The SAA-C04 is the current version of the AWS Certified Solutions Architect Associate exam, replacing the SAA-C03 in March 2024. If you studied for the C03 or passed it previously and are now recertifying, this article details every meaningful difference between the two versions — updated domain weights, new services added to the exam scope, topics that were removed or de-emphasized, and concrete adjustments you should make to your study plan.
The short version: the C04 increased security's weight from 26% to 30%, added serverless and container architectures as first-class topics, introduced data analytics services, and expanded multi-account governance questions. The overall difficulty increased slightly because the C04 tests broader service knowledge while maintaining the same 65-question, 130-minute format.
Exam Structure Comparison
The mechanical format of the exam stayed largely the same. Here is what changed and what did not:
| Element | SAA-C03 | SAA-C04 | Changed? |
|---|---|---|---|
| Total questions | 65 | 65 | No |
| Scored questions | 50 | 50 | No |
| Unscored questions | 15 | 15 | No |
| Time limit | 130 minutes | 130 minutes | No |
| Passing score | 720/1000 | 720/1000 | No |
| Question types | Multiple choice, multiple response | Multiple choice, multiple response | No |
| Exam cost | $150 USD | $150 USD | No |
| Certification validity | 3 years | 3 years | No |
| Scoring model | Scaled (IRT) | Scaled (IRT) | No |
| Prerequisites | None | None | No |
| Delivery | Pearson VUE (center + online) | Pearson VUE (center + online) | No |
The format is identical. The changes are entirely in the content — which topics are tested, how much weight each domain carries, and which AWS services you need to know.
Domain Weight Changes: Where the Points Moved
This is the most important change for study planning. AWS reallocated weights across all four domains:
| Domain | SAA-C03 Weight | SAA-C04 Weight | Change |
|---|---|---|---|
| Domain 1: Design Secure Architectures | 26% | 30% | +4% |
| Domain 2: Design Resilient Architectures | 24% | 26% | +2% |
| Domain 3: Design High-Performing Architectures | 24% | 24% | 0% |
| Domain 4: Design Cost-Optimized Architectures | 26% | 20% | -6% |
What This Shift Means in Practice
Security gained the most weight. In the C03, cost optimization and security were nearly tied. In the C04, security is the dominant domain with a 10-percentage-point lead over cost optimization. This reflects AWS's broader industry position: security is a shared responsibility model, and AWS wants architects to design secure-by-default systems rather than bolting security on afterward.
In concrete terms, the C04 has approximately 15 scored security questions compared to roughly 13 in the C03. That is 2-3 additional security questions that could make the difference between passing and failing.
Cost optimization lost the most weight. The C03 had cost optimization at 26%, making it the co-heaviest domain. The C04 dropped it to 20%, the lightest domain. This does not mean you can ignore cost — 10 scored questions is still significant — but it means candidates who spent 30% of their study time on pricing models and cost calculators should reallocate some of that time to security.
Resilience gained modestly. The bump from 24% to 26% added approximately one more scored question on high availability, disaster recovery, and fault tolerance topics. The new questions tend to focus on cross-region resilience patterns rather than single-AZ redundancy.
New Services Added in SAA-C04
The C04 expanded the exam scope to include services that were either not testable or barely mentioned in the C03. If your study materials were created before March 2024, they likely do not cover these services adequately.
Serverless and Containers (Major Addition)
The C03 tested Lambda and API Gateway but treated them as individual services. The C04 treats serverless architecture as a design paradigm with questions that combine multiple serverless services into complete solutions.
