AWS Solutions Architect Professional Exam Study Guide [SAP-C01]

AWS Solutions Architect Professional Exam Study Guide

Preparing for the AWS Solutions Architect Professional (SAP-C01) exam? Don’t know where to start? This post is the AWS Solutions Architect Professional Certificate Study Guide (with links to each objective in the exam domain).

I have curated a detailed list of articles from AWS documentation and other blogs for each objective of the AWS Certified Solutions Architect Professional (SAP-C01) exam. Please share the post within your circles so it helps them to prepare for the exam.

AWS Solutions Architect Professional [SAP-C01]

LinkedIn Learning (Free trial)AWS Solutions Architect Prof. [SAP-C01]
WhizlabsCertified Solutions Architect Professional Exam
PluralsightAWS Solutions Architect Professional Exam
UdemyAmazon Solutions Architect Professional

AWS Solutions Architect Prof. Practice Test

Whizlabs Exam QuestionsAWS Architect Prof. [400 questions & 10 labs]
Udemy Practice TestSolutions Architect Professional (300+ Qs)

Solutions Architect Professional Other Stuff

Udacity [Nanodegree]Become an Amazon Cloud Architect (AWS)
Amazon e-book (PDF)AWS Architect Professional (Complete Guide)

To view other AWS certificate study guides, click here.

Full Disclosure: Some of the links in this post are affiliate links. I receive a commission when you purchase through them.

Domain 1: Design for Organizational Complexity – 12.5%

1.1 Determine Cross-account Authentication and Access Strategy for Complex Organizations

Analyze the organizational structure

AWS organization and account structure

Best practices for Organizational Units with AWS Organizations

Evaluate the current authentication infrastructure

Unified authentication & authorization mechanisms

Authentication and access control

Analyze the AWS resources at an account level

AWS account management & separation

Managing AWS accounts in your organization

Determine an auditing strategy for authentication and access

AWS security audit guidelines

Identity & access management for AWS Audit Manager

1.2 Determine How to Design Networks for Complex Organizations

Outline an IP addressing strategy for VPCs

IP addressing in your VPC

EC2 instance IP addressing

VPC with public and private subnets

Determine DNS strategy

Simplify DNS management in a multi-account environment

Centralized DNS management of hybrid cloud

Choose the right DNS architecture for VMware cloud

Classify network traffic and security

Classifying network traffic

Traffic classification

Determine connectivity needs for hybrid environments

Hybrid connectivity whitepaper

Hybrid network connection

Determine a way to audit network traffic

Monitor instance traffic

Monitor VPC Flow Logs for abnormal traffic patterns

1.3 Determine How to Design a Multi-account AWS Environment for Complex Organizations

Determine how to use AWS Organizations

What are AWS Organizations?

Implementing AWS Organizations

Implement the most appropriate account structure for proper cost allocation, agility, and security

AWS account structure considerations



Recommend a central audit and event notification strategy

Centralized logging

S3 event notifications

Configure event notifications using the S3 console

Decide on an access strategy

Strategies for managing access to AWS resources

Best practices for managing AWS access keys

Domain 2: Design for New Solutions – 31%

2.1 Determine Security Requirements and Controls When Designing and Implementing a Solution

Implement infrastructure as code

Infrastructure as code

How to use infrastructure as code for automated environments?

Infrastructure as code on AWS

Determine prevention controls for large-scale web applications

Reduce unwanted traffic on your website with WAF bot control

Application protection on AWS

Protect your web applications using AWS Managed rules

Determine roles and responsibilities of applications

IAM roles

Use an IAM role to grant permissions to apps running on EC2 instances

Determine a secure method to manage credentials for the solutions/applications

Distribute, and rotate credentials securely

Store application credentials securely

Manage credentials in mobile applications

Enable detection controls and security services for large-scale applications

Detective controls

How do you detect & investigate security events?

