AWS Certified Solutions Architect Associate Quick Facts (2025)

Exam Domain Breakdown

Domain 1: Design Secure Architectures (30% of the exam)

Task Statement 1.1: Design secure access to AWS resources.

• Knowledge of access controls and management across multiple accounts
• Knowledge of AWS federated access and identity services (for example, AWS Identity and Access Management [IAM], AWS IAM Identity Center [AWS Single Sign-On])
• Knowledge of AWS global infrastructure (for example, Availability Zones, AWS Regions)
• Knowledge of AWS security best practices (for example, the principle of least privilege)
• Knowledge of the AWS shared responsibility model
• Skills in applying AWS security best practices to IAM users and root users (for example, multi-factor authentication [MFA])
• Skills in designing a flexible authorization model that includes IAM users, groups, roles, and policies
• Skills in designing a role-based access control strategy (for example, AWS Security Token Service [AWS STS], role switching, cross-account access)
• Skills in designing a security strategy for multiple AWS accounts (for example, AWS Control Tower, service control policies [SCPs])
• Skills in determining the appropriate use of resource policies for AWS services
• Skills in determining when to federate a directory service with IAM roles

1.1 summary:
This section is focused on mastering secure access to AWS resources. You will need to understand IAM fundamentals, multi-account structures, and the shared responsibility model. In practice, this means being able to map user and role requirements into IAM policies, enforce least privilege, and apply identity federation strategies for enterprise users. It is also essential to recognize when to strengthen security posture through MFA, IAM Identity Center, and service control policies for centralized management.

You should also gain familiarity with how AWS global infrastructure impacts access and permissions organization. By learning how to manage secure access holistically across regions, environments, and accounts, you will be able to implement controlled configurations at scale. The end result is designing architectures that remain secure, flexible, and designed for enterprise-grade workloads.

Task Statement 1.2: Design secure workloads and applications.

• Knowledge of application configuration and credentials security
• Knowledge of AWS service endpoints
• Knowledge of control ports, protocols, and network traffic on AWS
• Knowledge of secure application access
• Knowledge of security services with appropriate use cases (for example, Amazon Cognito, Amazon GuardDuty, Amazon Macie)
• Knowledge of threat vectors external to AWS (for example, DDoS, SQL injection)
• Skills in designing VPC architectures with security components (for example, security groups, route tables, network ACLs, NAT gateways)
• Skills in determining network segmentation strategies (for example, using public subnets and private subnets)
• Skills in integrating AWS services to secure applications (for example, AWS Shield, AWS WAF, IAM Identity Center, AWS Secrets Manager)
• Skills in securing external network connections to and from the AWS Cloud (for example, VPN, AWS Direct Connect)

1.2 summary:
This section equips you with the ability to secure workloads and applications in AWS environments. You will explore how services like Shield and WAF protect applications from common external threats such as DDoS or injection attacks. In addition, you will learn strategies for controlling network boundaries by using security groups, NACLs, and VPC architectures with segmented subnets. Dedicated security services like Amazon Cognito, GuardDuty, and Macie enable identity services, threat detection, and automated compliance, making them essential for designing modern secure workloads.

By applying this knowledge, you can secure both network and application layers while setting up access endpoints and external connections. You will also understand how to integrate secrets management, implement role-based segmentation, and design secure hybrid connections through VPN or Direct Connect. The ability to apply these practices results in building architectures that are secure, scalable, and ready for enterprise deployment.

Task Statement 1.3: Determine appropriate data security controls.

• Knowledge of data access and governance
• Knowledge of data recovery
• Knowledge of data retention and classification
• Knowledge of encryption and appropriate key management
• Skills in aligning AWS technologies to meet compliance requirements
• Skills in encrypting data at rest (for example, AWS Key Management Service [AWS KMS])
• Skills in encrypting data in transit (for example, AWS Certificate Manager [ACM] using TLS)
• Skills in implementing access policies for encryption keys
• Skills in implementing data backups and replications
• Skills in implementing policies for data access, lifecycle, and protection
• Skills in rotating encryption keys and renewing certificates

1.3 summary:
This section focuses on ensuring that data security controls meet compliance and business needs. You will learn how to apply comprehensive data governance, enforce access policies, and integrate reliable key management practices with services such as AWS KMS. Encryption strategies at rest, in transit, and with certificate management are crucial to prevent unauthorized data exposure. Alongside this, you will develop knowledge of retention and lifecycle policies that control how information is stored, accessed, and eventually archived or removed.

