SAA-C03 Learning Path Introduction


SAA-C03 Learning Path Intro
SAA-C03 Learning Path Introduction

This course introduces the SAA-C03 learning path, which has been designed to help you prepare for and pass the latest version of the AWS Certified Solutions Architect - Associate exam. The certification itself is broken down into four distinct domains, which are covered through the learning path:

  1. Design Secure Architectures
  2. Design Resilient Architectures
  3. Design High-Performing Architectures
  4. Design Cost-Optimized Architectures

Hello, and welcome to this learning path, which has been designed to help you prepare for and pass the latest version of the AWS Certified Solutions Architect - Associate exam, SAA-C03.

Before we get started, I would like to introduce myself. My name is Danny Jessee, and I am one of the trainers here at Cloud Academy, specializing in AWS–Amazon Web Services–and AWS certifications. Feel free to connect with me to ask any questions using the details shown on the screen. Alternatively, you can always get in touch with us here at Cloud Academy by sending an email to, where one of our cloud experts will reply to your question.

The AWS Certified Solutions Architect - Associate exam is designed for anyone who has knowledge and experience designing cloud solutions that use AWS services. It allows individuals within a solutions architect role to verify and validate their knowledge by effectively demonstrating their ability to architect solutions using best practice design principles in a secure and robust way. This learning path will provide you with the knowledge you need when preparing to take the latest version of the AWS Certified Solutions Architect - Associate certification exam, which was released in August 2022.

The certification itself is broken down into four distinct domains:

  1. Design Secure Architectures,
  2. Design Resilient Architectures,
  3. Design High-Performing Architectures, and
  4. Design Cost-Optimized Architectures

Each of these domains carry a specific percentage weighting within the exam. Each domain also contains a series of task statements that identify specific required knowledge and skills. These are all outlined in the official AWS exam guide that you can find here. There is also a clickable link to this guide in the Course Material section for this course. Let’s start by taking a closer look at each of these domains to give you a better understanding of the topics that will be covered on the exam.

Domain 1: Design Secure Architectures. This domain accounts for 30% of the exam content and focuses on 3 key areas:

  • Design secure access to AWS resources,
  • Design secure workloads and applications, and
  • Determine appropriate data security controls

For this domain, you’ll need to know how to design secure access to AWS and the resources you use within it. You’ll need to understand how to design secure application tiers and be able to recommend and select the most appropriate security services and features to protect your data.

This learning path has tons of content that will help you understand all of these elements. One of the main services you’ll need to know and be familiar with is AWS Identity and Access Management, known as IAM, so we’ll cover this in some detail, along with how to configure federated access. You’ll be introduced to Amazon Cognito, as well as AWS Organizations, in particular, the Service Control Policies that this service offers.

From an application security standpoint, we’ll focus on the AWS Web Application Firewall, or WAF, along with an introduction to AWS Firewall Manager and AWS Shield. Logging is also a critical element of application security, so you’ll learn how to enable logging and use it to your advantage from a security standpoint. You’ll understand how services such as AWS Config and AWS CloudTrail can be used to help you audit, monitor and evaluate your infrastructure for security issues and incidents, helping you resolve threats more quickly and effectively.

From a data security perspective, you’ll learn how to protect your data using the AWS Key Management Service, known as KMS, to encrypt your data across multiple services, in addition to learning how to manage and configure multiple encryption mechanisms that are used by Amazon S3.

Moving on, we have Domain 2: Design Resilient Architectures. This domain accounts for 26% of the exam content and focuses on 2 key areas of interest:

  • Design scalable and loosely coupled architectures, and
  • Design highly available and/or fault-tolerant architectures

This domain will assess your knowledge of how to design a multi-tier architecture and ensure your solutions are highly available and fault-tolerant.

With this in mind, you’ll be introduced to the AWS global infrastructure, providing you with a foundation for how the underlying architecture is pieced together on a global scale. We’ll discuss how to implement multi-tier architectures within an Amazon Virtual Private Cloud, or VPC, using multiple subnets and other networking components. You’ll also be introduced to Amazon Route 53 and CloudFront, along with some common disaster recovery and business continuity strategies.

You’ll learn about the benefits of, as well as the differences between decoupled and event-driven architectures, along with some of the AWS services that allow you to implement them, such as the Amazon Simple Notification Service, or SNS, the Amazon Simple Queue Service, or SQS, Amazon Kinesis, and AWS Lambda.

