AWS Certified Solutions Architect Associate SAA-C04: Complete Study Guide and Exam Tips

The AWS Certified Solutions Architect – Associate (SAA-C04) is the most widely held cloud certification in the world and remains the single most effective credential for demonstrating cloud architecture competency to employers. In 2026, AWS holds approximately 31% of the global cloud infrastructure market — larger than Azure and GCP combined — and demand for certified AWS architects shows no sign of slowing. Average salaries for AWS Solutions Architects in the U.S. range from $120,000 to $175,000, with senior and principal roles regularly exceeding $200,000.

This guide covers everything you need to pass the SAA-C04 exam on your first attempt: the exam structure, the domains you’ll be tested on, the most reliable study resources, a realistic study plan, and the key concepts that consistently appear in exam questions.

SAA-C04 Exam Overview

• Exam code: SAA-C04
• Format: 65 questions (multiple choice and multiple response)
• Duration: 130 minutes
• Passing score: 720 out of 1000
• Cost: $150 USD (vouchers available through AWS training credits and employer programs)
• Delivery: Pearson VUE testing centre or online proctored
• Validity: 3 years (renewal via recertification or higher-level exam)
• Prerequisite: None (though AWS recommends 1+ year of hands-on AWS experience)

The Four Exam Domains and Their Weightings

The SAA-C04 exam tests across four domains. Understanding the weighting helps you prioritise study time:

Domain 1: Design Secure Architectures (30%)

The highest-weighted domain. Covers IAM (users, roles, policies, permission boundaries), secure access to AWS resources, VPC security (security groups vs NACLs, VPC endpoints, PrivateLink), encryption at rest and in transit, AWS KMS, AWS Secrets Manager, AWS Certificate Manager, S3 bucket policies and ACLs, and the principle of least privilege.

Key concepts to master: When to use IAM roles vs IAM users, the difference between security groups (stateful) and NACLs (stateless), VPC peering vs Transit Gateway vs PrivateLink, encryption options for S3/EBS/RDS/DynamoDB.

Domain 2: Design Resilient Architectures (26%)

Covers high availability, fault tolerance, and disaster recovery. Multi-AZ vs Multi-Region deployments, RTO and RPO requirements, Auto Scaling groups and policies, Elastic Load Balancers (ALB vs NLB vs CLB — and when to use each), Route 53 routing policies (weighted, latency, failover, geolocation, multivalue), S3 versioning and cross-region replication.

Key concepts to master: The difference between availability zones and regions and their failure boundaries, how to design for RPO/RTO requirements, when to use active-active vs active-passive failover, how ELB health checks work with Auto Scaling.

Domain 3: Design High-Performing Architectures (24%)

Covers choosing appropriate compute (EC2 instance families, Lambda, ECS, EKS, Fargate), storage (S3, EBS, EFS, FSx), database (RDS, Aurora, DynamoDB, ElastiCache, Redshift), and network services for performance requirements. Caching strategies using CloudFront, ElastiCache, and DAX. Database scaling patterns: read replicas, Aurora Serverless, DynamoDB on-demand.

Key concepts to master: EC2 instance families and their use cases (compute optimised, memory optimised, storage optimised, GPU), when to use RDS vs DynamoDB vs Aurora, CloudFront cache behaviours and origins, difference between EBS gp2, gp3, io1, io2 volume types and their IOPS characteristics.

Domain 4: Design Cost-Optimised Architectures (20%)

Covers AWS pricing models (On-Demand, Reserved Instances, Savings Plans, Spot Instances), right-sizing, cost analysis tools (AWS Cost Explorer, Budgets, Trusted Advisor), S3 storage classes and lifecycle policies, serverless cost patterns (Lambda vs EC2 for varying load), and data transfer costs.

Key concepts to master: When Spot Instances are appropriate (fault-tolerant, interruptible workloads), Savings Plans vs Reserved Instances, S3 storage class selection (Standard, Intelligent-Tiering, Standard-IA, One Zone-IA, Glacier, Glacier Deep Archive), Lambda pricing model and when it’s cheaper than EC2.

The Services You Must Know Cold

The exam is broad, but certain services appear in a large proportion of questions. Master these thoroughly:

• EC2: Instance types, purchasing options, placement groups, instance metadata, user data scripts, AMIs
• S3: Storage classes, versioning, lifecycle policies, cross-region replication, event notifications, pre-signed URLs, S3 Select, Object Lock
• VPC: Subnets, route tables, internet gateways, NAT gateways, VPC endpoints, security groups, NACLs, VPC peering, Transit Gateway
• IAM: Users, groups, roles, policies (inline vs managed), permission boundaries, service control policies (in context of AWS Organizations), cross-account roles
• RDS and Aurora: Multi-AZ deployments, read replicas, Aurora global databases, automated backups, encryption, parameter groups
• DynamoDB: Partition keys, sort keys, GSIs, LSIs, provisioned vs on-demand capacity, DynamoDB Streams, DAX
• Lambda: Triggers, execution role, VPC configuration, concurrency limits, layers, destinations
• ELB: ALB (HTTP/HTTPS, content-based routing), NLB (TCP/UDP, static IP, extreme performance), GLB (third-party appliances)
• CloudFront: Origins, cache behaviours, OAC (Origin Access Control), signed URLs, Lambda@Edge vs CloudFront Functions
• Route 53: Record types (A, AAAA, CNAME, Alias), routing policies, health checks
• Auto Scaling: Launch templates, scaling policies (target tracking, step scaling, scheduled), lifecycle hooks
• SQS and SNS: Standard vs FIFO queues, visibility timeout, dead-letter queues, SNS fan-out pattern
• ECS and EKS: Task definitions, services, Fargate launch type, container networking
• CloudWatch: Metrics, alarms, logs, dashboards, Events/EventBridge