New or significantly expanded topics:
- AWS Step Functions: Orchestrating Lambda functions, managing state in distributed applications, error handling with retry and catch blocks, Express vs Standard workflows
- Amazon ECS and AWS Fargate: Container task definitions, service scaling, capacity providers (Fargate vs EC2 launch types), ECR for container image storage
- Amazon EKS: Kubernetes on AWS (basic awareness — the exam does not test Kubernetes internals, but you need to know when EKS is the right choice vs ECS)
- AWS App Runner: Fully managed container service for web applications (know when to recommend it vs Elastic Beanstalk or ECS)
- Lambda Destinations: Routing success and failure events to SQS, SNS, Lambda, or EventBridge (this was not tested in C03)
The C03 might have asked: "Which compute service should you use for an event-driven function that runs for under 15 minutes?" (Answer: Lambda.) The C04 asks: "A company needs to process images uploaded to S3, store results in DynamoDB, and send notification emails. The processing takes 2-8 minutes per image. The solution must handle variable traffic from 0 to 10,000 images per hour with no idle infrastructure costs. Design the architecture." (Answer: S3 event notification → Lambda → DynamoDB, with SNS for email, using Lambda destinations for error handling.)
Data Analytics Services (New Category)
The C03 barely mentioned analytics. The C04 includes analytics services as testable content across multiple domains:
- Amazon Athena: Querying S3 data directly using SQL without provisioning infrastructure. Know when to use Athena vs Redshift (ad-hoc queries on S3 data vs dedicated data warehouse).
- Amazon Kinesis Data Streams: Real-time data ingestion at scale. Know the difference between Kinesis Data Streams (you manage consumers, ordering by shard) and Kinesis Data Firehose (fully managed delivery to S3/Redshift/OpenSearch).
- Amazon Kinesis Data Firehose: Near-real-time data delivery. Know that Firehose buffers data and delivers in batches (minimum 60 seconds or 1 MB), so it is not truly real-time.
- AWS Glue: ETL service and data catalog. Know when Glue is the right choice for data transformation vs using Lambda for simple transformations.
- Amazon QuickSight: Business intelligence dashboards (awareness level — know it exists and when to recommend it, but detailed configuration is not tested).
Multi-Account Governance (Expanded Significantly)
The C03 touched on AWS Organizations. The C04 tests it as a core architectural pattern:
- Service Control Policies (SCPs): Writing SCPs that restrict regions, prevent root account usage, or enforce encryption. Know that SCPs apply to all accounts in an OU including the management account is a common trap — SCPs do NOT apply to the management account.
- AWS Control Tower: Setting up landing zones with guardrails. Know the difference between mandatory guardrails (always enforced) and strongly recommended guardrails (optional).
- Cross-account IAM roles: Designing access patterns where an application in Account A assumes a role in Account B to access resources.
- AWS RAM (Resource Access Manager): Sharing resources (VPC subnets, Transit Gateway, License Manager configurations) across accounts without peering.
- Centralized logging architecture: CloudTrail organization trail, centralized CloudWatch Logs, S3 access logging aggregation.
Additional New or Expanded Services
- Amazon EventBridge: Event-driven architecture patterns, event buses, schema registry. The C03 still referenced CloudWatch Events; the C04 uses EventBridge exclusively.
- AWS Transfer Family: Managed SFTP/FTPS/FTP for S3 and EFS. Know when to recommend it vs building a custom SFTP server on EC2.
- AWS Backup: Centralized backup policy management across services. The C04 tests this as the preferred backup solution rather than individual service backup configurations.
- Amazon OpenSearch Service: Replaced references to Amazon Elasticsearch Service. Know it for log analytics and full-text search use cases.
- AWS Compute Optimizer: Recommendations for EC2 instance right-sizing. More prominently tested in C04 cost optimization questions.
Topics Removed or De-Emphasized in SAA-C04
Not everything from the C03 carried over. AWS removed or reduced emphasis on several topics:
Removed or Significantly Reduced
- Classic Load Balancer (CLB): The C03 occasionally tested CLB vs ALB vs NLB. The C04 effectively ignores CLB. Focus entirely on ALB (Layer 7, HTTP/HTTPS) and NLB (Layer 4, TCP/UDP, ultra-low latency).
- EC2 Classic networking: Completely removed. All VPC-based networking.
- OpsWorks: Chef and Puppet managed configuration. The C04 does not test OpsWorks. Systems Manager has replaced it for configuration management questions.
