AWS Solutions Architect Associate (SAA‑C03): Complete Exam-Ready Masterclass

AWS Well-Architected Framework (definition)

The AWS Well-Architected Framework provides a consistent set of best practices for customers and partners to evaluate architectures, and a set of questions you can use to evaluate how well an architecture is aligned to AWS best practices.

Security pillar (definition)

The security pillar describes how to take advantage of cloud technologies to protect data, systems, and assets in a way that can improve your security posture.

Reliability pillar (definition)

The reliability pillar encompasses the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle.

Performance efficiency pillar (definition)

The performance efficiency pillar focuses on the efficient use of computing resources to meet requirements and maintain that efficiency as demand changes and technologies evolve.

Cost optimization pillar (definition)

The cost optimization pillar includes the continual process of refinement and improvement of a system over its entire lifecycle to build and operate cost-aware systems that achieve business outcomes and minimize costs.

Sustainability pillar (definition)

The sustainability pillar focuses on minimizing the environmental impacts of running cloud workloads by maximizing utilization and minimizing the resources required, and by reducing the energy required to deliver business value.

AWS Region

A physical geographic area, such as us-east-1 or eu-west-1, containing multiple isolated Availability Zones. Most AWS resources are created within a specific Region.

Availability Zone (AZ)

One or more discrete data centers with redundant power, networking, and connectivity in a Region. AZs are independent failure domains connected by low-latency links.

Edge location

An AWS site in a major city used mainly by CloudFront and Route 53 to cache or serve content and DNS responses closer to end users.

Amazon EC2

A core compute service providing virtual servers (instances) that run inside a VPC subnet in a specific Availability Zone within a Region.

Amazon S3

A Regional object storage service where buckets live in a single Region and, for standard classes, data is automatically stored across multiple AZs.

Amazon RDS Multi-AZ

A high-availability configuration where RDS maintains a synchronous standby DB instance in another AZ within the same Region and fails over automatically on outages.

AWS shared responsibility model

The AWS shared responsibility model describes how AWS is responsible for security of the cloud, while customers are responsible for security in the cloud, including the configuration of their services and data.

IAM user

A long-term identity in IAM representing a person or application. It can have a console password and/or access keys. Best practice is to minimize direct IAM users for humans and prefer federation.

IAM group

A collection of IAM users. Policies attached to a group apply to all members, simplifying permission management and supporting least privilege via roles-based groupings.

IAM role

An IAM identity with no long-term credentials that can be assumed by trusted principals to obtain temporary security credentials via AWS STS. Used for services, cross-account access, and temporary access.

Identity-based policy

A policy attached to a user, group, or role that specifies what actions that identity is allowed or denied to perform on which resources.

Resource-based policy

A policy attached directly to a resource (such as an S3 bucket or SQS queue) that specifies which principals are allowed or denied to access the resource and how.

AWS Organizations

A service that lets you centrally manage and govern multiple AWS accounts with features such as consolidated billing, organizational units (OUs), and Service Control Policies (SCPs).

Management account

The top-level account that creates and manages an AWS Organization. It can create or invite member accounts and attach SCPs but should not host regular workloads due to its power.

Organizational Unit (OU)

A logical container in AWS Organizations used to group accounts, often by environment, business unit, or function, so that policies like SCPs can be applied consistently.

Service Control Policy (SCP)

An AWS Organizations policy that defines the maximum permissions for accounts. SCPs do not grant permissions; they filter what IAM policies can ever allow and can restrict even the root user.

IAM identity-based policy

A policy attached to an IAM user, group, or role that grants specific permissions within a single account, subject to any applicable SCPs or permission boundaries.

Permission boundary

An advanced IAM feature that sets the maximum permissions an IAM user or role can have. Like SCPs, it does not grant permissions, but limits what attached policies can allow.

Amazon VPC

A logically isolated virtual network in AWS where you define your own IP ranges, subnets, route tables, and network controls, similar to a virtual data center you configure.

Public subnet (effective definition)

A subnet whose route table has a route to an Internet Gateway, allowing resources with public IPs to send and receive traffic from the internet.

Private subnet (effective definition)

A subnet that does not have a direct route to an Internet Gateway. It may use a NAT Gateway for outbound-only internet access.

