AWS Solutions Architect
AWS Services
Deep service notes for AWS Solutions Architect study, organized around architecture use cases and exam decision signals.
foundation
Amazon EC2
Learn EC2 as the core AWS virtual machine service, including instances, AMIs, storage, networking, scaling, security, and exam decision signals.
foundation
EC2 Launch Templates And AMIs
Understand EC2 launch templates and Amazon Machine Images for repeatable instance launches, including template versions, AMI scope, launch configurations, Auto Scaling integration, security, cost, and SAA-C03 traps.
foundation
Amazon EC2 Auto Scaling
Understand Amazon EC2 Auto Scaling for resilient and elastic EC2 fleets, including Auto Scaling groups, desired/min/max capacity, health checks, target tracking, step scaling, lifecycle hooks, instance refresh, cost, and SAA-C03 traps.
foundation
AWS Auto Scaling
Understand AWS Auto Scaling in SAA-C03 context, including scaling plans, Application Auto Scaling, predictive scaling guidance, EC2 Auto Scaling boundaries, scalable resources, target tracking, scheduled scaling, cost, and traps.
foundation
AWS Elastic Beanstalk
Understand AWS Elastic Beanstalk for managed application deployment on AWS, including applications, versions, environments, platforms, web and worker tiers, underlying resources, scaling, security, cost, and SAA-C03 traps.
foundation
Application Load Balancer vs Network Load Balancer vs Gateway Load Balancer
Compare ALB, NLB, and GWLB for HTTP routing, Layer 4 performance, static IP needs, and virtual appliance traffic inspection.
foundation
Amazon Route 53
Understand Route 53 as AWS DNS and routing control, including hosted zones, records, alias records, routing policies, health checks, and failover.
foundation
Route 53 Routing Policies
Compare Amazon Route 53 simple, weighted, latency, failover, geolocation, geoproximity, IP-based, and multivalue answer routing policies for SAA-C03 architecture decisions.
foundation
Amazon CloudFront
Understand CloudFront as AWS content delivery, including distributions, origins, cache behaviors, TTLs, origin access control, TLS, and exam signals.
foundation
CloudFront vs Global Accelerator
Compare Amazon CloudFront and AWS Global Accelerator for edge caching, static IPs, HTTP content delivery, TCP and UDP acceleration, health checks, failover, and global application performance.
foundation
VPC Endpoints And PrivateLink
Understand VPC endpoints, gateway endpoints, interface endpoints, endpoint policies, and AWS PrivateLink for private service access.
foundation
NAT Gateway vs VPC Endpoints
Compare NAT gateways and VPC endpoints for private subnet outbound access, AWS service access, security boundaries, availability, cost, and SAA-C03 exam traps.
foundation
Gateway vs Interface VPC Endpoints
Compare gateway endpoints and interface endpoints for AWS service access, route tables, endpoint ENIs, PrivateLink, private DNS, policies, cost, and SAA-C03 traps.
intermediate
Transit Gateway vs VPC Peering vs PrivateLink
Compare Transit Gateway, VPC peering, and AWS PrivateLink for multi-VPC connectivity, service exposure, routing scale, overlapping CIDRs, segmentation, cost, and SAA-C03 traps.
foundation
Security Groups vs NACLs vs Route Tables
Compare AWS security groups, network ACLs, and route tables for VPC reachability, filtering, statefulness, subnet behavior, troubleshooting, and SAA-C03 exam traps.
foundation
AWS Transit Gateway
Understand Transit Gateway as a regional network transit hub, including VPC attachments, route tables, VPN, Direct Connect, peering, segmentation, and exam signals.
foundation
AWS Direct Connect
Understand Direct Connect for dedicated private connectivity to AWS, including connections, virtual interfaces, Direct Connect gateways, resilience, VPN backup, and exam signals.
foundation
AWS Site-to-Site VPN
Understand Site-to-Site VPN for encrypted hybrid connectivity, including customer gateways, virtual private gateways, Transit Gateway, tunnels, routing, BGP, and exam signals.
foundation
AWS Network Firewall
Understand Network Firewall for managed VPC traffic inspection, including firewall endpoints, stateless and stateful rules, deployment models, routing, logging, and SAA-C03 signals.