Another key area here is data recovery and protection. By applying backup strategies with replication across availability zones and regions, you will design architectures resilient to data loss. Attention to certificate rotations, policy updates, and regular audits ensures that your cloud workloads remain secure and compliant over time. With these skills, you build architectures that not only protect critical data but also maintain trust and business continuity.

Domain 2: Design Resilient Architectures (26% of the exam)

Task Statement 2.1: Design scalable and loosely coupled architectures.

• Knowledge of API creation and management (for example, Amazon API Gateway, REST API)
• Knowledge of AWS managed services with appropriate use cases (for example, AWS Transfer Family, Amazon Simple Queue Service [Amazon SQS], Secrets Manager)
• Knowledge of caching strategies
• Knowledge of design principles for microservices (for example, stateless workloads compared with stateful workloads)
• Knowledge of event-driven architectures
• Knowledge of horizontal scaling and vertical scaling
• Knowledge of how to appropriately use edge accelerators (for example, content delivery network [CDN])
• Knowledge of how to migrate applications into containers
• Knowledge of load balancing concepts (for example, Application Load Balancer)
• Knowledge of multi-tier architectures
• Knowledge of queuing and messaging concepts (for example, publish/subscribe)
• Knowledge of serverless technologies and patterns (for example, AWS Fargate, AWS Lambda)
• Knowledge of storage types with associated characteristics (for example, object, file, block)
• Knowledge of the orchestration of containers (for example, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS])
• Knowledge of when to use read replicas
• Knowledge of workflow orchestration (for example, AWS Step Functions)
• Skills in designing event-driven, microservice, and/or multi-tier architectures based on requirements
• Skills in determining scaling strategies for components used in an architecture design
• Skills in determining the AWS services required to achieve loose coupling based on requirements
• Skills in determining when to use containers
• Skills in determining when to use serverless technologies and patterns
• Skills in recommending appropriate compute, storage, networking, and database technologies based on requirements
• Skills in using purpose-built AWS services for workloads

2.1 summary:
This section emphasizes creating architectures that scale and remain loosely coupled. You will explore service patterns like event-driven design, messaging queues with SQS, and workflow orchestration with Step Functions. These design patterns introduce elasticity that allows systems to adapt to demand spikes without service degradation. Knowledge of microservice design and serverless deployment ensures that your architectures support scalable, modular applications optimized for performance and growth.

Scalability principles also extend into container orchestration, caching strategies, and global delivery with edge accelerators. Learning how services such as API Gateway, Lambda, Fargate, and ECS/EKS work in these architectures gives you the ability to select the right tools for each business scenario. Understanding when to apply horizontal and vertical scaling, combined with multi-tier architectural best practices, helps you deliver architectures that are flexible, resilient, and reliable for enterprise workloads.

Task Statement 2.2: Design highly available and/or fault-tolerant architectures.

• Knowledge of AWS global infrastructure (for example, Availability Zones, AWS Regions, Amazon Route 53)
• Knowledge of AWS managed services with appropriate use cases (for example, Amazon Comprehend, Amazon Polly)
• Knowledge of basic networking concepts (for example, route tables)
• Knowledge of disaster recovery (DR) strategies (for example, backup and restore, pilot light, warm standby, active-active failover, recovery point objective [RPO], recovery time objective [RTO])
• Knowledge of distributed design patterns
• Knowledge of failover strategies
• Knowledge of immutable infrastructure
• Knowledge of load balancing concepts (for example, Application Load Balancer)
• Knowledge of proxy concepts (for example, Amazon RDS Proxy)
• Knowledge of service quotas and throttling (for example, how to configure the service quotas for a workload in a standby environment)
• Knowledge of storage options and characteristics (for example, durability, replication)
• Knowledge of workload visibility (for example, AWS X-Ray)
• Skills in determining automation strategies to ensure infrastructure integrity
• Skills in determining the AWS services required to provide a highly available and/or fault-tolerant architecture across AWS Regions or Availability Zones
• Skills in identifying metrics based on business requirements to deliver a highly available solution
• Skills in implementing designs to mitigate single points of failure
• Skills in implementing strategies to ensure the durability and availability of data (for example, backups)
• Skills in selecting an appropriate DR strategy to meet business requirements
• Skills in using AWS services that improve the reliability of legacy applications and applications not built for the cloud (for example, when application changes are not possible)
• Skills in using purpose-built AWS services for workloads

2.2 summary:
This section develops your ability to design architectures that remain available and reliable under various conditions. You will learn disaster recovery strategies like pilot light, warm standby, and active-active failovers to meet different RPO/RTO requirements. At the infrastructure level, this means designing across multiple Availability Zones and Regions, using Route 53 for global load distribution, and introducing distributed design patterns. By leveraging automation strategies and immutable infrastructure, you provide reliable systems that stay consistent during updates or failure events.