Internet Gateway (IGW)

A horizontally scaled, redundant VPC component that allows communication between resources in your VPC and the internet, used as a route target in public subnets.

NAT Gateway

A managed service placed in a public subnet that enables instances in private subnets to initiate outbound connections to the internet while preventing unsolicited inbound connections.

Security group

A stateful, instance-level virtual firewall that uses allow-only rules to control inbound and outbound traffic for resources like EC2, RDS, and load balancers.

VPC peering

A non-transitive, one-to-one private connection between two VPCs that enables routing of traffic using private IPs over the AWS network.

AWS Transit Gateway

A regional networking hub that connects VPCs and on-prem networks using a hub-and-spoke model with transitive routing controlled by Transit Gateway route tables.

AWS Site-to-Site VPN

An IPSec VPN connection over the public internet between your on-premises network and AWS, providing encrypted connectivity with variable latency and throughput.

AWS Direct Connect

A dedicated physical network connection from your premises to AWS that offers more consistent network performance and higher bandwidth than typical internet-based connections.

AWS PrivateLink

A technology that provides private connectivity between VPCs and supported AWS, partner, or customer services using interface VPC endpoints without exposing traffic to the public internet.

Interface VPC endpoint

An elastic network interface with a private IP in your subnet that acts as an entry point to a supported AWS or PrivateLink service.

SSE-S3

Server-side encryption where Amazon S3 manages the keys. Provides encryption at rest with no KMS API calls or key management by the customer; good for simple, high-throughput use cases.

SSE-KMS

Server-side encryption using AWS KMS keys (AWS or customer managed). Supports fine-grained key policies, CloudTrail logging of key usage, and key disablement or rotation.

SSE-C

Server-side encryption with customer-provided keys. You send the key on each request; S3 encrypts data but never stores the key, only a hash. You handle key storage and rotation.

Customer managed KMS key

A KMS key you create and control, including key policy, grants, aliases, and optional automatic rotation. Used when you need custom access control and compliance alignment.

AWS managed KMS key

A KMS key created and managed by AWS for a specific service (such as aws/s3 or aws/ebs). Simplifies encryption but offers less granular control and configuration.

Envelope encryption

Pattern where KMS encrypts data keys, and those data keys are used by services like S3, EBS, or RDS to encrypt the actual data locally, improving scalability and performance.

Data in transit

Data that is actively moving between systems, such as across the internet, between VPCs, or between services within a VPC, and must be protected against eavesdropping and tampering.

TLS termination

The point in a network path where encrypted TLS traffic is decrypted, such as at an Application Load Balancer, Network Load Balancer, or application server.

AWS Certificate Manager (ACM)

A managed service that lets you provision, manage, and deploy public and private TLS certificates for use with services like ALB, NLB (TLS), CloudFront, and API Gateway.

VPC Gateway Endpoint

A gateway that you add to your VPC route tables to provide private connectivity to S3 or DynamoDB without using an internet gateway, NAT device, or public IP addresses.

VPC Interface Endpoint (AWS PrivateLink)

An elastic network interface with a private IP in your subnet that serves as an entry point to supported AWS services or your own/partner services, keeping traffic within the AWS network.

Site-to-Site VPN

An IPSec VPN connection between your on-premises network and an AWS VPC that encrypts traffic over the public internet.

Availability Zone (AZ)

One or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. AZs are physically separated to limit correlated failures and are key fault domains for high availability designs.

Region

A physical geographic area that contains multiple Availability Zones. Multi-Region designs protect against full-Region failures and help meet latency and regulatory requirements.

RPO (Recovery Point Objective)

The maximum acceptable amount of data loss measured in time. It answers: How far back in time can our data be rolled back after a disaster?

RTO (Recovery Time Objective)

The maximum acceptable time a system can be offline after a disaster before it must be restored to service.

RDS Multi-AZ

An RDS configuration that maintains a synchronous standby in another AZ within the same Region for automatic failover and high availability. It is not used for read scaling.

RDS Read Replica

An asynchronously replicated copy of an RDS database used primarily for read scaling and sometimes for DR. Can be in the same or a different Region and may lag behind the primary.