foundation
AWS Firewall Manager
Understand Firewall Manager for organization-wide security policy management across WAF, Shield Advanced, security groups, Network Firewall, DNS Firewall, and NACLs.
intermediate
Route 53 Resolver Private DNS Patterns
Understand Route 53 private hosted zones, VPC Resolver, inbound and outbound Resolver endpoints, forwarding rules, split-horizon DNS, hybrid DNS, and SAA-C03 traps.
foundation
Route 53 Resolver DNS Firewall
Understand Route 53 Resolver DNS Firewall for VPC DNS query filtering, rule groups, domain lists, actions, logging, Firewall Manager, and SAA-C03 signals.
foundation
Amazon S3
Understand S3 as AWS object storage, including buckets, objects, durability, security, storage classes, lifecycle, replication, and exam traps.
foundation
S3 Lifecycle And Storage Classes
Understand S3 storage classes and lifecycle rules for cost optimization, access patterns, archival retrieval, expiration, version cleanup, and SAA-C03 traps.
foundation
S3 Replication
Understand S3 replication for asynchronous object copying across buckets, including CRR, SRR, versioning, Batch Replication, RTC, ownership, and exam traps.
foundation
S3 vs EBS vs EFS vs Instance Store
Compare AWS object, block, file, and ephemeral storage choices for application data, databases, shared files, uploads, caches, and exam scenarios.
intermediate
S3 Bucket Policies vs ACLs vs Access Points
Compare S3 bucket policies, object ACLs, Object Ownership, Block Public Access, access points, VPC-restricted access, cross-account ownership, and SAA-C03 traps.
intermediate
S3 Encryption And KMS Key Policy Traps
Explain Amazon S3 default encryption, SSE-S3, SSE-KMS, DSSE-KMS, S3 Bucket Keys, cross-account KMS access, key policies, IAM policies, replication behavior, and SAA-C03 encryption traps.
intermediate
EBS vs EFS vs FSx Edge Cases
Compare Amazon EBS, Amazon EFS, and Amazon FSx edge cases including Multi-Attach, shared file access, Windows file shares, Lustre workloads, NFS, performance modes, and exam traps.
foundation
Amazon EFS
Understand Amazon EFS for elastic shared file storage, including NFS, mount targets, access points, performance, throughput, storage classes, and exam traps.
foundation
Amazon FSx
Understand Amazon FSx for managed file systems, including Windows File Server, Lustre, NetApp ONTAP, OpenZFS, performance, backups, and exam service selection.
foundation
AWS Storage Gateway
Understand Storage Gateway for hybrid cloud storage, including S3 File Gateway, FSx File Gateway, Volume Gateway, Tape Gateway, local cache, and exam scenarios.
foundation
AWS Backup
Understand AWS Backup for centralized backup policy, including backup plans, vaults, recovery points, cross-account copies, cross-Region copies, Vault Lock, and exam signals.
foundation
AWS Database Migration Service
Understand AWS DMS for database migration and replication, including endpoints, replication instances, tasks, CDC, schema conversion boundaries, security, scaling, cost, and SAA-C03 traps.
foundation
AWS DataSync
Understand AWS DataSync for online file and object transfer, including agents, locations, tasks, S3, EFS, FSx, NFS, SMB, HDFS, object storage, security, scaling, and SAA-C03 traps.
foundation
AWS Transfer Family
Understand AWS Transfer Family for managed SFTP, FTPS, FTP, AS2, and browser-based file transfers into S3 and EFS, including identity providers, endpoints, workflows, security, cost, and SAA-C03 traps.
foundation
AWS Snow Family
Understand AWS Snow Family for physical data transfer and edge computing exam scenarios, including Snowball Edge, current availability caveats, offline transfer, edge compute, security, cost, and SAA-C03 traps.
foundation
AWS Migration Hub
Understand AWS Migration Hub as a migration planning and tracking layer, including current availability caveats, discovery, application grouping, migration progress, DMS and MGN relationships, and SAA-C03 context.