Beyond infrastructure, this section emphasizes visibility and analyzing workloads with tools like AWS X-Ray, which help you detect inefficiencies and prevent failures proactively. Proxy solutions like RDS Proxy and scaling practices tied to service quotas ensure workloads scale gracefully. By combining high availability, disaster recovery, and fault tolerance into your designs, you will be able to deliver cloud solutions that maintain business continuity no matter the stress or scale applied.

Domain 3: Design High-Performing Architectures (24% of the exam)

Task Statement 3.1: Determine high-performing and/or scalable storage solutions.

• Knowledge of hybrid storage solutions to meet business requirements
• Knowledge of storage services with appropriate use cases (for example, Amazon S3, Amazon Elastic File System [Amazon EFS], Amazon Elastic Block Store [Amazon EBS])
• Knowledge of storage types with associated characteristics (for example, object, file, block)
• Skills in determining storage services and configurations that meet performance demands
• Skills in determining storage services that can scale to accommodate future needs

3.1 summary:
This section focuses on evaluating different storage services and their use cases. You will analyze workloads and determine whether object, file, or block storage is the most suitable option. Knowledge of EBS, EFS, and S3 enables you to select configurations that not only meet immediate performance demands but also provide the ability to scale seamlessly as data volumes grow. Hybrid storage options also offer flexibility where on-premises systems interact with the cloud efficiently.

By applying these principles, you will identify balanced storage strategies that address throughput, durability, and scale. Awareness of lifecycle policies and caching ensures solutions perform optimally while remaining cost-effective. The ability to make informed storage selections creates architectures that deliver consistent performance not only today but well into future operational demands.

Task Statement 3.2: Design high-performing and elastic compute solutions.

• Knowledge of AWS compute services with appropriate use cases (for example, AWS Batch, Amazon EMR, Fargate)
• Knowledge of distributed computing concepts supported by AWS global infrastructure and edge services
• Knowledge of queuing and messaging concepts (for example, publish/subscribe)
• Knowledge of scalability capabilities with appropriate use cases (for example, Amazon EC2 Auto Scaling, AWS Auto Scaling)
• Knowledge of serverless technologies and patterns (for example, Lambda, Fargate)
• Knowledge of the orchestration of containers (for example, Amazon ECS, Amazon EKS)
• Skills in decoupling workloads so that components can scale independently
• Skills in identifying metrics and conditions to perform scaling actions
• Skills in selecting the appropriate compute options and features (for example, EC2 instance types) to meet business requirements
• Skills in selecting the appropriate resource type and size (for example, the amount of Lambda memory) to meet business requirements

3.2 summary:
Here you will focus on designing compute solutions that expand and contract dynamically. Understanding the elasticity provided by service options like EC2 Auto Scaling, serverless technologies, and containers allows you to tailor compute choices to workload patterns. By decoupling workloads, individual components can scale independently, ensuring that demand surges are handled smoothly without impacting other processes.

Metrics-driven scaling decisions bring clarity to when and how your workloads react to demand changes. Whether it is choosing optimal Lambda memory allocations for rapid execution, migrating batch workloads to managed services, or orchestrating distributed compute clusters with EMR, the core goal is delivering efficiency and performance. These practices make your compute environments responsive, resilient, and capable of supporting variable workloads with ease.

Task Statement 3.3: Determine high-performing database solutions.

• Knowledge of AWS global infrastructure (for example, Availability Zones, AWS Regions)
• Knowledge of caching strategies and services (for example, Amazon ElastiCache)
• Knowledge of data access patterns (for example, read-intensive compared with write-intensive)
• Knowledge of database capacity planning (for example, capacity units, instance types, Provisioned IOPS)
• Knowledge of database connections and proxies
• Knowledge of database engines with appropriate use cases (for example, heterogeneous migrations, homogeneous migrations)
• Knowledge of database replication (for example, read replicas)
• Knowledge of database types and services (for example, serverless, relational compared with non-relational, in-memory)
• Skills in configuring read replicas to meet business requirements
• Skills in designing database architectures
• Skills in determining an appropriate database engine (for example, MySQL compared with PostgreSQL)
• Skills in determining an appropriate database type (for example, Amazon Aurora, Amazon DynamoDB)
• Skills in integrating caching to meet business requirements

3.3 summary:
In this section, you will learn how to design robust and high-performing database architectures. