All you need to know about AWS Solutions Architect exam syllabus

You may have heard about the difficulty of the AWS Solutions Architect exam, with some sources suggesting that its failure rate is close to 72%. This statistic makes the AWS Solution Architect Associate (SAA) exam seem tough, but it can be made easy with proper planning and preparation. The key is knowing what to study and how you’ll be assessed.

In this blog, we’ll discuss what you must focus on to ensure you’re well-prepared for your exam.

A Solutions Architect is responsible for designing cloud solutions that are scalable, resilient, secure, and cost-effective. This role involves analyzing business and technical requirements to create architectures that align with organizational goals, optimize performance, and ensure security. Solutions Architects must balance cost with performance, implement security best practices, and continuously improve architectures to adapt to evolving needs.

The SAA exam tests these skills, evaluating candidates’ ability to analyze requirements and solve real-world challenges in cloud environments. To do this, candidates are tested in the following domains:

We’ll discuss each of these domains, starting with the one with the most weightage in the exam score.

Note: We’ll outline the key concepts you should know and provide an overview of the essential services commonly used to implement these concepts. For an in-depth understanding of these concepts and services, we recommend checking out this course that covers all of these concepts and services in detail to prepare you for the AWS Certified Solutions Architect Associate exam.

1. Design secure architectures (30%)#

Securing cloud architectures is essential to protecting sensitive data, ensuring compliance, and maintaining trust in cloud environments. As threats evolve, architects must design solutions that can withstand potential security risks while safeguarding critical resources. In this domain, the candidate’s ability to design secure architectures and enhance the security of existing ones is evaluated. This domain is further divided into three sections, as follows:

Securing AWS accounts#

AWS defines the shared responsibility model where AWS provides security of the cloud infrastructure, and the customer manages security in the cloud. As a Solutions Architect, you should know how to secure access to an AWS account by following the AWS security best practices. From the solutions architect associate certificate exam point of view, it’s crucial to know about the following AWS services and their roles in securing AWS accounts and architectures:

• AWS Identity and Access Management (IAM): Using IAM users, groups, and roles to design flexible authentication and authorization models for AWS account access. Assessing the proper application of resource policies for various AWS services.

• AWS Security Token Service (STS): Leveraging IAM roles and STS to implement role-based access for entities within and outside the AWS account.

• AWS Control Tower and Service Control Policies (SCPs): Managing multiple AWS accounts and developing a security strategy for multiple AWS accounts.

• AWS Identity Center (AWS Single Sign-On): Evaluating the need to federate a directory service with IAM roles to centralized identity management and streamlined access control across AWS resources.

Securing workloads and applications #

AWS offers various security services to secure resources and applications both within the AWS account and outside of it. This subdomain will check your proficiency in using those services for new and existing infrastructure. To tackle the questions in this subdomain of the solutions architect associate exam, you should have a keen understanding of the following AWS services:

• Amazon VPC: Using networking services to create secure networking environments by controlling ports, protocols, and network traffic on AWS. Also, evaluating and selecting the appropriate network segmentation strategy.

•  AWS WAF, AWS Shield, and AWS Secrets Manager: Securing applications against common web exploits, such as DDoS and SQL injection.

• AWS Direct Connect: Ensuring a secure connection to and from AWS Cloud.

Securing data#

This domain involves securing data within and outside the cloud using AWS services. You should be familiar with data access and management, data recovery, data retention and categorization, encryption, and secure key management. This domain also tests your ability to make data compliant with industry standards like HIPAA.

For this subdomain, the key services you need to focus on are as follows:

• AWS Key Management Service (KMS): Encrypting data at rest and managing encryption resources

• AWS Certificate Manager (ACM): Encrypting data in transit

• Compliance services like AWS Artifact: Ensuring data compliance using AWS services

• Backup features of AWS databases: Mitigating the risks of data loss using data backups and replications

• IAM resource policies: Securing the data access using policies

This domain ensures you can protect AWS workloads from unauthorized access and data breaches, which is crucial for real-world applications and the exam.

2. Design resilient architectures (26%)#

Resiliency ensures systems can recover from failures and continue operating smoothly. This domain covers how to design high availability (HA) and fault-tolerant architectures and is divided into two categories.

Designing scalable and loosely coupled architectures#

This subdomain entails the design of architectures that support scalability, flexibility, and efficient communication between components. To score well in this subdomain, you should have a strong grasp of the following concepts:

• AWS service to architect event-driven, microservice, and/or multitier architectures as per requirements

• Leveraging the serverless and scaling tools of AWS to make the infrastructure scalable

• Utilizing AWS services to establish loose coupling between different infrastructure components

• Choosing when and how to use containers for deployment

• Identifying scenarios suited for serverless technologies and patterns

• Selecting appropriate compute, storage, networking, and database resources and classes based on different scenarios

Key services#

The essential services you need experience with for this domain include:

• AWS Lambda and AWS Fargate

• Amazon API Gateway

• AWS Application Load Balancer

• AWS container services like Amazon Elastic Compute Service (ECS) and Amazon Elastic Kubernetes Service (EKS)