Application Load Balancer (ALB)

A Layer 7 load balancer that routes HTTP/HTTPS/WebSocket traffic based on request content (path, host, headers), integrates with WAF and Cognito, and uses target groups of EC2, IPs, or Lambda.

Network Load Balancer (NLB)

A Layer 4 load balancer optimized for TCP/UDP/TLS with ultra‑low latency, static IP support, and very high throughput, used for non‑HTTP or highly performance‑sensitive workloads.

Target group

A logical grouping of targets (EC2 instances, IPs, Lambda functions, or ALBs) that a load balancer forwards traffic to, with its own health check configuration.

Cross‑zone load balancing

A feature where each load balancer node distributes traffic across all healthy targets in all enabled AZs, not just within its own AZ, smoothing traffic across instances.

Alias record (Route 53)

A Route 53 specific record type that acts like an A/AAAA record but can point to AWS resources (e.g., ALB, NLB, CloudFront, S3) and can be used at the zone apex.

Weighted routing policy

A Route 53 policy that splits DNS responses across multiple records according to assigned weights, often used for gradual migrations, blue/green, or A/B testing.

Auto Scaling group (ASG)

A logical group of EC2 instances that can automatically increase, decrease, or replace instances based on scaling policies, health checks, and capacity settings (min, max, desired).

Target tracking scaling policy

An Auto Scaling policy where you choose a metric and a target value, and AWS adjusts capacity to keep the metric near that target, similar to a thermostat.

Step scaling policy

An Auto Scaling policy that uses CloudWatch alarms and threshold ranges to apply different scaling adjustments (steps) depending on how far the metric is beyond the threshold.

Scheduled scaling

An Auto Scaling feature that adjusts capacity at specific times, ideal for predictable daily or weekly traffic patterns.

Amazon SQS

A fully managed message queue service that decouples producers and consumers, allowing asynchronous processing and backpressure via queueing.

Amazon SNS

A fully managed pub/sub messaging service where publishers send messages to topics and multiple subscribers each receive a copy.

Amazon EC2

A web service that provides resizable compute capacity in the cloud in the form of virtual servers called instances.

Amazon Machine Image (AMI)

A template that contains a software configuration (operating system, application server, and applications) used to launch EC2 instances in a known-good state.

Stateless application tier

An EC2-based application layer where no durable user or session data is stored on the instance; all state is stored in external services such as S3, DynamoDB, or ElastiCache.

User data

A script or cloud-init directives that run when an EC2 instance first boots, commonly used to install software, pull configuration, or register with other systems.

General purpose instance family

Instance families (such as A, M, T) that provide a balance of compute, memory, and networking resources suitable for a broad range of workloads.

Compute optimized instance family

Instance family (C) designed for compute-bound applications that benefit from high-performance processors, such as batch processing and high-performance web servers.

When should you use multipart uploads in S3?

Use multipart uploads for large objects (recommended for 100 MB+, strongly recommended for 5 GB+) to increase throughput and allow retrying individual parts.

S3 Standard vs S3 Standard-IA: performance difference?

Both provide millisecond access latency and similar per-request performance. Standard-IA has lower storage cost but higher retrieval and early deletion costs, and is intended for infrequently accessed data.

Best EBS volume type for high IOPS, low-latency databases?

Provisioned IOPS SSD volumes (io1 or io2), with io2 offering higher durability and better SLA for mission-critical databases.

What does gp3 let you configure independently?

gp3 lets you provision IOPS and throughput independently of volume size, giving flexible performance tuning without overprovisioning storage.

IOPS vs Throughput in storage performance

IOPS is the number of I/O operations per second and matters for small, random I/O. Throughput is MB/s and matters for large, sequential reads and writes.

Primary reason to choose st1 over gp3

Choose st1 when you need high, cost-effective throughput for large, sequential workloads (for example, big data, log processing) and can tolerate higher latency than SSD.

Amazon RDS

A managed relational database service that supports engines like Aurora, MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server, handling backups, patching, and basic availability features for you.

Multi‑AZ deployment (RDS)

An RDS configuration that synchronously replicates data to a standby instance in another Availability Zone to provide high availability and automatic failover, but does not provide additional read capacity.

Read replica (RDS)

An asynchronously replicated copy of a primary RDS database used to offload read‑only traffic and improve read scalability; it does not provide automatic failover by default.

