SkarpSkarp

Chapter 1 of 9

Your SAA‑C03 Roadmap: Exam Structure, Domains, and Mindset

Step into the architect’s seat and see how AWS expects you to think: not like a button-clicker, but like a designer of secure, resilient, high‑performing, and cost‑optimized systems. This module reveals the SAA‑C03 blueprint, scoring, and the mental models that separate pass from fail.

15 min readen

Step 1: Orient Yourself – What Is SAA‑C03 Today?

What Is SAA‑C03?

The AWS Certified Solutions Architect – Associate (SAA‑C03) is the current associate-level architect exam. It validates your ability to design secure, resilient, high-performing, and cost-optimized architectures on AWS.

Exam Logistics

Duration: 130 minutes. Questions: 65 total, of which 50 are scored and 15 are unscored experimental items. You cannot distinguish scored from unscored questions during the exam.

Question Formats

You will see multiple-choice questions (1 correct answer, 3 distractors) and multiple-response questions (2 or more correct answers among 5+ options). The exam is closed book, delivered online or at a test center.

Architect Conversation

Treat the exam as a long design discussion: AWS presents real-world scenarios, and your job is to pick the architecture that best balances security, resilience, performance, and cost.

Step 2: Format, Timing, and Scoring Model

Scoring Basics

Scores range from 100 to 1000, with 720 as the passing score. Questions are weighted differently, and there is no partial credit on multiple-response questions.

Time Per Question

You get 130 minutes for 65 questions, about 2 minutes per question. Plan to move quickly on easier items and flag harder ones for later review.

Three-Pass Strategy

First pass: answer quick wins. Second pass: tackle flagged, harder questions. Final check: ensure there are no unanswered items before submitting.

Interpreting Results

You see pass/fail right away, then a report with domain-level performance. You never see exact questions missed, so aim for balanced strength across all domains.

Step 3: The Four SAA‑C03 Domains and Their Weights

Four Domains Overview

SAA‑C03 is organized into four domains: secure architectures, resilient architectures, high-performing architectures, and cost-optimized architectures. Each domain has a different weight.

Domain 1: Security (30%)

Design Secure Architectures (30%): IAM design, network security (VPC, security groups, NACLs), and data protection using encryption, KMS, and secret management.

Domain 2 & 3: Resilience and Performance

Design Resilient Architectures (26%) covers high availability and DR. Design High-Performing Architectures (24%) focuses on selecting and tuning compute, storage, databases, and caching.

Domain 4: Cost (20%)

Design Cost-Optimized Architectures (20%) emphasizes right-sizing, pricing models, storage classes, and lifecycle policies while balancing security and availability.

Step 4: Domain-by-Domain – Concrete Scenario Examples

One App, Four Lenses

Imagine a web app with an HTTPS frontend, REST API backend, and user plus payment data. Each SAA‑C03 domain changes how you design this same system.

Security Scenario

To secure payment data, you might isolate workloads in private subnets, use IAM roles or Cognito, encrypt data with KMS, enforce TLS on ALB, and add AWS WAF to block common attacks.

Resilience Scenario

To survive an AZ outage, deploy across multiple AZs behind an ALB, use RDS Multi-AZ, store assets in S3, and define backup and DR strategies, possibly across Regions.

Performance and Cost Scenarios

For performance, use Auto Scaling, CloudFront, ElastiCache, and read replicas. For cost, right-size, use Savings Plans, S3 storage classes, and Spot Instances where safe.

Step 5: Architect Mindset vs Button-Clicker Mindset

Operator vs Architect

Operators think about how to click through the console. Architects think about why a design is chosen, what requirements it meets, and what tradeoffs it makes.

Button-Clicker Traits

Button-clickers memorize steps and focus on single services. They often chase the cheapest or simplest answer, even if it breaks security or availability requirements.

Architect Traits

Architects start from requirements, consider tradeoffs, use patterns like multi-AZ and caching, and design for failure, not just the happy path.

Exam Mindset Shift

On SAA‑C03, the right answer meets all hard requirements, even if it is not the cheapest or fanciest. Train yourself to identify non-negotiables and eliminate violating options.

Step 6: Practice the Architect Mindset (Thought Exercise)

Apply architect-style thinking to a short scenario.

Scenario

A healthcare startup stores medical images in Amazon S3. New regulations require:

  • Data must be encrypted at rest with keys the company can rotate.
  • Access must be restricted to specific applications in a VPC.
  • Operations should remain simple; the small team cannot manage complex key infrastructure.

Options (mentally evaluate each):

  1. Enable S3 default encryption with SSE-S3 and use public bucket access
  2. Use S3 with SSE-KMS (AWS-managed CMKs) and VPC endpoints for S3
  3. Store all images on EBS volumes attached to EC2 instances in private subnets
  4. Use S3 with client-side encryption and manage keys entirely on-premises

Your task

  1. Identify the hard requirements.
  2. Decide which options violate those requirements.
  3. Pick the option that best balances security, manageability, and simplicity.

Pause and reason it out before you look at the explanation below.

Suggested reasoning

  • Hard requirements: encryption at rest with key rotation, restricted access from VPC, simple operations.
  • Option 1 fails: public access is not acceptable.
  • Option 3 fails: EBS is not ideal for object storage at scale; also complicates access and scaling.
  • Option 4: secure but burdens the small team with complex key management.
  • Option 2: S3 SSE-KMS gives encryption with AWS-managed keys and rotation; VPC endpoints restrict access from inside the VPC; operationally simple.

The architect mindset selects Option 2.

Step 7: Quick Check – Exam Structure and Domains

Test your understanding of the SAA‑C03 structure and domain weights.

Which statement best describes the SAA‑C03 exam based on the current AWS exam guide?

  1. It has 65 questions, a 130-minute limit, and four domains where Design Secure Architectures is the highest-weighted domain.
  2. It has 75 questions, a 180-minute limit, and all four domains are equally weighted.
  3. It has 50 questions, a 90-minute limit, and focuses primarily on cost optimization.
  4. It has 65 questions, a 130-minute limit, and Design Cost-Optimized Architectures is the highest-weighted domain.
Show Answer

Answer: A) It has 65 questions, a 130-minute limit, and four domains where Design Secure Architectures is the highest-weighted domain.

SAA‑C03 currently has 65 questions and a 130-minute duration. There are four domains, with Design Secure Architectures at about 30%, making it the highest-weighted domain. The other options either change the number of questions, timing, or misstate domain weights.

Step 8: Quick Check – Architect Mindset

Test how you think through scenario-based questions.

An exam question describes a workload that must be highly available across multiple AZs, minimize operational overhead, and scale automatically. Which option is most aligned with the architect mindset for SAA‑C03?

  1. Choose a single large EC2 instance in one AZ to reduce cost.
  2. Use Auto Scaling groups across multiple AZs behind an Application Load Balancer.
  3. Manually start additional EC2 instances in the same AZ when traffic increases.
  4. Deploy the application on a single On-Demand instance and add a bigger EBS volume.
Show Answer

Answer: B) Use Auto Scaling groups across multiple AZs behind an Application Load Balancer.

The requirements include high availability across AZs, automatic scaling, and low operational overhead. An Auto Scaling group across multiple AZs behind an ALB satisfies these. The other options are single-AZ or require manual scaling.

Step 9: Build Your 15‑Minute Daily SAA‑C03 Routine

Use what you know about domains, scoring, and mindset to design a short daily routine.

Task

Design a 15-minute daily study block using this template. Customize it to your weak areas.

  1. Minutes 0–3: Domain warm-up
  • Pick one domain per day:
  • Mon: Security
  • Tue: Resilience
  • Wed: Performance
  • Thu: Cost
  • Fri: Mixed review
  • Skim 2–3 key services for that domain (e.g., for Security: IAM, KMS, Security Groups).
  1. Minutes 3–10: Scenario practice
  • Take 1–2 practice questions from that domain.
  • For each question, explicitly write (or say):
  • Hard requirements
  • Nice-to-haves
  • Reasons for eliminating each wrong option
  1. Minutes 10–15: Reflection and linking
  • Ask yourself:
  • Which tradeoff did the correct answer make?
  • How did it balance security, resilience, performance, and cost?
  • Note one pattern (e.g., "multi-AZ + ALB for availability") and where else you could apply it.

By consistently practicing this way, you train the architect mindset and align your preparation with how SAA‑C03 is structured.

Step 10: Flashcard Review – Core Exam Facts and Mindset

Use these flashcards to reinforce key SAA‑C03 facts and mental models.

SAA‑C03: Number of questions and duration
65 questions in 130 minutes. About 50 are scored and 15 are unscored experimental items.
SAA‑C03: Passing score and scale
Scaled score from 100 to 1000. Passing score is 720.
Highest-weighted domain in SAA‑C03
Design Secure Architectures at about 30% of the exam weight.
Four domains of SAA‑C03 (names only)
Design Secure Architectures; Design Resilient Architectures; Design High-Performing Architectures; Design Cost-Optimized Architectures.
Architect mindset vs button-clicker mindset
Architects start from requirements and tradeoffs, think in patterns, and design for failure. Button-clickers focus on steps and isolated services.
First step when reading a scenario question
Identify the non-negotiable requirements (e.g., security, availability, compliance) before considering services or cost.
Multiple-response questions: scoring rule
No partial credit. You must select all correct options and avoid incorrect ones to earn points.
Good time management rule of thumb
About 2 minutes per question. Use a first pass for quick wins, then return to flagged questions.

Key Terms

Domain
A major topic area in the AWS exam blueprint, each with a percentage weight contributing to the overall score.
SSE-KMS
Server-side encryption in AWS services using AWS Key Management Service (KMS) customer master keys.
Multi-AZ
An AWS deployment pattern that uses multiple Availability Zones within a Region to improve availability and fault tolerance.
SAA‑C03
The current AWS Certified Solutions Architect – Associate exam code, which replaced SAA‑C02 and is active as of 2026.
VPC endpoint
A private connection between your VPC and supported AWS services that does not require public internet access.
Auto Scaling group
A group of EC2 instances that can automatically scale in or out based on defined policies, health checks, and schedules.
RPO (Recovery Point Objective)
The maximum acceptable amount of data loss measured in time, such as 1 hour of data.
IAM (Identity and Access Management)
AWS service for securely controlling access to AWS resources using users, groups, roles, and policies.

Finished reading?

Test your understanding with a custom practice exam on this chapter.

Test yourself