by web applications for storing user session details.

What is Amazon DynamoDB?

Best practices for designing and architecting with DynamoDB

Amazon DynamoDB: Performance & cost optimization at any scale

In-memory databases

A database that’s housed in memory (RAM) instead of the disk. So it is volatile (you lose all data on failure) but gives you faster response times. Widely used in BI applications, so the user can drill down/up or filter the report across dimensions with minimal latency.

Amazon ElastiCache for Redis

Amazon ElastiCache for Memcached

Document database

Data is stored in JSON-like documents. Used when the data is not relational. For example, scanned images, PDF files, etc., In manufacturing aircraft, different parts have a different number of attributes. Storing the information in the Document database can accommodate for the potential increase in the attributes required. 

Amazon DocumentDB performance

Best practices for Amazon DocumentDB

Graph database

A graph database is best used to describe relationships between entities. These databases consist of nodes (store data entities) and edges (store relationships between entities). They are mostly used in recommendation engines in e-commerce and social media applications.

Amazon Neptune

Performance and Scaling in Amazon Neptune

Time-series database

Used for monitoring software/financial/physical systems like equipment & machinery where there is a heavy dependence on time.

Wikipedia: Time series database

Amazon Timestream

Ledger database

Databases that are immutable (you cannot update a customer’s address, just add a new record) & with a cryptographically verifiable log. Used where an accurate description of history is required. For example, GDPR, tracking Credit/debit history in banking transactions.

Do I need a Ledger database? What is it?

Amazon Quantum Ledger Database (QLDB)

Database caching for high performance

Domain 3: Design Secure Applications and Architectures – 24%

3.1 Design Secure Access to AWS Resources

Determine when to choose between users, groups, and roles

IAM Identities (users, user groups, and roles)


When should you use AWS IAM roles vs. users?

Interpret the net effect of a given access policy

Understanding the IAM policy grammar

Policy summaries make understanding IAM policies easier

Policy evaluation logic

Select appropriate techniques to secure a root account

Best practices for securing AWS account

Secure AWS account root user

Determine ways to secure credentials using features of AWS IAM

Manage user credentials

AWS Identity & Access Management (IAM) features

Best practices for managing AWS access keys

Determine the secure method for an application to access AWS APIs

Control & manage access to a REST API

Evaluate access control methods to secure APIs

Control access to an API with IAM permissions

Select appropriate services to create traceability for access to AWS resources

Tracing S3 requests using AWS X-Ray

Track which users are accessing your S3 buckets

Security Pillar: AWS well-architected framework

AWS security design principles

Other approaches for securing access to AWS resources

a. Secure access credentials

AWS Security Token Service

Generates temporary security credentials that are limited in privileges and in duration. Enables you to provide access to users without creating AWS identities.

IAM Instance profiles

b. Principle of least privileges

Granting least privileges in AWS

Defining least-privileged permissions for actions by AWS services

Remove unnecessary credentials

AWS Organizations

Organize several accounts into groups to create an organizational structure. Apply policies to individual organizational units or the entire organization.

3.2 Design Secure Application Tiers

Given traffic control requirements, determine when and how to use security groups and network ACLs

Security groups for your VPC

Security group rules for different use cases

Control network traffic with security groups

Security Group scenario

Determine a network segmentation strategy using public and private subnets

Improving security in the cloud with micro-segmentation

Making a case for network segmentation in AWS

Build a modular & scalable virtual network architecture

Select the appropriate routing mechanism to securely access AWS service endpoints or internet-based resources from Amazon VPC

Choosing a routing policy

VPC endpoints in Amazon VPC

Example routing options

Internet routing & traffic engineering

Select appropriate AWS services to protect applications from external threats

Protecting from external threats

How do you protect your network resources?

AWS Web Application Firewall

Other important articles for securing application tiers

Building three-tier architectures with security groups

Three Tier Architecture for Web Applications in AWS

Secure an AWS Three-tier Web Architecture

3.3 Select Appropriate Data Security Options

Determine the policies that need to be applied to objects based on access patterns

Access policy guidelines

User policy examples

Select appropriate encryption options for data at rest and in transit for AWS services

Encryption options

How to protect data at rest?