foundation
AWS Application Migration Service
Understand AWS Application Migration Service for lift-and-shift server migration, including source servers, replication agents, staging area resources, launch settings, testing, cutover, security, cost, and SAA-C03 traps.
foundation
Amazon RDS
Understand Amazon RDS as managed relational database infrastructure, including engines, Multi-AZ, read replicas, backups, security, scaling, and exam signals.
foundation
RDS Multi-AZ vs Read Replicas
Compare RDS Multi-AZ deployments and read replicas for high availability, failover, read scaling, disaster recovery, and common SAA-C03 traps.
intermediate
RDS And Aurora Recovery Choices
Compare Amazon RDS and Aurora recovery options including automated backups, manual snapshots, point-in-time recovery, Multi-AZ failover, read replica promotion, Aurora Global Database, switchover, failover, and cloning.
foundation
Amazon Aurora
Understand Amazon Aurora as AWS cloud-native relational database service, including clusters, shared storage, replicas, failover, global databases, and exam signals.
foundation
Amazon DynamoDB
Learn DynamoDB as managed NoSQL key-value and document storage, including keys, indexes, capacity, scaling, security, resilience, and exam signals.
foundation
DynamoDB vs RDS vs Aurora
Compare Amazon DynamoDB, Amazon RDS, and Amazon Aurora for NoSQL access patterns, relational SQL, transactions, managed operations, read scaling, global designs, and SAA-C03 database decisions.
foundation
Amazon ElastiCache
Understand ElastiCache as managed in-memory caching for Redis OSS, Valkey, and Memcached, including cache-aside, latency, failover, and exam signals.
foundation
ElastiCache vs DynamoDB DAX
Compare Amazon ElastiCache and DynamoDB Accelerator DAX for general in-memory caching, Redis OSS, Valkey, Memcached, DynamoDB-compatible read acceleration, latency, invalidation, and exam traps.
foundation
Amazon Redshift
Understand Redshift as AWS data warehousing, including clusters, Serverless, RA3, columnar analytics, Spectrum, security, scaling, cost, and SAA-C03 signals.
foundation
Amazon Athena
Understand Athena as serverless SQL over S3 data, including workgroups, Glue Data Catalog, partitioning, file formats, cost controls, and SAA-C03 signals.
foundation
AWS Glue
Understand AWS Glue for serverless data integration, including Data Catalog, crawlers, ETL jobs, Glue Studio, DataBrew, schemas, and SAA-C03 signals.
foundation
Glue Crawler vs Data Catalog vs ETL Jobs
Compare AWS Glue crawlers, the AWS Glue Data Catalog, and Glue ETL jobs for schema discovery, metadata management, transformations, table definitions, partitions, and analytics pipelines.
foundation
Amazon Kinesis Data Streams
Understand Kinesis Data Streams for real-time streaming ingestion, including streams, shards, producers, consumers, retention, enhanced fan-out, and exam traps.
foundation
Kinesis vs SQS vs EventBridge
Compare Kinesis Data Streams, Amazon SQS, and Amazon EventBridge for streaming logs, durable queues, event routing, replay, ordering, consumers, throughput, and SAA-C03 integration decisions.
foundation
Amazon OpenSearch Service
Understand OpenSearch Service for managed search, log analytics, observability, domains, indexes, dashboards, security, scaling, and SAA-C03 signals.
foundation
Athena vs Redshift vs OpenSearch
Compare Amazon Athena, Amazon Redshift, and Amazon OpenSearch Service for serverless SQL over S3, data warehousing, full-text search, log analytics, dashboards, and SAA-C03 analytics decisions.
foundation
Amazon QuickSight
Understand Amazon QuickSight for AWS business intelligence, including datasets, analyses, dashboards, SPICE, embedding, security, and SAA-C03 signals.
foundation
Amazon ECS And AWS Fargate
Understand ECS and Fargate for running containers on AWS, including clusters, task definitions, services, launch types, networking, scaling, and exam signals.
foundation
Amazon Elastic Container Registry
Understand Amazon ECR as AWS container image registry, including repositories, image tags, pull permissions, scanning, lifecycle policies, and ECS deployment flow.