- Detailed pricing calculations: The C03 sometimes asked you to compare specific pricing scenarios (e.g., "Which is cheaper: 3 m5.xlarge On-Demand instances or 1 r5.2xlarge Reserved Instance?"). The C04 tests pricing conceptually — you need to know that Reserved Instances are cheaper than On-Demand for steady-state workloads, but you do not need to calculate exact costs.
- Individual service limits: The C03 occasionally tested specific limits (e.g., "What is the maximum number of VPCs per region?"). The C04 rarely tests exact numbers. You should know general constraints (Lambda 15-minute timeout, S3 5 TB max object size) but not obscure limits.
De-Emphasized but Still Present
- EC2 instance purchasing options: Still tested, but the questions shifted from "which is cheapest" (pure cost calculation) to "which meets these operational requirements" (flexibility, interruption tolerance, commitment duration).
- S3 bucket policies: Still important for security questions, but the C04 tests them in combination with IAM policies rather than in isolation. You need to understand how bucket policies and IAM policies interact (the union of permissions model).
- Simple failover architectures: The C03 tested basic failover (primary/standby in two AZs). The C04 assumes you understand basic failover and tests more complex patterns (multi-region active-active, pilot light with cross-region Aurora).
How to Adjust Your Study Plan
If you previously studied for or passed the C03, here is how to update your preparation for the C04:
Reallocate Study Time
Old C03 allocation: - Security: 26% of study time - Cost Optimization: 26% of study time - High-Performing: 24% of study time - Resilient: 24% of study time
Recommended C04 allocation: - Security: 35% of study time (over-index on the heaviest domain) - Resilient: 25% of study time - High-Performing: 25% of study time - Cost Optimization: 15% of study time
The extra 5% for security (beyond its 30% weight) accounts for the fact that security questions are the most nuanced and frequently have two answers that both "sound right." Extra study time here pays disproportionate dividends.
Add These Labs to Your Practice
If your lab work was based on C03 study guides, add these hands-on exercises:
-
Build a serverless API using API Gateway + Lambda + DynamoDB. Add Step Functions to orchestrate a multi-step workflow (e.g., image processing → metadata extraction → notification). This single lab covers the biggest content addition in C04.
-
Set up a multi-account environment using AWS Organizations. Create two accounts, attach SCPs to restrict regions, create a cross-account IAM role, and verify that an application in Account A can access S3 in Account B.
-
Build a real-time analytics pipeline using Kinesis Data Streams → Lambda (transformation) → Kinesis Data Firehose → S3. Query the S3 data using Athena. This covers the new analytics services in one exercise.
-
Configure centralized logging with a CloudTrail organization trail writing to a centralized S3 bucket with server-side encryption using a KMS key that allows cross-account access.
-
Deploy an ECS Fargate service behind an ALB. Configure auto-scaling based on CPU utilization. This covers the expanded container content.
Update Your Study Materials
If your study materials are dated before March 2024, they were written for the C03. Here is how to evaluate and supplement:
- Video courses: Check the course date. If recorded before Q1 2024, it covers C03 content. It is still 80% accurate for the C04, but you need supplementary material for serverless architecture patterns, analytics services, and multi-account governance.
- Practice exams: C03 practice exams are partially useful but will not include C04-specific questions on Step Functions integration, Kinesis pipelines, SCPs, or EventBridge patterns. Use C04-specific practice exams from providers who updated after March 2024.
- Whitepapers: The AWS Well-Architected Framework is always current and maps directly to exam domains. The Security Pillar whitepaper is the single most valuable document for the highest-weighted domain.
Focus Areas by Domain for C03-to-C04 Transition
Domain 1 (Security, +4%): Study IAM policy evaluation logic (explicit deny beats explicit allow, allow beats implicit deny). Study SCPs and how they interact with IAM policies in multi-account environments. Study KMS key policies and grants, especially cross-account key sharing.
Domain 2 (Resilient, +2%): Study cross-region disaster recovery patterns at a deeper level than C03 required. Know the RPO/RTO matrix for all four DR strategies. Study DynamoDB global tables and Aurora global databases as cross-region resilience mechanisms.