Encrypting data-at-rest and -in-transit

How do you protect your data in transit?

Select appropriate key management options based on requirements

Key Management Service in AWS

What is AWS Secrets Manager?

What Is AWS CloudHSM?

AWS Parameter Store

Different approaches to consider for data security in AWS

a. Data Classification

Analyzing and organizing data based on criticality and sensitivity so that appropriate data protection controls can be applied. For example, if you store sensitive data in your S3 buckets, then you can classify such objects with the help of object tagging.

Tagging your Amazon EC2 resources

Amazon S3 object tagging

b. Encryption/Tokenization

Encryption transforms the sensitive content into a form that is unreadable to the hacker without the secret key (the reverse process is decryption).

Tokenization defines a token to represent a sensitive piece of information.

A Deep Dive into AWS Encryption Services

Protect data using server-side encryption

Protect data using client-side encryption

c. Secure data at rest

Amazon EBS

Amazon Glacier:

Data encryption at rest for Amazon Glacier

d. Secure data in transit

e. Backup/replicate/recover your data

Amazon S3

Domain 4: Design Cost-optimized Architectures – 18%

4.1 Identify Cost-effective Storage Solutions

Determine the most cost-effective data storage options based on requirements

Cost-effective data management

Manage, analyze, & reduce storage costs

Optimizing storage costs using Amazon S3

Optimize Amazon S3 Storage

5 Ways to reduce data storage costs using S3 Storage Lens

Apply automated processes to ensure that data over time is stored on storage tiers that minimize costs

S3 intelligent-tiering storage class

Amazon S3 intelligent-tiering automates storage cost savings

Intelligent-tiering adds automatic archiving

Cost optimization with S3 intelligent tiering

Cost-effective techniques for other AWS services

AWS storage optimization whitepaper

Amazon S3

Amazon Elastic Block Store

4.2 Identify Cost-effective Compute and Database Services

Determine the most cost-effective Amazon EC2 billing options for each aspect of the workload

Understand Amazon EC2 instance-hours billing

Avoiding unexpected charges

Select the best pricing model

Per-second billing for EC2 instances & EBS volumes

Billing management and cost control

Determine the most cost-effective database options based on requirements

Reduce database cost when you migrate to the cloud

Amazon RDS

Amazon Aurora

Amazon Redshift

Amazon DynamoDB

Select appropriate scaling strategies from a cost perspective

Optimizing costs as you scale on AWS

Optimize costs with Auto Scaling

Performance and cost optimization at any scale

Select and size compute resources that are optimally suited for the workload

Right Sizing

AWS Compute Optimizer

Provisioning instances to match workloads

Determine options to minimize total cost of ownership (TCO) through managed services and serverless architectures

TCO & cost optimization: Best practices for managing usage on AWS

Reduce TCO for your Linux file-based apps

Modernization your apps, and reduce TCO

Determine the TCO of serverless technologies

4.3 Design Cost-optimized Network Architectures

Identify when content delivery can be used to reduce costs

How to reduce Amazon Cloudfront costs?

Reduce data transfer costs with CloudFront

Reduce Amazon Cloudfront costs

Determine strategies to reduce data transfer costs within AWS

Use Cost Explorer to analyze data transfer costs

Reduce data transfer costs

Reduce unexpected data transfer costs

Solving hidden network transfer costs

Determine the most cost-effective connectivity options between AWS and on-premises environments

How to connect your data center to AWS?

AWS Direct Connect pricing

Connect On-premises to AWS cloud

This brings us to the end of the AWS Solutions Architect [Associate] (SOA-C02) Exam Preparation Study Guide

What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!

In case you are preparing for other AWS certification exams, check out the AWS study guides for those exams.

Get Updates on AWS Certified Solutions Architect

Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.

Share the AWS Certified Solutions Architect Guide

You may also like