AWS Solutions Architect Associate: 2023 Certification Guide
The AWS Solutions Architect Associate serves as a reliable consultant to customers and assumes significant responsibility in developing application design plans.
The AWS Solutions Architect Associate program confirms the proficiency of practitioners in designing well-structured solutions for business cases. It is the most sought-after AWS Certification program worldwide.
Solutions architects bear considerable responsibility in crafting design plans and providing technical guidance to clients. Their responsibilities extend to ensuring that building plans are secure, scalable, high-performing, cost-effective, and fault-tolerant. They also speak at conferences, write blogs, mentor interns, and run technical workshops.
If you are seeking to build specialty skills, this program is a recommended prerequisite for the Professional or Specialty level certifications in Big Data, Machine Learning, or Security. For more information, our pillar article on AWS Certifications is a must-read.
AWS Solutions Architect Associate
We recommend taking exam preparation courses and practice tests to establish a strong technical foundation for understanding AWS architecture. It is important to note that this is a scenario-focused exam, and you should be able to demonstrate proficiency in providing effective solutions for businesses, rather than just implementation skills.
To help you prepare for technical discussions about AWS solutions, here are some quality courses to become positively ready for the certification exam.
- AWS Certified Solutions Architect Associate — Whizlabs
- AWS Cloud Architect Nanodegree — Udacity
- Ultimate AWS Certified Solutions Architect Associate — Stephan Marek
- AWS Solutions Architect Associate Learning Path — Educative
Exam Domains (SAA-C02)
The ideal candidate should have a sound knowledge of the four domains that are essential for clearing the AWS Certified Solutions Architect Associate exam.
Domain 1 — Design Secure Architectures
This domain assesses your proficiency in creating secure architectures and includes three task statements. It accounts for a substantial 30% of the total exam score.
Task 1: Design secure access to AWS resources
The first task assesses your knowledge in managing access controls across various AWS accounts. This requires knowledge of AWS federated access, identity services, global infrastructure, security best practices, and the shared responsibility model.
You will be examined on your expertise to implement security best practices for IAM users and root users, design flexible authorization models, role-based access control strategies, and security strategies for multiple AWS accounts. You should also be able to determine the appropriate use of resource policies for AWS services and when to federate a directory service with IAM roles.
Task 2: Design secure workloads and applications
The second task in this domain evaluates your functional knowledge of configuring and securing AWS applications, effectively utilizing security services, and designing secure VPC architectures with network segmentation strategies.
You will be evaluated on your ability to integrate AWS services for application security and to secure external network connections to and from the AWS cloud. This task is crucial in determining your expertise in AWS security and network architecture.
Task 3: Determine appropriate data security controls
The final task in the secure architectures domain assesses your proficiency in data access and governance, data recovery, data retention, and classification, encryption, and key management within the AWS environment.
It evaluates your ability to align AWS technologies with compliance requirements, encrypt data both at rest and in transit, implement access policies for encryption keys, data backups, and replications, and establish policies for data access, lifecycle, and protection. You should be able to rotate encryption keys and renew certificates.
Domain 2 — Design Resilient Architectures
This domain assesses your ability to create robust architectures and includes two task statements, which account for 26% of the total exam.
Task 1: Design scalable and loosely coupled architectures
The first task statement validates your understanding and skills to design and implement architectures using AWS services, including API creation and management, caching strategies, event-driven architectures, load balancing concepts, serverless technologies, and storage types, among others.
You should be able to determine scaling strategies and recommend appropriate AWS services based on requirements.
Task 2: Design highly available and/or fault-tolerant architectures
This task evaluates your proficiency in various areas such as AWS global infrastructure, managed services, networking concepts, disaster recovery strategies, distributed design patterns, failover strategies, load balancing concepts, proxy concepts, service quotas and throttling, storage options, workload visibility, and determining automation strategies to ensure infrastructure integrity.
