The AWS Certified Solutions Architect – Associate (SAA-C03) is the most widely held AWS certification in the industry. It's the credential hiring managers recognise, and it's the one that proves you can design actual cloud architectures — not just identify which services exist.
That makes it harder than CLF-C02. The questions aren't about definitions. They're about trade-offs: which architecture is more resilient, more cost-effective, more secure, given a specific set of constraints. If you're preparing for SAA-C03 in 2026, here's how to approach it.
What SAA-C03 actually tests
The exam covers four domains:
| Domain | Exam weight |
|---|---|
| Design Secure Architectures | 30% |
| Design Resilient Architectures | 26% |
| Design High-Performing Architectures | 24% |
| Design Cost-Optimized Architectures | 20% |
The exam is 130 minutes, 65 questions, $300. Passing score is 720/1000.
Notice that Secure Architectures is the largest domain — many candidates underweight it. The exam isn't just testing whether you know IAM exists. It's testing whether you can design a VPC with correct subnet isolation, choose between security groups and NACLs for a given scenario, and apply least-privilege access patterns across services.
The three areas that trip most candidates up
1. Storage selection — knowing which service for which workload
AWS has more storage options than any other cloud provider, and the exam exploits this. You need to know the difference between S3, EBS, EFS, FSx for Windows, FSx for Lustre, and when each applies.
The traps: EBS is block storage — it attaches to a single EC2 instance (except multi-attach io1/io2). EFS is a managed NFS file system — it's shared across multiple instances, but only Linux. FSx for Windows is the answer when the workload is Windows-native (SMB protocol, Active Directory integration). S3 is object storage — not a file system, despite what candidates assume when a question mentions "storing files."
Common question pattern: "A company has 200 EC2 instances running Windows that need access to a shared file system." That's FSx for Windows, not EFS.
2. Resilience architecture — multi-AZ, multi-region, and DR patterns
Resilient Architectures is 26% of the exam and it requires precision with terminology. High Availability (HA) means surviving an AZ failure — typically achieved with multi-AZ deployments. Disaster Recovery (DR) means surviving a region failure — and the right approach depends on your RTO/RPO targets.
The four DR patterns you need to know:
- Backup and Restore — lowest cost, highest RTO/RPO
- Pilot Light — core services always running, scale up on failover
- Warm Standby — scaled-down version of production always running
- Active-Active (Multi-Site) — full production in multiple regions, near-zero RTO/RPO
The exam gives you constraints ("RTO of 15 minutes, RPO of 1 hour, cost must be minimised") and expects you to match them to the right pattern. Candidates who only know the names without knowing the cost/speed trade-offs get these wrong.
3. Security architecture — IAM, VPCs, and the principle of least privilege
The security domain tests architecture decisions, not just service knowledge. You need to be able to design a VPC with public and private subnets, know when to use a NAT Gateway vs NAT Instance, understand VPC peering vs Transit Gateway, and apply IAM roles correctly (EC2 instance roles, cross-account access, service-linked roles).
The most common error: candidates confuse security groups (stateful, instance-level) with NACLs (stateless, subnet-level). The exam regularly presents scenarios where both are relevant and expects you to identify which controls apply at which layer.
Also important: when to use IAM roles vs IAM users. If an EC2 instance needs to access S3, it uses an IAM role — never an access key stored on the instance. The exam rewards understanding why, not just that.
How to structure your study
Weeks 1–2: AWS fundamentals and service depth If you don't have hands-on AWS experience, start here. Adrian Cantrill's SAA-C03 course builds deep understanding of how services actually work, which matters for this exam. Stephane Maarek's course moves faster and is better if you already have AWS exposure. Cover compute (EC2, Lambda, ECS, EKS), storage (S3, EBS, EFS, FSx), databases (RDS, Aurora, DynamoDB, ElastiCache, Redshift), and networking (VPC, Route 53, CloudFront, API Gateway).
Weeks 3–4: Architecture patterns This is where most study guides skip too quickly. Work through the Well-Architected Framework pillars — Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimisation, and Sustainability. SAA-C03 is built around these pillars. Many questions are easier if you recognise which pillar they're testing.
Weeks 5–6: Domain-by-domain practice questions Don't start with full practice exams. Work domain by domain — Secure Architectures first (highest weight), then Resilient, then High-Performing, then Cost-Optimised. Find out where your gaps are before mixing domains.
Final week: Timed full exams + review Run two or three full-length practice exams. 65 questions in 130 minutes gives you two minutes per question — that's comfortable for straightforward questions, but scenario-based questions with long setups can eat your time if you let them. Practise skipping and returning.
The most common reason people fail SAA-C03
They study breadth without building depth in architecture thinking.
CLF-C02 rewards knowing what services exist. SAA-C03 rewards knowing which architecture to choose given constraints — cost, RTO, RPO, compliance, performance. Candidates who memorise service features without practising architectural decision-making hit a wall on the harder questions.
The shift in mindset: stop asking "what does this service do?" and start asking "when would I choose this over the alternative, and why?"
Practice questions that force trade-off decisions are the fastest way to build this. Each wrong answer tells you which architectural pattern or service distinction to revisit.
Key resources
- Adrian Cantrill's SAA-C03 course — the most thorough option, builds genuine understanding
- Stephane Maarek's course on Udemy — faster-paced, excellent for candidates with existing AWS experience
- Tutorials Dojo practice exams — widely regarded as the best third-party practice questions for SAA-C03
- AWS Well-Architected Framework whitepapers — not optional; several questions are drawn directly from these
- ExamCoach — SAA-C03 practice questions coming soon; join the waitlist to be notified when it launches
Know your weak domains before exam day
The gap between passing and failing SAA-C03 usually comes down to one or two domains where your decision-making is inconsistent. Candidates who identify those gaps early and close them specifically tend to pass first time.
ExamCoach is building adaptive SAA-C03 practice questions across all four domains — tracking your correct rate per topic and surfacing your weakest areas after each session. Join the waitlist to be notified when it launches.
ExamCoach covers AWS CLF-C02, CCNA, AZ-104, CompTIA Security+, CISSP, CFA Level 1, and more.