Amazon Aurora

A MySQL‑ and PostgreSQL‑compatible relational database built for the cloud, using a distributed storage layer to provide higher performance, up to 15 replicas, and fast failover compared to standard RDS engines.

Amazon ElastiCache

A managed in‑memory caching service that supports Redis and Memcached, used to reduce database load and improve application response times by serving hot data from memory.

RDS Proxy

A fully managed database proxy for RDS and Aurora that pools and shares connections, helping applications like Lambda and ECS scale without overwhelming the database with connections.

Amazon CloudFront

A global content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to users with low latency and high transfer speeds using a worldwide network of edge locations.

Origin (CloudFront)

The source location where CloudFront retrieves your content from when there is a cache miss, such as an S3 bucket, an Application Load Balancer, an EC2 instance, or another HTTP/HTTPS server.

TTL (Time To Live) in caching

The amount of time that a cached object is considered valid and can be served from cache before the cache must revalidate or refetch the object from the origin.

Route 53 Latency-Based Routing

A DNS routing policy that directs user requests to the AWS Region that provides the lowest latency, based on measurements between AWS Regions and the user's DNS resolver location.

Public subnet

A subnet within a VPC that has a route to an Internet Gateway, allowing resources in the subnet to communicate directly with the internet.

Private subnet

A subnet within a VPC that does not have a direct route to an Internet Gateway; instances in the subnet typically reach the internet via a NAT gateway or NAT instance.

Batch ingestion

A pattern where data is collected over a period of time and ingested in chunks (e.g., hourly or daily) into a landing zone such as Amazon S3 for later processing.

Streaming ingestion

A pattern where data is continuously ingested as a flow of small records, typically using services like Amazon Kinesis Data Streams or Kinesis Data Firehose for near real-time processing.

Amazon Kinesis Data Streams

A managed streaming platform that uses shards to store records for a configurable retention period and supports multiple consumers and replay for custom real-time processing.

Amazon Kinesis Data Firehose

A fully managed service that reliably ingests and automatically delivers streaming data to destinations such as Amazon S3 and Amazon OpenSearch Service, with optional lightweight Lambda-based transformations.

AWS Glue

A serverless ETL service used for large-scale batch transformations, schema management via the Glue Data Catalog, and converting raw data into analytics-ready formats like Parquet.

AWS Lambda in ingestion pipelines

A serverless compute service used for short-lived, event-driven tasks such as validating records, enriching streaming events, or routing data in response to S3 or Kinesis triggers.

S3 Standard

General-purpose S3 storage class with high availability, low latency, no minimum storage duration, and no retrieval fees. Best for frequently accessed, performance-sensitive data.

S3 Standard-IA

Infrequent Access storage class with lower cost per GB than Standard but with per-GB retrieval fees and a minimum storage duration. Good for data accessed less often but needing fast retrieval.

S3 One Zone-IA

Infrequent Access class that stores data in a single AZ, reducing cost but also resilience. Suitable only when you can tolerate AZ loss or have backups elsewhere.

S3 Intelligent-Tiering

S3 storage class that automatically moves objects between frequent and infrequent access tiers based on usage, charging a small monitoring fee per object. Useful when access patterns are unpredictable.

S3 Glacier Flexible Retrieval

Archival S3 storage class with very low storage cost and retrieval times from minutes to hours. Ideal for long-term archives that are accessed rarely but must remain retrievable.

S3 Lifecycle Policy

Configuration on an S3 bucket that defines rules to automatically transition objects between storage classes and expire (delete) them based on age or version status.

Right-sizing

The process of choosing the smallest EC2 instance type and size that still meets performance requirements, often by analyzing CPU, memory, and I/O usage and adjusting families and sizes accordingly.

On-Demand Instances

EC2 pricing model where you pay per second or hour with no long-term commitment; offers maximum flexibility but the highest unit cost, suitable for short-term or unpredictable workloads.

Reserved Instances (RIs)

Discounted EC2 capacity in exchange for a 1- or 3-year commitment to specific attributes (such as instance family and region). Standard RIs give higher discounts with less flexibility; Convertible RIs allow exchanging for different instance attributes.