You should be highly equipped to identify metrics, implement designs, select DR strategies, and use AWS services to enhance the reliability of legacy applications.
Domain 3 — Design High-Performing Architectures
This domain evaluates your proficiency in designing high-performing architectures and comprises five task statements, which contribute to 24% of the certification exam.
Task 1: Determine high-performing and/or scalable storage solutions
In this task, you will be expected to demonstrate your understanding of hybrid storage solutions, storage services, and storage types. This includes your knowledge to determine the most appropriate storage services and configurations to meet performance demands and accommodate future needs.
Task 2: Determine high-performing and/or scalable storage solutions.
You will be evaluated on your proficiency in AWS compute services, distributed computing concepts, queuing and messaging concepts, scalability capabilities, serverless technologies and patterns, and container orchestration.
This task will test your functional knowledge to decouple workloads, determine scaling metrics, and choose the most suitable compute options and resource types to meet business needs.
Task 3: Determine high-performing database solutions
You will be evaluated on your proficiency in AWS global infrastructure, caching strategies, data access patterns, database capacity planning, database connections and proxies, database engines, replication, and types and services.
This task is designed to assess your ability to configure read replicas, design database architectures, select appropriate database engines and types, and integrate caching to meet business requirements.
Task 4: Determine high-performing and/or scalable network architectures
The task evaluates your proficiency in edge networking services, network architecture design, load balancing concepts, and network connection options.
You should be able to create network topology for various architectures, determine scalable network configurations, select suitable load balancing strategies, and allocate resources to meet business needs.
Task 5: Determine high-performing data ingestion and transformation solutions
The task will examine your proficiency in data analytics and engineering services, including data ingestion, transfer, transformation, secure access, streaming, data lake building and securing, data streaming architecture design, visualization, compute options selection, and data format transformation.
Domain 4 — Design Cost Optimized Architectures
This domain assesses your ability to design cost-optimized architectures, which includes four task statements and accounts for 20% of the certification exam.
Task 1: Design cost-optimized storage solutions.
You will be tested on your knowledge and skills related to AWS storage services, cost management, backup strategies, data lifecycles, and storage access patterns.
The task will assess your skills to design appropriate storage strategies, determine storage size and cost, manage S3 object lifecycles, select backup and archival solutions, and choose the most cost-effective storage service.
Task 2: Design cost-optimized compute solutions
This task assesses your knowledge and skills related to AWS cost management, global infrastructure, purchasing options, compute strategies, and scaling strategies.
You should be able to determine appropriate load balancing and scaling methods, cost-effective compute services, required availability, and instance selection for workloads.
Task 3: Design cost-optimized database solutions
The task assesses the candidate's proficiency in AWS cost management services, caching strategies, data retention policies, database capacity planning, database engines and replication, and various types of databases.
It evaluates your skills to design suitable backup and retention policies, identify cost-effective AWS database services and types, and migrate database schemas and data to different locations and engines.
Task 4: Design cost-optimized network architectures
The final task assesses proficiency in AWS cost management, load balancing, NAT gateways, network connectivity, routing, and services.
You should be able to configure NAT gateway types and network connections, minimize network transfer costs, determine strategic needs for CDNs and edge caching, review existing workloads for network optimizations, and select appropriate throttling and bandwidth allocation strategies.
We hope this exam guide has provided you with valuable insights and knowledge to prepare for the AWS Solutions Architect Associate-Level Certification. Earning this certification can greatly enhance your career prospects and validate your expertise in designing and implementing distributed systems and solutions on AWS. Best of luck in your AWS Certification journey!
Disclosure: The opinions expressed in this article belong to the authors and do not represent the opinions of AWS or any of the third-party educators mentioned. This article may include links to content on third-party websites. By providing these links, kanger.dev does not assume responsibility for, guarantee, approve, or endorse the information, opinions, or products available on these websites.
kanger.dev is supported by our readers. We may earn affiliate commissions from purchases made through links on this site.