AWS Solutions Architect Associate (SAA-C03) Exam Cheat Sheet — 2026

AWS Solutions Architect Associate (SAA-C03) Exam Cheat Sheet — 2026

> One-page quick reference for exam day | citadelcloudmanagement.com

Exam Overview

  • Code: SAA-C03 | Questions: 65 | Time: 130 minutes | Passing: 720/1000
  • Format: Multiple choice + multiple response | Cost: $150 USD

Domain 1: Secure Architectures (30%)

IAM Deep Dive

  • Identity-based policies (attached to users/groups/roles) vs Resource-based policies (attached to resources)
  • IAM Roles: preferred over access keys for EC2, Lambda, cross-account access
  • STS AssumeRole: temporary credentials for cross-account access
  • Service Control Policies (SCPs): guardrails across AWS Organizations OUs

Encryption

  • At rest: KMS (AWS managed keys, customer managed keys), S3 SSE-S3/SSE-KMS/SSE-C
  • In transit: TLS/SSL, ACM for free certificates
  • KMS key rotation: automatic yearly for AWS-managed, configurable for CMK
  • CloudHSM: dedicated hardware security module (FIPS 140-2 Level 3)

Network Security

  • Security Groups: stateful, allow rules only, instance level
  • NACLs: stateless, allow + deny rules, subnet level
  • VPC Flow Logs: capture IP traffic information
  • AWS PrivateLink: private connectivity to services without traversing internet
  • VPC Endpoints: Gateway (S3, DynamoDB) vs Interface (everything else)

Domain 2: Resilient Architectures (26%)

High Availability Patterns

  • Multi-AZ: RDS, ElastiCache, EFS (automatic failover)
  • Auto Scaling Groups: min/max/desired capacity, scaling policies
  • ELB types: ALB (HTTP/HTTPS, Layer 7), NLB (TCP/UDP, Layer 4), GLB (Layer 3)
  • ALB: path-based routing, host-based routing, sticky sessions

Decoupling

  • SQS: standard (at-least-once, best-effort ordering) vs FIFO (exactly-once, ordered)
  • SQS Dead Letter Queue: messages that fail processing after N retries
  • SNS: fan-out pattern (one message → many subscribers)
  • EventBridge: event-driven architecture, rules + targets
  • Step Functions: orchestrate workflows with state machines

Disaster Recovery Strategies (cost low→high, RTO high→low)

  1. Backup & Restore: cheapest, highest RTO
  2. Pilot Light: core systems always running, scale up on failure
  3. Warm Standby: scaled-down version always running
  4. Multi-Site Active/Active: lowest RTO, highest cost

Data Durability

  • S3: 11 9s durability (99.999999999%)
  • Cross-Region Replication (CRR): async replication to another region
  • S3 Versioning: protect against accidental deletes
  • RDS: automated backups (35-day retention), manual snapshots (indefinite)

Domain 3: High-Performing Architectures (24%)

Compute Selection

  • EC2 instance families: General (M/T), Compute (C), Memory (R/X), Storage (I/D), Accelerated (P/G)
  • Placement Groups: Cluster (low latency), Spread (high availability), Partition (big data)
  • Lambda: 15-min max, 10 GB memory, 512 MB /tmp (10 GB ephemeral)

Storage Selection

  • EBS types: gp3 (general SSD), io2 (high IOPS SSD), st1 (throughput HDD), sc1 (cold HDD)
  • EBS Multi-Attach: io1/io2 only, same AZ
  • Instance Store: ephemeral, highest IOPS, lost on stop/terminate
  • S3 Transfer Acceleration: uses CloudFront edge locations for faster uploads
  • S3 Select / Glacier Select: query data in place with SQL

Database Selection

  • Aurora: up to 128 TB auto-scaling storage, 15 read replicas, Global Database
  • Aurora Serverless v2: scales to zero, pay per ACU-second
  • DynamoDB: single-digit ms, DAX for microsecond caching, Global Tables for multi-region
  • ElastiCache: Redis (persistence, pub/sub, sorted sets) vs Memcached (simple, multi-threaded)

Caching & CDN

  • CloudFront: edge caching, OAC for S3 origin, Lambda@Edge for customization
  • ElastiCache: database query caching, session storage
  • DAX: DynamoDB-specific caching layer

Domain 4: Cost-Optimized Architectures (20%)

EC2 Pricing

  • On-Demand → Reserved (1yr/3yr, up to 72% off) → Spot (up to 90% off, interruptible)
  • Savings Plans: Compute (any instance) or EC2 Instance (specific family/region)
  • Spot Fleet: mix of Spot + On-Demand to maintain target capacity

Storage Cost Optimization

  • S3 Lifecycle Policies: automatically transition objects between storage classes
  • S3 Intelligent-Tiering: auto-moves between frequent/infrequent access
  • Glacier Deep Archive: cheapest ($1/TB/month), 12-48 hour retrieval
  • EBS: delete unattached volumes, use gp3 over gp2 (20% cheaper, better performance)

Compute Cost Optimization

  • Right-sizing: use Compute Optimizer recommendations
  • Auto Scaling: scale down during low demand
  • Lambda: pay per request + compute duration, no cost when idle
  • Graviton instances: up to 40% better price-performance

Key Architecture Decision Patterns

Requirement Solution
"Decouple components" SQS, SNS, EventBridge
"Serverless" Lambda + API Gateway + DynamoDB + S3
"Millisecond latency reads" ElastiCache or DAX
"Petabyte-scale analytics" Redshift or Athena + S3
"Real-time streaming" Kinesis Data Streams
"Batch processing" AWS Batch or EMR
"Static website" S3 + CloudFront
"Hybrid connectivity" Direct Connect (dedicated) or Site-to-Site VPN
"Container orchestration" ECS (AWS-native) or EKS (Kubernetes)

Exam Tips

  1. Read the LAST sentence first — it contains the actual question
  2. "Most cost-effective" = Spot or Reserved; "Most resilient" = Multi-AZ/Multi-Region
  3. If question says "least operational overhead," pick the managed/serverless option
  4. Aurora appears as the answer for most RDS scaling/performance questions
  5. S3 lifecycle policies solve most "reduce storage cost over time" questions

*Get the full study guide and 17 free courses at citadelcloudmanagement.com*

"Cross-account access" IAM Roles + STS AssumeRole

Get This Cheat Sheet Emailed to You

Plus a free 5-email study plan to help you pass on your first try.

No spam. Unsubscribe anytime.