• AWS Step Functions

• Amazon SQS

• Storage classes of AWS storage services like Amazon S3 Glacier

Architecting highly available and fault-tolerant architectures#

This subdomain assesses your ability to design systems that maintain functionality despite component failures. It evaluates your knowledge of strategies for minimizing downtime, ensuring continuous operations, and implementing redundancy across various infrastructure layers. The concepts you should focus on for this subdomain include:

• Establishing automation strategies to maintain infrastructure integrity in case of any component failure

• Identifying AWS services required for building a highly available or fault-tolerant architecture across multiple AWS Regions or Availability Zones as dictated by the requirements

• Designing solutions to eliminate single points of failure

• Ensuring data durability and availability using AWS services and their features

• Choosing an appropriate disaster recovery strategy

• Enhancing the reliability of legacy systems and applications not optimized to the cloud, especially when changes to the application are not feasible

• Using AWS services that improve the reliability of legacy applications and applications not built for the cloud (for example, when application changes are not possible)

Key services#

The essential services you need experience with for this domain include:

• AWS Application Load Balancer

• Amazon ElastiCache

• AWS X-Ray

• Amazon Route 53

• Amazon RDS Proxy

Mastering this domain will allow you to design systems ensuring uptime and reliability, key areas for exam success and practical application in your cloud architecture career.

3. Design high-performing architectures (24%)#

This domain tests your skills in designing architectures optimized for performance and can efficiently handle varying demand levels. It covers key concepts and practices for creating robust, scalable, and responsive solutions. This domain is divided into five subdomains, each focusing on a specific aspect of high-performing architecture.

Designing high-performing and scalable storage solutions#

This subdomain solely focuses on storage options. For this subdomain, you should develop a solid understanding of the following concepts:

• Hybrid storage solutions

• AWS storage services and their uses to be able to select storage services and configurations that meet the performance requirements

• Understanding the available storage types and choosing storage services that can scale based on demand

Key services#

As this domain revolves around storage services, the key services you should have a good understanding and hands-on experience with are AWS storage services, including:

• Amazon Simple Storage Service (S3)

• Amazon Elastic Block Store (EBS)

• Amazon Elastic File System (Amazon EFS)

Designing high-performing and elastic compute solutions#

This subdomain focuses on selecting the right compute solutions to meet performance and elasticity requirements. You should develop a solid understanding of the following concepts:

• AWS compute services to meet requirements like elasticity and performance

• Distributed computing concepts supported by AWS global infrastructure

• Queuing and messaging concepts

• Scalability capabilities for handling dynamic workloads to optimize compute resources based on demand and scaling needs

• Serverless technologies and patterns to implement serverless computing patterns and container orchestration

Key services#

As this subdomain revolves around compute services, the key services you should develop a strong grasp of include:

• AWS Lambda

• Amazon Elastic Compute Cloud (EC2)

• AWS Fargate

• Container services like Amazon Elastic Kubernetes Service (EKS) and Amazon Elastic Compute Service (ECS)

Designing high-performing database solutions#

This subdomain focuses on choosing and designing database solutions that meet performance and scalability requirements. You should develop a solid understanding of the following concepts:

• Choosing the appropriate database engine based on application and business requirements

• Caching strategies and AWS services used for caching to improve performance

• Data access patterns, such as read-intensive vs. write-intensive workloads

• Database capacity planning

• Database connections and proxies for optimizing performance

• Database replication to meet business requirements

Key services#

The key services you should develop a deep understanding of for this subdomain include:

• Amazon RDS

• Amazon DynamoDB

• Amazon ElastiCache

• Amazon Aurora

Designing high-performing and/or scalable network architectures#

This subdomain is focused on designing and implementing network architectures that are both scalable and optimized for performance. To excel in this area, you should have a firm understanding of the following concepts:

• Edge networking services and their uses

• Network topologies for different architectures, including global, hybrid, and multitier setups

• Load balancing strategy to ensure optimal performance and reliability

• Network connection tools

Key services#

The key services involved in this subdomain that you should understand and have hands-on experience with include:

• Amazon CloudFront

• AWS Global Accelerator

• AWS Application Load Balancer (ALB)

• AWS VPN

• AWS Direct Connect

• AWS PrivateLink

Designing high-performing data ingestion and transformation workloads#

This subdomain centers around building efficient data ingestion and transformation pipelines to process data at scale. To succeed in this area, you need to develop a thorough understanding of the following concepts:

• Understanding data analytics and visualization services provided by AWS

• Data ingestion patterns to design data streaming architectures to handle continuous flows of data

• Data transfer services and their uses

• Data transformation services like AWS Glue and their application for transforming data

• Securing data ingestion access points

• Understanding the compute options, sizes, and speeds needed for data transfers to meet the requirements

• Streaming data services provided by AWS and their use cases

Key services#

The key services associated with this subdomain that you should be familiar with include:

• Amazon Athena

• AWS Lake Formation

• Amazon QuickSight

• AWS DataSync

• AWS Storage Gateway

• AWS Glue

• Amazon Kinesis

Designing high-performance architectures is essential for creating responsive and scalable systems, a core area of focus for the exam and real-world cloud design.