foundation
AWS Lambda
Understand Lambda as event-driven serverless compute, including functions, triggers, execution roles, concurrency, cold starts, retries, and exam signals.
foundation
Lambda vs ECS Fargate vs EC2
Compare AWS Lambda, Amazon ECS on Fargate, and Amazon EC2 for event-driven functions, containerized services, long-running workloads, operational control, scaling, and exam decisions.
foundation
Amazon API Gateway
Understand API Gateway for managed API front doors, including REST, HTTP, WebSocket APIs, Lambda integrations, throttling, authorization, caching, and exam signals.
foundation
API Gateway REST API vs HTTP API
Compare Amazon API Gateway REST APIs and HTTP APIs for feature set, cost, authorization, private endpoints, WAF, usage plans, request validation, integrations, and SAA-C03 decisions.
foundation
Amazon EventBridge
Understand EventBridge as AWS event routing, including event buses, rules, event patterns, targets, Scheduler, Pipes, and SAA-C03 event architecture signals.
foundation
SQS vs SNS vs EventBridge
Compare Amazon SQS, Amazon SNS, and Amazon EventBridge for queues, pub-sub fanout, event routing, filtering, retries, durability, and SAA-C03 integration decisions.
foundation
AWS Step Functions
Understand Step Functions as managed workflow orchestration, including state machines, tasks, retries, error handling, Standard vs Express workflows, and exam signals.
intermediate
Step Functions vs SQS And Lambda Retries
Compare AWS Step Functions, Amazon SQS, and Lambda retry behavior for orchestration, worker queues, idempotency, durable workflow history, retries, dead-letter queues, and SAA-C03 decisions.
foundation
Amazon SQS
Understand Amazon SQS as managed message queues, including standard and FIFO queues, visibility timeout, dead-letter queues, retries, scaling, and exam traps.
foundation
Amazon SNS
Understand Amazon SNS as managed pub-sub messaging, including topics, subscriptions, fanout, filtering, delivery protocols, and SAA-C03 notification patterns.
foundation
AWS CloudFormation
Understand AWS CloudFormation for infrastructure as code, including templates, stacks, parameters, outputs, change sets, drift detection, rollback, nested stacks, security, cost, and SAA-C03 traps.
foundation
AWS Service Catalog
Understand AWS Service Catalog for approved self-service AWS products, including portfolios, products, provisioned products, constraints, governance, CloudFormation integration, security, cost, and SAA-C03 traps.
foundation
AWS Cost Explorer
Understand AWS Cost Explorer for analyzing AWS spend, including filters, groups, forecasts, linked accounts, tags, purchase recommendations, cost visibility, and SAA-C03 traps.
foundation
AWS Budgets
Understand AWS Budgets for cost and usage alerts, including budget types, actual and forecasted thresholds, notifications, budget actions, RI and Savings Plans utilization, governance, and SAA-C03 traps.
foundation
AWS Cost And Usage Report
Understand AWS Cost and Usage Reports and Data Exports for detailed billing analytics, including line items, S3 delivery, Athena querying, report granularity, integration with Organizations, security, cost, and SAA-C03 traps.
foundation
AWS Savings Plans
Understand AWS Savings Plans for commitment-based discounts, including Compute, EC2 Instance, Database, and SageMaker AI Savings Plans, hourly commitments, flexibility, utilization, coverage, risk, and SAA-C03 traps.
foundation
AWS Compute Optimizer
Understand AWS Compute Optimizer for rightsizing recommendations, including supported resources, CloudWatch metrics, enhanced infrastructure metrics, findings, recommendation preferences, cost and performance tradeoffs, and SAA-C03 traps.
foundation
AWS Health Dashboard
Understand AWS Health Dashboard for AWS service events and account-specific health events, including public events, account events, EventBridge integration, Organizations view, operational response, and SAA-C03 traps.
foundation
AWS Organizations
Understand AWS Organizations for multi-account governance, including management accounts, member accounts, OUs, consolidated billing, policies, and delegated administration.
foundation
Service Control Policies
Understand service control policies as AWS Organizations permission guardrails, including effective permissions, OU inheritance, deny strategies, testing, and exam traps.