Domain 3 (High-Performing, unchanged): The content is similar to C03, but add ECS/Fargate sizing and Lambda performance optimization (provisioned concurrency, memory/CPU relationship). Study placement groups — cluster, spread, and partition — and when each is appropriate.
Domain 4 (Cost, -6%): Reduce time spent on detailed pricing calculations. Focus instead on architectural patterns that reduce cost: using S3 Intelligent-Tiering instead of manual lifecycle rules, using Savings Plans instead of Reserved Instances for flexibility, using Spot Instances for fault-tolerant batch processing.
Should You Retake If You Passed the C03?
If you passed the C03 and your certification has not expired, you do not need to take the C04. Your certification remains valid for 3 years from your pass date regardless of exam version changes. When your certification approaches expiration, you will take whatever version is current at that time — which may be the C04 or a hypothetical C05.
If your C03 certification has expired and you need to recertify, you must take the C04. There is no option to retake the C03. Use this article's transition guidance to focus on the differences rather than re-studying all four domains from scratch.
If you are studying for the first time and encounter C03 study materials at a discount, they are still valuable — roughly 80% of the content overlaps. Supplement with C04-specific material covering the topics outlined above.
How the SAA-C04 Compares to Competing Certifications
For candidates deciding between cloud architect certifications, here is how the C04 positions relative to alternatives:
| Certification | Provider | Level | Comparable to SAA-C04? |
|---|---|---|---|
| AZ-305 | Microsoft Azure | Expert | Higher level — requires AZ-104 prerequisite |
| Professional Cloud Architect | Google Cloud | Professional | Higher level — broader scope |
| CKA | CNCF/Linux Foundation | Associate | Different focus — Kubernetes-specific |
| CCP (CLF-C02) | AWS | Foundational | Lower level — step before SAA |
| SAP-C02 | AWS | Professional | Higher level — next step after SAA |
The SAA-C04 sits at the associate level, which means it validates foundational architecture skills. It is the most popular cloud certification globally by exam volume, making it the strongest signal for entry-to-mid-level cloud roles. For a detailed comparison with Azure's architect certification, see our AWS SAA vs Azure AZ-305 analysis.
FAQ
Is the SAA-C04 harder than the SAA-C03?
Slightly. The C04 tests a broader range of services (especially serverless, containers, and analytics) and places more emphasis on multi-service architecture design. However, the passing score and question format are identical. If you would have passed the C03 with a comfortable margin, you will pass the C04 with focused preparation on the new topics.
Do I need to know Kubernetes for the SAA-C04?
No. The C04 includes Amazon EKS as a service option, but it tests whether you know when to choose EKS vs ECS, not Kubernetes internals. You will not see questions about pods, deployments, or kubectl commands. Know that EKS is AWS's managed Kubernetes service and that you should recommend it when the customer already uses Kubernetes or needs Kubernetes compatibility.
Are there still questions about EC2 instance types?
Yes, but the emphasis shifted. The C03 tested your ability to select instance types by specific characteristics (compute-optimized vs memory-optimized). The C04 still tests this but adds more questions about when NOT to use EC2 — when Lambda, Fargate, or App Runner is the better choice for a given workload.
Can I use C03 practice exams to study for the C04?
Partially. About 80% of C03 practice questions remain valid for the C04. However, C03 practice exams will not include questions on Step Functions orchestration, Kinesis analytics pipelines, EventBridge event-driven patterns, or SCP policy design. Supplement with C04-specific practice exams.
When will the SAA-C05 replace the C04?
AWS has not announced an SAA-C05 as of July 2026. Based on historical patterns (C02 to C03 was about 2 years, C03 to C04 was about 2 years), expect the C04 to remain current until at least late 2026 or early 2027. AWS provides at least 6 months of notice before retiring an exam version and runs both versions in parallel during the transition period.
Key Takeaway
The SAA-C04 shifted weight from cost optimization to security (+4%), added serverless architectures, containers, and data analytics as first-class exam topics, and expanded multi-account governance — if you studied for the C03, focus your additional preparation on IAM policy evaluation logic, Step Functions orchestration, Kinesis pipelines, and SCPs.