Enforce host and network security boundaries

Enforce your AWS Network Firewall protections at scale

Enable encryption in transit and at rest

Encryption of data in transit

Protect data at rest with EC2 instance store encryption

Encrypt Amazon DocumentDB data at rest

2.2 Determine a Solution Design and Implementation Strategy to Meet Reliability Requirements

Design a highly available application environment

Design a highly available app on AWS

Deploy a high-availability PHP application

Determine advanced techniques to detect for failure and service recoverability

Troubleshoot instances with failed status checks

Troubleshoot an instance status check failure on an unreachable EC2 instance

Failure management

Determine processes and components to monitor and recover from regional service disruptions with regional failover

Implement multi-region disaster recovery with event-driven architecture

Large-scale disaster recovery with AWS regions

Cross-region DNS-based failover

2.3 Determine a Solution Design to Ensure Business Continuity

Architect an automated, cost-effective backup solution that supports business continuity across multiple AWS Regions

Design a backup & recovery solution

Implement a backup solution with AWS Storage Gateway

Automate centralized backup at scale across AWS services

Determine an architecture that provides application and infrastructure availability in the event of a service disruption

Prepare for an AWS outage with these preventative steps

High availability & scalability on AWS

Amazon’s approach to high-availability deployment

2.4 Determine a Solution Design to Meet Performance Objectives

Design internet-scale application architectures

Build high-performance, internet-scale apps with AWS database

How to build a scalable application up to 1 Million users on AWS?

Design an architecture for performance according to business objectives

Performance architecture selection

Optimize AWS architecture for performance efficiency

Apply design patterns to meet business objectives with caches, buffering, and replicas

Beyond caching: Advanced design patterns in Redis

Deep dive into ElastiCache architecture & design patterns

Design patterns for optimizing cost in S3

2.5 Determine a Deployment Strategy to Meet Business Requirements When Designing and Implementing a Solution

Determine resource provisioning strategy to meet business objectives

Resource provisioning using AWS services

Resource provisioning strategy for workflows in the cloud

AWS resource provisioning with attribute-based access control

Determine a migration process to change the version of a service

Upgrading OpenSearch & Elasticsearch

Upgrade an EC2 Windows instance to a newer version

Determine services to meet deployment strategy

AWS deployment services

Determine patch management strategy

Patch management overview

Software patching with AWS Systems Manager

Patching your EC2 instances

AWS Certified Solutions Architect Professional [SAP-C01] certificate exam

Amazon link (affiliate)

Domain 3: Migration Planning – 15%

3.1 Select Existing Workloads and Processes for Potential Migration to the Cloud

Complete an application migration assessment

Assessing migration readiness

Evaluating migration readiness

Classify applications according to the six Rs (re-host, re-platform, re-purchase, refactor, retire, and retain)

The 6 R’s: 6 application migration strategies

6 strategies for migrating apps to the cloud

3.2 Select Migration Tools and/Or Services for New and Migrated Solutions Based on Detailed AWS Knowledge

Select an appropriate database transfer mechanism

Best practices for AWS database migration service

AWS Database Migration Service

Select an appropriate data transfer service

Migrating data to AWS: Understand your options

Transfer files from on-premises to AWS without leaving your VPC

Introduction to new AWS services for data transfer

Select an appropriate data transfer target

Targets for data migration

Select an appropriate server migration mechanism

AWS Server Migration Service

Migrate Azure VM to AWS using AWS Server Migration Service

Migrate your Virtual Machines to AWS

Apply the appropriate security methods to the migration tools

Improve security as part of data center migrations

3.3 Determine a New Cloud Architecture for an Existing Solution

Evaluate business applications and determine the target cloud architecture

Evaluate modernization readiness for apps in AWS

Evaluate your applications | AWS prescriptive guidance

Target architecture

Target architecture | AWS prescriptive guidance

Break down the functionality of applications into services

Cloud products

Determine target database platforms

Targets for AWS DMS

Targets for data migration

3.4 Determine a Strategy for Migrating Existing on-premises Workloads to the Cloud

Determine the desired prioritization strategy of the organization

Prioritization | AWS prescriptive guidance

Prioritize a large-scale move to an open-source database

Prioritize migration order

Analyze data volume and rate of change to determine a data transfer strategy

Lift & shift to speed up your migration to AWS

Debug your AWS DMS migrations

Evaluate cutover strategies

Cutover | AWS prescriptive guidance

Cutover stage

The cutover: Moving your traffic to the cloud

Assess internal and external compliance requirements for a successful migration

Compliance validation for AWS Server Migration Service

Compliance validation for Application Migration Service

Domain 4: Cost Control – 12.5%

4.1 Select a Cost-effective Pricing Model for a Solution

Purchase resources based on usage requirements

AWS cost & usage report

What are AWS Cost and Usage reports?