Savings Plans

Commitment-based discount model where you commit to a certain $/hour of compute usage for 1 or 3 years. Compute Savings Plans apply broadly to EC2, Fargate, and Lambda; EC2 Instance Savings Plans apply to a specific instance family in a region.

Spot Instances

EC2 instances that use spare AWS capacity at steep discounts, but can be interrupted with 2 minutes of warning. Best for interruption-tolerant, flexible workloads like batch processing and CI/CD.

Auto Scaling group (ASG)

A logical grouping of EC2 instances with a defined min, max, and desired capacity, plus scaling policies that automatically add or remove instances based on demand.

Multi-AZ RDS deployment

An RDS configuration with a primary DB instance and a synchronous standby in a different Availability Zone, providing automatic failover for high availability but not additional read capacity.

Read replica (RDS)

A separate RDS instance that receives asynchronous replication from a primary database and is used to scale read traffic or offload reporting workloads.

Aurora Global Database

An Amazon Aurora feature that creates a primary cluster in one Region and up to several secondary read-only clusters in other Regions with low-latency replication, used for global reads and disaster recovery.

ElastiCache

A managed in-memory caching service (Redis or Memcached) used to offload read traffic from databases and improve application performance and cost-efficiency.

Intra-AZ vs cross-AZ data transfer

Intra-AZ traffic (within the same Availability Zone) is typically free or low cost, while cross-AZ traffic (between AZs in the same Region) is billed per GB and should be minimized for high-volume flows.

Internet egress

Data transferred from AWS to the public internet, usually the most expensive type of data transfer and a key target for optimization using CloudFront and caching.

AWS Well-Architected Framework

The AWS Well-Architected Framework provides a consistent set of best practices for customers and partners to evaluate architectures, and a set of questions you can use to evaluate how well an architecture is aligned to AWS best practices.

Cost optimization pillar (definition)

The cost optimization pillar includes the continual process of refinement and improvement of a system over its entire lifecycle to build and operate cost-aware systems that achieve business outcomes and minimize costs.

Performance efficiency pillar (definition)

The performance efficiency pillar focuses on the efficient use of computing resources to meet requirements and maintain that efficiency as demand changes and technologies evolve.

Reliability pillar (definition)

The reliability pillar encompasses the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle.

Sustainability pillar (definition)

The sustainability pillar focuses on minimizing the environmental impacts of running cloud workloads by maximizing utilization and minimizing the resources required, and by reducing the energy required to deliver business value.

Shared responsibility model (definition)

The AWS shared responsibility model describes how AWS is responsible for security of the cloud, while customers are responsible for security in the cloud, including the configuration of their services and data.

AWS Well-Architected Framework

The AWS Well-Architected Framework provides a consistent set of best practices for customers and partners to evaluate architectures, and a set of questions you can use to evaluate how well an architecture is aligned to AWS best practices.

Security pillar

The security pillar describes how to take advantage of cloud technologies to protect data, systems, and assets in a way that can improve your security posture.

Reliability pillar

The reliability pillar encompasses the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle.

Performance efficiency pillar

The performance efficiency pillar focuses on the efficient use of computing resources to meet requirements and maintain that efficiency as demand changes and technologies evolve.

Cost optimization pillar

The cost optimization pillar includes the continual process of refinement and improvement of a system over its entire lifecycle to build and operate cost-aware systems that achieve business outcomes and minimize costs.

Sustainability pillar

The sustainability pillar focuses on minimizing the environmental impacts of running cloud workloads by maximizing utilization and minimizing the resources required, and by reducing the energy required to deliver business value.

Data lake on AWS

A centralized repository, typically built on Amazon S3, that allows you to store all structured and unstructured data at any scale and analyze it using a variety of services like Athena, EMR, Redshift Spectrum, and Glue.

Raw, Cleansed, Analytics zones

Logical layers in an S3 data lake: raw (as-ingested, immutable), cleansed (validated, standardized), and analytics (optimized for querying, often Parquet and partitioned).

Amazon Kinesis Data Firehose

A fully managed service for reliably loading streaming data into destinations like S3, Redshift, and OpenSearch, with built-in batching, compression, and optional transformation.

Amazon Athena

A serverless interactive query service that lets you analyze data directly in Amazon S3 using standard SQL, paying only for the data scanned.