4. Design cost-optimized architectures (20%)#

Cost optimization helps businesses reduce their cloud spending. This domain focuses on using services that offer the best value and is divided into four subdomains.

Designing cost-optimized storage solutions#

This subdomain emphasizes designing storage solutions that balance performance and cost efficiency. To excel in this area, you must understand key concepts such as:

• Storage strategies, such as using batch uploads to S3 instead of individual uploads

• Storage access patterns and their impact on cost and performance

• Storage size for a specific workload to avoid over-provisioning

• Cost-effective method of transferring data to AWS storage for a given workload

• Determine when auto scaling storage is required to meet changing demand

• Data life cycles and data retention management for optimized costs

• Effective backup strategies for maintaining data availability

• Storage tier based on access patterns and costs

Key services#

The core services involved in designing cost-effective storage solutions include:

• Amazon Simple Storage Service (S3)

• Amazon Elastic Block Store (EBS)

• Amazon Elastic File System (EFS)

• Amazon FSx

• AWS DataSync

• AWS Transfer Family

• AWS Storage Gateway

Designing cost-optimized compute solutions#

This subdomain focuses on designing compute solutions that are both efficient and cost-effective. You should develop a strong understanding of key concepts such as:

• Load balancing strategy, such as choosing between application load balancer (Layer 7), network load balancer (Layer 4), or gateway load balancer

• Scaling methods and strategies for elastic workloads, such as horizontal vs. vertical scaling or using EC2 hibernation for cost efficiency

• Cost-effective AWS compute services based on the workload, such as Lambda, EC2, or Fargate

• Understanding the EC2 instance family based on workload requirements and avoiding overspending

• AWS purchasing options to reduce long-term costs

Key services#

The primary services and tools involved in creating cost-optimized compute solutions include:

• Amazon Elastic Compute Cloud (EC2)

• AWS Lambda

• AWS Fargate

• AWS Outposts

• AWS Snowball Edge

• AWS Cost Explorer

• AWS Budgets

Designing cost-optimized database solutions#

This subdomain focuses on creating database solutions that are not only effective but also cost-efficient. You should develop a strong understanding of the following key concepts:

• Data backup and retention policies

• Choosing the most suitable database engine for your requirements

• Identifying cost-effective AWS database services depending on the workload

• Selecting the appropriate database types for cost efficiency

• Migrating database schemas and data efficiently to different locations or between different database engines, ensuring minimal disruption and cost

Key services#

The primary services involved in designing cost-optimized database solutions include:

• Amazon DynamoDB

• Amazon Relational Database Service (RDS)

• Amazon Aurora

• Amazon ElastiCache

• AWS Cost Explorer

• AWS Budgets

Designing cost-optimized network architectures#

This subdomain emphasizes creating network architectures that are efficient and cost-effective. You should develop a comprehensive understanding of the following key concepts:

• Configuring appropriate NAT gateway types for your network, comparing a single shared NAT gateway with dedicated NAT gateways for each Availability Zone

• Establishing the right network connections by evaluating Direct Connect vs. VPN options based on cost and performance needs

• Setting up appropriate network routes to minimize transfer costs, considering scenarios like Region to Region, Availability Zone to Availability Zone, and public to private traffic

• Determining strategic needs for content delivery networks (CDNs) and implementing edge caching solutions effectively

• Reviewing existing workloads for potential network optimizations to reduce costs

• Selecting an appropriate throttling strategy to manage network traffic and costs efficiently

• Deciding on the suitable bandwidth allocation for network devices

Key services#

The main services involved in designing cost-optimized network architectures include:

• Amazon Virtual Private Cloud (VPC)

• AWS Transit Gateway

• Amazon CloudFront

• AWS Direct Connect

• Amazon Route 53

• AWS Application Load Balancer

Cost optimization is essential for the exam and key to building long-term solutions for clients and businesses.

Best practices for exam preparation#

Here are a few tips for effective preparation:

• Hands-on practice: AWS hands-on labs are an excellent way to deepen your knowledge of core services like EC2, VPC, and S3. Check out these Cloud Labs at Educative to gain practical, hands-on experience with AWS services.

• White papers and case studies: Read AWS white papers, particularly on architecture and cost management. Operational best practices, such as monitoring, logging, and automation, are key to ensuring the ongoing reliability and efficiency of your AWS environments. These practices should be integrated across all domains, supporting the AWS Well-Architected Framework’s focus on continuous improvement and proactive management.

• Practice exams: Taking mock exams can help identify knowledge gaps and familiarize you with the exam format.

Conclusion#

Understanding the AWS Solution Architect Associate exam syllabus is the first step toward achieving certification success. Focus on mastering the key domains of secure, resilient, high-performing, and cost-optimized architectures. Once you’ve honed these skills, you’re well on your way to earning the certification.