Recommended Study Resources

Courses

• Adrian Cantrill (learn.cantrill.io): Widely considered the most comprehensive SAA course available. Goes deep on concepts rather than just exam facts. 60+ hours. Best for people who want to actually understand AWS, not just pass the exam. Cost: ~$40.
• Stephane Maarek (Udemy): Most popular course on Udemy with 600,000+ students. Well-structured, regularly updated, excellent value when on sale ($13–$15). Best for structured learners who prefer video walkthroughs.
• AWS Skill Builder: Amazon’s official training platform has free learning paths for the SAA-C04. Not sufficient alone but good for official documentation-style explanations.

Practice Exams

Practice exams are non-negotiable. The exam involves scenario-based questions where you pick the “most cost-effective” or “least operational overhead” solution — skills that only develop through practice question exposure.

• Tutorials Dojo (Jon Bonso): 6 full-length practice exams with detailed explanations. The closest to the actual exam difficulty. Most candidates consider this essential. Cost: ~$15.
• Stephane Maarek practice tests (Udemy): Good companion to his course.
• AWS Official Practice Exam (Skill Builder): 20-question official sample. Free on AWS Skill Builder.

Reference Material

• AWS documentation — specifically the FAQs for each major service. The exam often draws directly from FAQs.
• AWS Well-Architected Framework whitepaper — understand the five pillars: operational excellence, security, reliability, performance efficiency, cost optimisation.
• AWS Disaster Recovery whitepaper — RPO/RTO recovery strategies (backup and restore, pilot light, warm standby, multi-site active-active).

Realistic Study Plan: 6–8 Weeks

This plan assumes 1–2 hours of study per day:

Weeks 1–2: Foundation
Complete a full video course (Cantrill or Maarek). Take notes. Don’t rush — understanding the underlying concepts now saves time in the practice exam phase. Create an AWS Free Tier account and follow along with hands-on labs.

Weeks 3–4: Hands-On Labs
Build practical knowledge with the services that appear most frequently. Set up a multi-tier VPC from scratch. Create an Auto Scaling group behind an ALB. Configure an S3 bucket with lifecycle policies and cross-region replication. Deploy a Lambda function with an SQS trigger. These practical exercises cement concepts that are hard to retain from video alone.

Weeks 5–6: Practice Exams and Gap Analysis
Take the Tutorials Dojo practice exams in timed mode. For every question you get wrong, go back to the documentation or course section covering that topic. Track your weak areas and spend extra time there. Target 75%+ on practice exams before sitting the real exam.

Week 7–8: Review and Consolidation
Review your notes on weak areas. Retake practice exams. Read through the AWS Well-Architected Framework and the major service FAQs. On the day before the exam, review your notes rather than learning new material.

Exam Strategy and Tips

• Read every answer choice before selecting. Many questions have two plausible answers — the distinction is often cost, operational overhead, or whether the solution is fully managed.
• Keywords to watch: “most cost-effective” usually points toward reserved/savings plan pricing, Spot Instances, or serverless. “Least operational overhead” points toward fully managed services (Aurora Serverless vs EC2 database, Fargate vs EC2). “Highly available” points toward multi-AZ or multi-region designs.
• Eliminate clearly wrong answers first. Most questions have two obviously incorrect answers and two plausible ones. Focus your analysis on the final two.
• Flag and return to hard questions. Don’t spend 5 minutes on one question. Flag it, move on, and return with remaining time.
• 130 minutes for 65 questions = 2 minutes per question. You have time to be thorough if you manage the clock.

After You Pass: What’s Next

The SAA Associate is the foundation. The natural progression:

• AWS Solutions Architect Professional (SAP-C02): Advanced architecture. Most impactful for senior/principal architect roles. Significantly harder than associate.
• AWS DevOps Engineer Professional (DOP-C02): CI/CD, deployment automation, monitoring. Ideal for DevOps-focused roles.
• AWS Specialty certifications: Advanced Networking, Security, Data Analytics, Machine Learning — each targeting specific technical domains.

The SAA-C04 opens doors. For most engineers making the move from on-premises to cloud, it is the single most effective credential to pursue first — and in 2026, with cloud adoption still accelerating across every industry, it remains one of the highest-ROI certifications available to IT professionals.