AWS Solutions Architect Associate SAA-C03 Complete Guide — 4 Domains and the 3-Month Learning Roadmap

AWS Solutions Architect Associate SAA-C03 is the most popular AWS certification globally and the gateway exam for any cloud architecture career. The leap from CLF-C02 to SAA-C03 is significant — design judgment, not service knowledge alone — so a structured 3-month roadmap is the difference between passing on the first try and burning out. This article walks through the 4 domains, study materials, design scenario examples, and the month-by-month learning plan.

With CLF-C02 Domain 4 (published 2026-05-29) finishing the foundation, this article launches the next tier — SAA-C03.

Why SAA-C03 Is the Gateway AWS Certification

Among the 12 AWS certifications, SAA-C03 has the most holders worldwide and ranks consistently among the highest-paying IT certifications. The reason is clear: AWS Solutions Architect is the highest-demand job role, and SAA-C03 is the most efficient credential to enter or accelerate that career.

The technical scope is also pivotal. SAA-C03 requires synthesis across compute, storage, network, database, and security — the full breadth of AWS architecture. Mastering SAA-C03 unlocks all higher-tier exams (SAP-C02 Professional, Specialty certifications) since they all build on this foundation.

The CLF-C02 Difficulty Gap — 5x to 10x the Study Load

The biggest difference is “the length and design-judgment complexity of each question.” CLF-C02 asks “What does Service A do?” SAA-C03 asks “In the following scenario, which architecture maximizes cost efficiency while ensuring high availability?” Each scenario is 5–8 lines, and the four answer choices all describe valid AWS architectures — the question is which is most optimal.

For working professionals, planning 3 months at 1 hour per day (about 90 hours total) is realistic. Adding 30 hours of hands-on lab time brings the total to a comfortable 120 hours. Avoid trying to compress this into 1 month — design judgment is built through repeated scenario practice, which requires time.

The Exact Numbers of the SAA-C03 Exam Specification

2 minutes per question is the standard pacing. 65 × 2m = 130 minutes — exactly the time available, with zero slack. Mark difficult questions with Flag for Review and revisit them at the end. Reading time per question is significant (long scenarios), so practice reading speed is important.

Domain 1: Design Secure Architectures (30%)

The highest-weighted domain at 30% (about 15 questions). Topics include IAM design (least privilege, Roles, Identity Federation), encryption (KMS, CloudHSM), network security (VPC design, NACL, SG, AWS Network Firewall), and audit / compliance (CloudTrail, Config, GuardDuty).

The classic SAA-C03 question pattern: “Application X needs to access an S3 bucket. Choose the most secure option.” (A) Embed access keys in code, (B) Use IAM Roles via Instance Profile, (C) Use root account credentials, (D) Make the bucket public. The answer is (B). SAA-C03 doesn’t just ask “what’s secure” but “what’s the most secure pattern” — least privilege + temporary credentials + Roles is the consistent answer.

Cross-account access patterns are exam-critical. Multi-account organizations using Organizations + IAM Identity Center + Cross-Account Roles for centralized identity management is the canonical pattern. KMS encryption with Customer Managed Keys and key rotation policies are also high-frequency topics.

Domain 2: Design Resilient Architectures (26%)

Second-highest weight at 26% (about 13 questions). High availability, fault tolerance, disaster recovery, and decoupling are the major themes. Multi-AZ deployments, Auto Scaling Groups, Read Replicas, cross-Region replication, DR strategies (Backup & Restore, Pilot Light, Warm Standby, Multi-Site Active/Active), all in scope.

Decoupling patterns center on SQS for asynchronous job processing, SNS for fan-out notifications, EventBridge for event routing, and Step Functions for workflow orchestration. “Tightly coupled” architectures (synchronous direct calls) are penalized in SAA-C03 grading — favor SQS or async patterns whenever possible.

DR strategy questions like “RPO 1 hour, RTO 30 minutes, lowest cost — which DR strategy?” map directly: Backup & Restore (RPO hours, RTO hours), Pilot Light (RPO minutes, RTO 10s of minutes), Warm Standby (RPO seconds, RTO minutes), Multi-Site Active/Active (RPO near-zero, RTO near-zero, highest cost).

Domain 3: Design High-Performing Architectures (24%)

24% weight (about 12 questions). Scalable storage, compute, network, and database — all with throughput, latency, and concurrency optimization. Caching (CloudFront, ElastiCache, DAX), read scaling (Read Replicas, Aurora Auto Scaling), and queue-based load leveling are the key patterns.

The “Right service for the workload” pattern dominates. “1 PB of data needs sub-second query latency” → DynamoDB or Aurora with Aurora Auto Scaling. “Global users with low-latency video streaming” → CloudFront. “100,000 concurrent inference requests” → SageMaker Endpoints with Auto Scaling. Service knowledge + scaling strategy = answer.

Domain 4: Design Cost-Optimized Architectures (20%)

Lowest weight at 20% (about 10 questions). Spot Instances for fault-tolerant workloads, Reserved Instances / Savings Plans for steady workloads, S3 Intelligent-Tiering for variable access patterns, S3 Lifecycle policies for automatic archival, NAT Gateway alternatives (VPC Endpoints for AWS services). Every architecture question can be re-evaluated through the cost lens.

The most common SAA-C03 cost optimization pattern: “An on-premise application uses 4 servers 24/7. What’s the most cost-effective AWS migration?” — likely answer: EC2 with Reserved Instances + Auto Scaling Group at minimum size for baseline, scale up for traffic. Spot Instances for batch processing components.

The 3-Month Learning Roadmap

Month 1: Foundation and Service Deep-Dive

Goal: Lock in all SAA-C03-scope services with depth. Watch a structured video course (Stephane Maarek’s Udemy course is the de facto standard) at 1.5–2x speed, 1 module per evening. Take handwritten notes on service names, key features, and use cases. Don’t skip lab sections — provision actual services in your AWS account.