intermediate
IAM Policy Types And Evaluation Traps
Understand AWS IAM policy types, evaluation order, explicit deny, identity policies, resource policies, permission boundaries, SCPs, ACLs, session policies, and SAA-C03 traps.
intermediate
Cross-Account Access Patterns
Understand AWS cross-account access using IAM roles, resource policies, AWS Organizations, SCP guardrails, KMS key policies, external IDs, centralized logging, and SAA-C03 traps.
foundation
AWS IAM Identity Center
Understand IAM Identity Center for centralized workforce access, including identity sources, organization instances, permission sets, AWS access portal, and SAA-C03 traps.
foundation
AWS Key Management Service
Understand AWS KMS for key management, envelope encryption, key policies, grants, service integrations, auditability, and SAA-C03 encryption decisions.
intermediate
KMS Key Policies vs IAM Policies
Compare KMS key policies, IAM policies, grants, cross-account KMS access, service integrations, encrypted-data failures, and SAA-C03 exam traps.
foundation
AWS Secrets Manager
Understand Secrets Manager for storing, retrieving, rotating, auditing, and securing database credentials, API keys, and application secrets.
foundation
Secrets Manager vs Parameter Store
Compare AWS Secrets Manager and Systems Manager Parameter Store for secrets, configuration, SecureString values, rotation, hierarchy, cross-account sharing, throughput, cost, and SAA-C03 traps.
foundation
Amazon GuardDuty
Understand GuardDuty as managed AWS threat detection, including data sources, findings, protection plans, multi-account administration, and SAA-C03 exam signals.
foundation
AWS Security Hub
Understand Security Hub CSPM for centralized security posture management, findings, standards, controls, integrations, automation, and SAA-C03 signals.
foundation
Amazon Inspector
Understand Inspector as AWS vulnerability management, including EC2, ECR, Lambda scanning, findings, risk scoring, organizations, EventBridge, and exam signals.
foundation
Amazon Macie
Understand Macie for S3 data security, sensitive data discovery, policy findings, managed data identifiers, custom identifiers, integrations, and SAA-C03 signals.
foundation
GuardDuty vs Inspector vs Macie vs Security Hub
Compare Amazon GuardDuty, Amazon Inspector, Amazon Macie, and AWS Security Hub for threat detection, vulnerability scanning, sensitive data discovery, finding aggregation, and incident triage.
foundation
AWS WAF
Understand AWS WAF as a web application firewall, including web ACLs, rules, managed rule groups, rate-based rules, CAPTCHA, bot control, and exam signals.
foundation
AWS Shield
Understand AWS Shield Standard and Shield Advanced for DDoS protection, including protected resources, layers, SRT support, WAF integration, and exam signals.
foundation
Amazon CloudWatch
Understand CloudWatch for AWS metrics, logs, alarms, dashboards, events, and operational visibility across applications and infrastructure.
foundation
AWS CloudTrail
Understand CloudTrail for AWS API audit history, event history, trails, management events, data events, organization trails, and security investigations.
foundation
AWS Systems Manager
Understand Systems Manager as an AWS operations hub, including Session Manager, Run Command, Parameter Store, Patch Manager, Automation, and managed instances.
foundation
AWS Config
Understand AWS Config for resource configuration history, compliance rules, conformance packs, aggregators, remediation, and SAA-C03 governance scenarios.
foundation
AWS Trusted Advisor
Understand Trusted Advisor as an AWS best-practice recommendation service, including checks, categories, support-plan access, EventBridge integration, and SAA-C03 signals.
foundation
CloudTrail vs Config vs CloudWatch vs Trusted Advisor
Compare AWS CloudTrail, AWS Config, Amazon CloudWatch, and AWS Trusted Advisor for audit events, resource state, observability, recommendations, and exam traps.
foundation
AWS Well-Architected Tool
Understand the AWS Well-Architected Tool, including workloads, pillars, lenses, milestones, improvement plans, Trusted Advisor integration, and exam decision signals.
foundation
AWS Control Tower
Understand Control Tower for AWS landing zones, account vending, controls, drift detection, shared accounts, and multi-account governance decision signals.