AWS Glue Data Catalog

A centralized metadata repository that stores table definitions, schema, and location information for data in S3 and other sources, used by services like Athena and EMR.

Partitioning (e.g., year/month/day)

Organizing data into directory-like segments (such as `year=2026/month=05/day=28`) so query engines can read only relevant subsets, reducing data scanned and improving performance.

AWS Well-Architected Framework

The AWS Well-Architected Framework provides a consistent set of best practices for customers and partners to evaluate architectures, and a set of questions you can use to evaluate how well an architecture is aligned to AWS best practices.

Security pillar

The security pillar describes how to take advantage of cloud technologies to protect data, systems, and assets in a way that can improve your security posture.

Shared responsibility model

The AWS shared responsibility model describes how AWS is responsible for security of the cloud, while customers are responsible for security in the cloud, including the configuration of their services and data.

Defense in depth (AWS context)

A security strategy that layers controls across identity (IAM, SCPs), network (VPC, security groups, WAF), and data/application (encryption, secrets management) so that if one control fails, others still protect the workload.

CloudTrail primary purpose

To record API calls and console actions across your AWS accounts, providing an audit trail for security analysis, compliance, and incident response.

CloudWatch primary purpose

To collect and visualize metrics and logs from AWS services and applications, and to trigger alarms or automated actions when thresholds or patterns are detected.

Reliability pillar (canonical definition)

The reliability pillar encompasses the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle.

Performance efficiency pillar (canonical definition)

The performance efficiency pillar focuses on the efficient use of computing resources to meet requirements and maintain that efficiency as demand changes and technologies evolve.

Multi-AZ vs Multi-Region (exam cue)

Multi-AZ: protect against AZ failures within one Region, common default for high availability. Multi-Region: protect against Region failures or serve global users; used for strict RPO/RTO or global latency needs.

Graceful degradation

A design approach where, if a component or dependency fails, the system continues operating with reduced functionality or quality instead of a full outage.

Auto Scaling + health checks (reliability role)

Health checks detect unhealthy instances; Auto Scaling groups replace them automatically and spread load across AZs, maintaining desired capacity without manual intervention.

Right-sizing

The ongoing process of adjusting resource types, sizes, and capacity (compute, storage, database) based on observed metrics to meet requirements efficiently.

AWS Well-Architected Framework

The AWS Well-Architected Framework provides a consistent set of best practices for customers and partners to evaluate architectures, and a set of questions you can use to evaluate how well an architecture is aligned to AWS best practices.

Sustainability pillar (definition)

The sustainability pillar focuses on minimizing the environmental impacts of running cloud workloads by maximizing utilization and minimizing the resources required, and by reducing the energy required to deliver business value.

Performance efficiency pillar (definition)

The performance efficiency pillar focuses on the efficient use of computing resources to meet requirements and maintain that efficiency as demand changes and technologies evolve.

Cost optimization pillar (definition)

The cost optimization pillar includes the continual process of refinement and improvement of a system over its entire lifecycle to build and operate cost-aware systems that achieve business outcomes and minimize costs.

Operational excellence (concept)

An AWS Well-Architected lens focused on how you organize, run, and evolve workloads using clear processes, automation, observability, and continuous improvement to support all other pillars.

Infrastructure as Code (IaC)

The practice of defining and provisioning infrastructure using machine-readable templates or code (for example, AWS CloudFormation, AWS CDK), enabling repeatable, automated deployments.

First thing to do when reading a question stem

Identify the workload type and the primary constraint (security, reliability, performance, cost, operations, or sustainability) before looking at answer choices.

How to handle a question you cannot solve in 60 seconds

Eliminate clearly wrong options, make a best guess based on the main requirement and pillars, flag the question, and move on to protect your time.

Security pillar (definition)

The security pillar describes how to take advantage of cloud technologies to protect data, systems, and assets in a way that can improve your security posture.

Reliability pillar (definition)

The reliability pillar encompasses the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle.

Performance efficiency pillar (definition)

The performance efficiency pillar focuses on the efficient use of computing resources to meet requirements and maintain that efficiency as demand changes and technologies evolve.

Cost optimization pillar (definition)

The cost optimization pillar includes the continual process of refinement and improvement of a system over its entire lifecycle to build and operate cost-aware systems that achieve business outcomes and minimize costs.