Storage also plays an important part in this domain, and you’ll need to demonstrate your awareness of resilient storage capabilities within your architectures. You’ll gain a deeper understanding of how AWS storage services can be used to help maintain your data from a resiliency standpoint, including Amazon S3, AWS Storage Gateway, and Amazon EFS to name a few.

Next, we have Domain 3: Design High-Performing Architectures. This domain accounts for 24% of the exam content and focuses on the following 5 items:

  • Determine high-performing and/or scalable storage solutions,
  • Design high-performing and elastic compute solutions,
  • Determine high-performing database solutions,
  • Determine high-performing and/or scalable network architectures, and
  • Determine high-performing data ingestion and transformation solutions.

This domain will assess your ability to design high-performing architectures that leverage AWS storage, compute, database, and networking services.

So again, you’ll be assessed on your knowledge of AWS storage services, but this time from a high-performance and scalability perspective. We’ll look deeper into Amazon EFS and its configuration, plus gain insight into additional performance features within Amazon S3.

You’ll also need to know which services to use and configure when implementing elastic and scalable solutions for compute workloads. So we’ll cover the configuration of Amazon EC2 auto scaling and Elastic Load Balancing, as well as services such as the Amazon Elastic Container Service, or ECS.

This domain will also test your awareness and knowledge of database performance and how to manage workloads across your databases. We’ll introduce you to many of the different AWS database services to give you foundational knowledge of the different services that are available before honing in on some of the performance options such as high availability with Amazon RDS using Multi-AZ features, as well as options for high availability across Amazon DynamoDB and Aurora. You’ll also be introduced to the Amazon DynamoDB Accelerator, known as DAX, which can boost your database performance tenfold by using cached clusters.

From a networking standpoint, you’ll need to know how to architect network infrastructure that can effectively support different types of workloads, so we’ll focus on many of the VPC networking components you can use. This includes everything from the fundamentals of the VPC itself, including subnets, Elastic Network Interfaces and Adapters, or ENIs and ENAs, to security controls and considerations, including Network Access Control Lists, or NACLs, security groups, NAT Gateways, and bastion hosts, plus connectivity options such as VPC endpoints, Virtual Private Networks, or VPNs, Direct Connect, AWS Transit Gateway, and the AWS Global Accelerator.

And finally, we have Domain 4: Design Cost-Optimized Architectures. This domain accounts for 20% of the exam content and will assess you in 4 areas:

  • Design cost-optimized storage solutions,
  • Design cost-optimized compute solutions,
  • Design cost-optimized database solutions, and
  • Design cost-optimized network architectures

This domain looks at cost optimization across all of your architectures, so it’s important to understand the different cost metrics for AWS Cloud services and how you can optimize their configuration.

We’ll spend time looking at the costs associated with different AWS storage services to ensure you understand the full spectrum of price points associated with them, such as storage classes within Amazon S3, Glacier, or even specific management elements of a service like provisioned throughput in EFS. We’ll also look at data retrieval and data transfer using services such as AWS Storage Gateway, AWS Backup, and more.

You’ll be introduced to compute savings plans and reserved instances, and you’ll see how these can be optimized to save you money across your EC2 fleets. You’ll see how to manage and monitor your database costs with RDS. And finally, you’ll review the features and best practices to consider when designing a cost-optimized network architecture.

Throughout this learning path, you’ll be guided through a series of courses, hands-on labs, and assessments that will cover every element within the domains I just discussed. And you can rest assured that these courses, labs and assessments have been curated by a team of highly certified and experienced trainers, all of whom have passed the AWS Certified Solutions Architect - Associate exam. This collective and collaborative effort leveraging our own exam experience allows us to create content that’s honed in on the specific topics you’ll need to know in order to pass this exam!

Feedback on our learning paths here at Cloud Academy is valuable to both us as trainers and any students looking to take the same learning path in the future. If you have any feedback, positive or negative, or if you notice anything that needs to be updated or corrected for the next release cycle, it would be greatly appreciated if you could email

That brings me to the end of this introduction. So now you have an understanding of what’s involved, let’s get you prepped and ready to tackle this certification! Coming up next, we’ll take a more in-depth look at the mechanics of the AWS Certified Solutions Architect - Associate exam.

About the Author
Learning Paths

Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.

Covered Topics