H.
AWS Solutions Architect

How to Pass the AWS SAA-C03 Exam on Your First Attempt

A complete, battle-tested study plan for the AWS Solutions Architect Associate exam. Covers all 6 domains, the top services you must know, and proven exam strategies.

March 20, 2026by Hiiragi Team
SAA-C03AWSstudy-guidesolutions-architectcertification

What Is the AWS SAA-C03 Exam?

The AWS Certified Solutions Architect – Associate (SAA-C03) is one of the most sought-after cloud certifications in the industry. It validates your ability to design scalable, cost-optimized, and resilient architectures on AWS.

  • Exam duration: 130 minutes
  • Questions: 65 (multiple choice and multiple response)
  • Passing score: 720 / 1000
  • Cost: $150 USD

The 6 Exam Domains You Must Master

AWS weights each domain differently. Allocate your study time accordingly:

  1. Design Secure Architectures — 30%
  2. Design Resilient Architectures — 26%
  3. Design High-Performing Architectures — 24%
  4. Design Cost-Optimized Architectures — 20%

Domain 1: Design Secure Architectures (30%)

This is the heaviest domain. Focus on:

  • IAM — policies, roles, users, groups, permission boundaries, SCPs
  • S3 bucket policies vs ACLs vs IAM policies
  • KMS — envelope encryption, key policies, automatic rotation
  • AWS WAF, Shield, GuardDuty, Security Hub — know which service does what
  • VPC security — security groups (stateful) vs NACLs (stateless), VPC endpoints
Exam tip: Know the difference between identity-based policies and resource-based policies. Many questions test this distinction.

Domain 2: Design Resilient Architectures (26%)

  • Multi-AZ vs Multi-Region — understand when each applies
  • RDS Multi-AZ (automatic failover) vs Read Replicas (read scaling)
  • Auto Scaling Groups — lifecycle hooks, scaling policies, cooldown periods
  • Elastic Load Balancing — ALB vs NLB vs CLB, sticky sessions, cross-zone load balancing
  • Route 53 routing policies — failover, latency, weighted, geolocation

Domain 3: Design High-Performing Architectures (24%)

  • S3 performance — multipart upload (>100MB), Transfer Acceleration, byte-range fetches
  • ElastiCache — Redis vs Memcached, when to cache
  • CloudFront — origins, distributions, signed URLs vs signed cookies
  • SQS, SNS, Kinesis — decoupling patterns and real-time streaming

Domain 4: Design Cost-Optimized Architectures (20%)

  • EC2 pricing — On-Demand vs Reserved vs Spot vs Savings Plans
  • S3 storage classes — Standard, Intelligent-Tiering, Standard-IA, Glacier Instant/Flexible/Deep Archive
  • Cost Explorer, AWS Budgets — monitoring and alerting on spend
  • Right-sizing — when to move to smaller instance types

The Top 10 Services You Must Know Cold

These services appear in the majority of SAA-C03 questions:

  1. Amazon S3 — storage classes, lifecycle rules, versioning, replication
  2. Amazon VPC — subnets, route tables, NAT Gateway, VPC peering, Transit Gateway
  3. Amazon EC2 — instance types, AMIs, user data, placement groups
  4. AWS IAM — policies, roles, federation, STS, cross-account access
  5. Amazon RDS — Multi-AZ, Read Replicas, Aurora, Parameter Groups
  6. Amazon CloudFront — CDN, edge locations, OAC (Origin Access Control)
  7. AWS Lambda — serverless compute, concurrency, event sources
  8. Amazon DynamoDB — on-demand vs provisioned, DAX, global tables, GSI/LSI
  9. Amazon SQS / SNS — messaging patterns, FIFO queues, fan-out architecture
  10. Amazon ECS / EKS — container orchestration, Fargate vs EC2 launch type

A 30-Day Study Plan

Week 1: Foundation (Days 1–7)

  • Complete the AWS free training: AWS Skill Builder
  • Read the official exam guide
  • Set up an AWS free tier account and explore the console

Week 2: Core Services Deep Dive (Days 8–14)

  • Study VPC networking in depth (most complex topic)
  • Practice IAM policy JSON — understand Allow, Deny, and Condition keys
  • Build a 3-tier web app in the console (EC2 + RDS + S3 + CloudFront)

Week 3: Practice Questions (Days 15–21)

  • Take 1–2 timed mock exams per day
  • Review every wrong answer — read the explanation, not just the correct option
  • Focus on your weak domains (check analytics in Hiiragi)

Week 4: Reinforce & Final Review (Days 22–30)

  • Re-take practice exams in your weakest areas
  • Create flashcards for services you keep confusing
  • Review AWS whitepapers: Well-Architected Framework and Security Best Practices

Exam Day Tips

During the exam:

  • Flag questions you're unsure about and come back to them
  • Eliminate obviously wrong answers first — usually 2 of 4 options are clearly incorrect
  • When two answers look similar, focus on the scenario constraints (cost, speed, minimal operational overhead)
  • "Most cost-effective" usually means Spot Instances or S3 Glacier
  • "Highly available" usually means Multi-AZ

Common traps:

  • aws:SourceIp in IAM policies doesn't work with roles assumed via sts:AssumeRole
  • S3 bucket policies are evaluated alongside IAM policies — the least permissive wins
  • Security Groups are stateful — return traffic is automatically allowed
  • NACLs require explicit allow rules for BOTH inbound AND outbound

Free Mock Exam Resources

The best way to prepare is to practice with questions that mirror the real exam. Start a free mock exam on Hiiragi — our adaptive engine identifies your weak spots and serves more questions from those domains.

Practice consistently, review your mistakes thoroughly, and you'll be ready. Good luck!

Test your knowledge now

Our adaptive mock exams target exactly what you just read. Take a practice test and lock in the concepts.

Start Mock Exam
All articles