By end of Month 1, you should be able to answer “What does Service X do?” for any service in the exam scope. CloudFront, CloudFormation, ECS vs EKS, Aurora vs DynamoDB, KMS vs CloudHSM — instant recall.

Month 2: Hands-On and Practice

Goal: Build real architectures. Set up a personal AWS account, complete 5–10 hands-on projects (e.g., 3-tier web app with VPC + EC2 + RDS, serverless API with Lambda + DynamoDB + API Gateway, static site with S3 + CloudFront + Route 53). The act of provisioning, configuring, and tearing down resources cements the architecture decisions.

Take 100–200 practice questions from Tutorials Dojo or AWS Skill Builder. Don’t grade them immediately — read each scenario carefully, choose your answer, then review the explanation. This is where design judgment develops.

Month 3: Practice Exams and Weakness Recovery

Goal: Verify exam-ready state with full-length practice exams. Take 4–6 full practice exams (Tutorials Dojo Timed Mode, AWS Skill Builder Official Practice Exam, Stephane Maarek Practice Exams). Target 80%+ on each.

Identify weak areas per domain — if Domain 2 (Resilient) is consistently under 70%, re-watch the Resilience module and re-do those practice questions. The last 2 weeks should focus on weakness recovery, not new material.

Learning Resource Comparison

The standard combo for most students: Stephane Maarek’s course + Tutorials Dojo Practice Tests + AWS Skill Builder Official Practice Exam. Total cost around $60, covers all critical preparation needs.

Design Scenario Example — Multi-AZ vs Multi-Region

SAA-C03 expects you to distinguish Multi-AZ from Multi-Region precisely.

Multi-AZ: Within a single Region, distribute across multiple Availability Zones (AZ). Latency: ~1ms inter-AZ. Use case: high availability against AZ-level failures (a single data center going down). RDS Multi-AZ, Aurora’s 6-copy-3-AZ replication, multi-AZ ALB / EC2 Auto Scaling Groups. Cost: 2x vs single-AZ (replica resources).

Multi-Region: Distribute across multiple Regions globally. Latency: 50–200ms inter-Region. Use case: business continuity against Region-wide outages (an entire Region’s AWS infrastructure going down — historically rare but real). Cross-Region Replication for S3, Route 53 Failover routing, Global DynamoDB tables. Cost: 2–3x vs single-Region (resources + data transfer).

The SAA-C03 question pattern: “Application X needs to keep serving even during a Region-wide outage. Which design?” — answer: Multi-Region with Route 53 Failover, cross-Region Replication for S3, Global DynamoDB. Multi-AZ alone is insufficient.

Design Scenario Example — Compute Selection

SAA-C03 also tests “Which compute service for this workload?”

“Process 10K requests/day with sub-second response time, sporadic traffic” → Lambda + API Gateway (serverless, scale-to-zero, charge per request). “Run a long-running custom server with full OS control” → EC2. “Migrate Docker microservices, no Kubernetes expertise” → ECS with Fargate. “Already use Kubernetes on-premise, want AWS-managed Kubernetes” → EKS. “Run batch processing jobs that can tolerate interruption” → EC2 Spot Instances or Lambda (if <15 min jobs).

The selection criteria are: (1) workload type (sustained vs sporadic), (2) request duration (<15min suits Lambda), (3) operational overhead willingness (Lambda < Fargate < ECS < EKS < EC2), (4) cost (Spot for batch, Reserved for steady-state).

Practice Questions (SAA-C03 — 3 Sample Items)

Q1. A company runs a multi-tier web application across multiple AZs. The application needs to keep operating even during a complete Region-wide outage. Which design satisfies these requirements? (A) Multi-AZ deployment in single Region (B) Multi-Region with Route 53 Failover and S3 Cross-Region Replication (C) Reserved Instance purchase (D) Auto Scaling Group
Answer: B — only Multi-Region with Failover routing survives a Region-wide outage.

Q2. An e-commerce site has a base load of 100 concurrent users + a 10x traffic spike during Black Friday. The architecture needs cost efficiency on regular days and elasticity for spikes. Which is best? (A) 1000 dedicated EC2 instances always running (B) Auto Scaling Group with min=2 / max=20 / On-Demand instances + Reserved Instances for the base (C) Lambda (D) Spot Instances only
Answer: B — Reserved for the steady base, On-Demand for the burst.

Q3. An application stores user profile data with rare updates and frequent reads (100K reads/sec). Which database is the best fit? (A) RDS PostgreSQL (B) Aurora MySQL with Read Replicas (C) DynamoDB with DAX (DynamoDB Accelerator) (D) Redshift
Answer: C — DynamoDB + DAX achieves microsecond reads at any scale.

Conclusion — The Next Steps After SAA-C03

AWS Solutions Architect Associate SAA-C03 — the 4-domain structure, 3-month roadmap, learning resources, design scenario approaches, and sample questions — covered in one read. Passing SAA-C03 validates the design judgment that the AWS architect role requires.

After SAA-C03, the natural progression is AWS Solutions Architect Professional (SAP-C02) for deeper architecture and operations, or Specialty certifications (Machine Learning, Security, Database, Networking). The next article in the series compares AWS / Azure / GCP certification paths so you can plan multi-cloud literacy.

References

ブラウザだけでできる本格的なAI画像生成【ConoHa AI Canvas】

swiftwand

X

AIを使って、毎日の生活をもっと快適にするアイデアや将来像を発信しています。 初心者にもわかりやすく、すぐに取り入れられる実践的な情報をお届けします。 Sharing ideas and visions for a better daily life with AI. Practical tips that anyone can start using right away.