How to Pass AWS Solutions Architect Associate (SAA-C03) in 2026

The AWS Solutions Architect Associate (SAA-C03) is the most popular cloud certification in the world. It's the gateway cert for cloud and DevOps roles — almost every JD for a cloud-adjacent position lists it.

This is a practical prep guide. Not "what is AWS" basics, but exactly what to study, in what order, and how to clear the exam efficiently.

What the SAA-C03 Exam Looks Like

• Questions: 65 (multiple choice + multiple select)
• Duration: 130 minutes
• Passing score: 720/1000
• Cost: $150 USD (~₹12,500)
• Validity: 3 years
• Retake: $150 again (no free retake)

Unlike CKA, this is a knowledge-based exam — no hands-on terminal. But the questions are scenario-based and require real understanding, not just memorization.

SAA-C03 Exam Domains

Security and resilience together are 56% of the exam. This is where you should spend the most time.

6-Week Study Plan

Week 1 — Core Compute and Networking

Services to master:

• EC2 — instance types, placement groups, user data, metadata
• VPC — subnets, route tables, internet gateway, NAT gateway, security groups, NACLs
• Elastic Load Balancing — ALB vs NLB vs CLB, target groups, listener rules
• Auto Scaling Groups — launch templates, scaling policies, lifecycle hooks

Key concepts for the exam:

• When to use Security Groups (stateful) vs NACLs (stateless)
• Difference between ALB (HTTP/HTTPS, path-based routing) and NLB (TCP/UDP, ultra-low latency)
• Public vs private subnet — what goes where

VPC (10.0.0.0/16)
├── Public Subnet (10.0.1.0/24)  → Internet Gateway → EC2/ALB
├── Private Subnet (10.0.2.0/24) → NAT Gateway → EC2 (no inbound)
└── DB Subnet (10.0.3.0/24)      → No internet access → RDS

Week 2 — Storage

Services to master:

• S3 — storage classes, lifecycle policies, versioning, replication, encryption, access control
• EBS — volume types (gp3, io2, st1, sc1), snapshots, multi-attach
• EFS — vs EBS, when to use
• S3 Glacier — retrieval tiers (Instant, Flexible, Deep Archive)

Key exam questions involve:

• Choosing the right S3 storage class based on access pattern + cost
• When to use EBS vs EFS vs S3
• S3 pre-signed URLs vs bucket policies vs IAM policies

Week 3 — Databases

Services to master:

• RDS — Multi-AZ (HA), Read Replicas (performance), Aurora (5x MySQL, 3x PostgreSQL)
• DynamoDB — primary keys, GSI/LSI, DAX, streams, on-demand vs provisioned
• ElastiCache — Redis vs Memcached, when to add caching
• Redshift — data warehousing, spectrum

Most-tested RDS concepts:

• Multi-AZ = synchronous replication, automatic failover, no performance benefit
• Read Replica = asynchronous, improves read performance, manual failover required
• Aurora = Multi-AZ by default, 6 copies across 3 AZs, auto-grows to 128TB

Week 4 — Security and IAM

Topics to master:

• IAM — users, groups, roles, policies (identity vs resource), permissions boundaries
• AWS Organizations — SCPs (Service Control Policies), OUs
• KMS — customer managed keys vs AWS managed keys, envelope encryption
• Secrets Manager vs Systems Manager Parameter Store
• Shield (Standard vs Advanced), WAF, GuardDuty, Macie

IAM policy evaluation logic (heavily tested):

Explicit DENY → Always deny, regardless of allows
↓
Explicit ALLOW → Grant access (unless SCP denies at org level)
↓
Implicit DENY → Default: everything is denied

When multiple policies apply, AWS evaluates all of them. An explicit deny in any policy wins.

Week 5 — High Availability and Disaster Recovery

Patterns to understand:

• RPO (Recovery Point Objective) — max acceptable data loss
• RTO (Recovery Time Objective) — max acceptable downtime

Also master:

• Route 53 routing policies — Simple, Weighted, Latency, Failover, Geolocation, Geoproximity
• CloudFront — origins, behaviors, edge caching, Lambda@Edge
• Global Accelerator — Anycast IPs, TCP/UDP acceleration

Week 6 — Practice Exams + Weak Areas

Spend this week doing full mock exams. Target 75%+ on practice tests before booking.

Best Resources

Practice Exams (Most Important)

Tutorials Dojo (Jon Bonso) — The best practice exam resource. His mock questions are very close to actual exam style. Do all 6 sets before your attempt.

AWS Skill Builder — AWS's official practice questions. Free tier has ~20 official questions. Paid tier ($29/month) has more. Worth doing at least the free ones to understand official question style.

Courses

Adrian Cantrill's SAA-C03 Course — Deepest, most thorough SAA course. Covers everything with hands-on labs. If you have time (4-6 weeks), this is the best.

Stephane Maarek on Udemy — More concise, great for a faster pass. Often on sale for ₹500-800.

KodeKloud AWS Learning Path — Hands-on labs specifically for DevOps engineers. Good if you want to combine AWS learning with Terraform and Kubernetes practice.

Official Docs

AWS documentation is useful for verifying specific limits and service behaviors. Don't read docs as your primary study material — use courses and practice exams, reference docs to fill gaps.

Exam Strategy

Question Types

"Most cost-effective" questions — Usually means: use Reserved Instances or Spot, use the right storage tier, avoid over-provisioning.

"Highly available" questions — Think Multi-AZ RDS, ALB across AZs, Auto Scaling, Route 53 failover.

"Most secure" questions — Least privilege IAM, encryption at rest (KMS), encryption in transit (TLS), VPC endpoints instead of internet access.

"Minimum operational overhead" — Serverless (Lambda, DynamoDB, Aurora Serverless), managed services, avoid self-managed anything.

Time Management

65 questions in 130 minutes = 2 minutes per question. The first time through:

• Answer questions you're confident about immediately
• Flag uncertain ones and move on
• Come back to flagged questions with remaining time

Don't spend 5 minutes on one question at the cost of five others.

Read Questions Carefully

Many questions have a correct-sounding answer that fails on one word:

• "synchronous replication" vs "asynchronous"
• "automatic failover" vs "manual failover"
• "in-region" vs "cross-region"

The exam loves these distinctions. Slow down on the keywords.

Common Traps

1. Read Replica for HA — Read Replicas don't provide automatic failover. That's Multi-AZ.
2. NACL vs Security Group — NACLs are stateless (need both inbound + outbound rules). Security Groups are stateful.
3. S3 Standard-IA minimum duration — 30-day minimum storage duration. Using it for objects deleted in a week costs more than Standard.
4. Lambda timeout — Max 15 minutes. For longer workloads, use ECS/Fargate or EC2.
5. DynamoDB partition key — Should have high cardinality. Poor partition key choice causes hot partitions.

Where to Book and When to Buy

• Book at aws.amazon.com/certification — Pearson VUE or PSI
• Buy during AWS re:Invent promotions (November/December) — sometimes 50% discount vouchers
• Schedule your exam for a weekday morning when you're mentally fresh

Summary

The SAA-C03 is very passable with 6 weeks of focused study. The key is practice exams — do at least 300 practice questions before your actual attempt. Tutorials Dojo is your best friend here.

Get hands-on AWS experience while studying — DigitalOcean gives $200 free credit for practical infrastructure projects. For structured cloud learning with labs, check out KodeKloud.