Identify when to use different storage tiers

Amazon S3 storage classes

Using Amazon S3 storage classes

S3 intelligent-tiering adds archive access tiers

4.2 Determine Which Controls to Design and Implement That Will Ensure Cost Optimization

Determine an AWS-generated cost allocation tags strategy that allows mapping costs to business units

AWS-generated cost allocation tags

Using cost allocation tags

Organize your cost and usage data with AWS Cost Categories

Manage your costs with AWS Cost Categories

Determine a mechanism to monitor when underutilized resources are present

Launch resource optimization recommendations

Identifying underutilized EC2 instances

Determine a way to manage commonly deployed resources to achieve governance

Management and governance on AWS

Governance in the cloud: The right balance between agility & safety

Management and Governance

Define a way to plan costs that do not exceed the budget amount

Managing your costs with AWS Budgets

How to manage cost overruns in your AWS environment?

4.3 Identify Opportunities to Reduce Cost in an Existing Architecture

Distinguish opportunities to use AWS Managed Services

Introducing AWS Managed Services

How AWS Managed Services can benefit my business?

Determine which services are most cost-effective in meeting business objectives

Cost-effective resources

Optimizing your costs for AWS services

Optimize and save your IT costs

Domain 5: Continuous Improvement For Existing Solutions – 29%

5.1 Troubleshoot Solution Architectures

Assess an existing application architecture for deficiencies

Cloud security architecture assessment for AWS

Analyze application and infrastructure logs

What are Amazon CloudWatch Logs?

Analyzing log data with CloudWatch Logs Insights

Test possible solutions in a non-production environment

Test environments in AWS Device Farm

Create a dev/test environment on AWS

5.2 Determine a Strategy to Improve an Existing Solution for Operational Excellence

Determine the most appropriate logging and monitoring strategy

Building a monitoring strategy

Logging & monitoring strategy guide

Recommend the appropriate AWS offering(s) to enable configuration management automation

Configuration Management automation using AWS Systems Manager

Other articles related to Operational Excellence

Are you well-architected?

Operational excellence pillar whitepaper

What’s new in the Well-Architected Operational Excellence Pillar?

Towards Operational Excellence

Gaining Operational Excellence within AWS

Operational Excellence: Learn, Share, & Improve

5.3 Determine a Strategy to Improve the Reliability of an Existing Solution

Evaluate existing architecture to determine areas that are not sufficiently reliable

Reliability pillar | AWS well-architected framework

Remediate single points of failure

Remove single points of failure

Eliminating single points of failures on AWS

Enable data replication, self-healing, and elastic features and services

Replicating objects

Configure Amazon S3 replication

Build self-healing Infrastructure-as-Code

Use auto-healing to replace failed instances

Test the reliability of the new solution

Reliability | AWS well-architected framework

How do you test reliability?

Test Reliability

5.4 Determine a Strategy to Improve the Performance of an Existing Solution

Reconcile current performance metrics against performance targets

Monitoring performance with CloudWatch dashboard

Identify and examine performance bottlenecks

Troubleshoot performance bottlenecks within EC2 instances

Investigate performance issues with CodeGuru Profiler

Recommend and test potential remediation solutions

Test the automated remediation

Test the remediation solution

5.5 Determine a Strategy to Improve the Security of an Existing Solution

Evaluate AWS Secrets Manager strategy

Track changes to secrets stored in AWS Secrets Manager

Secrets Manager best practices

Monitor Secrets Manager secrets using AWS Config

Audit the environment for security vulnerabilities

Vulnerability reporting in Amazon Web Services

Biggest AWS Security vulnerabilities

Enable manual and/or automated responses to the detection of vulnerabilities

Resolve code vulnerabilities in CI/CD pipeline

5.6 Determine How to Improve the Deployment of an Existing Solution

Evaluate appropriate tooling to enable infrastructure as code

Infrastructure as Code on AWS

AWS Infrastructure as Code

AWS CloudFormation

Evaluate current deployment processes for improvement opportunities

Build end-to-end CD/CD pipelines in AWS

Test automated deployment and rollback strategies

Automated deployment

Verify the deployment

Test AWS CodeDeploy locally

Roll back a deployment with CodeDeploy

Roll back stack operations

This brings us to the end of the AWS Solutions Architect Professional (SAP-C01) Exam Preparation Study Guide

What do you think? Let me know in the comments section if I have missed out on anything. Also, I love to hear from you about how your preparation is going on!

In case you are looking for other AWS certificate exams study guides, check out this page

Get Updates on AWS Professional Exam

Want to be notified as soon as I post? Subscribe to the RSS feed / leave your email address in the subscribe section. Share the article to your social networks with the below links so it can benefit others.

Share the AWS Certified Professional Study Guide

You may also like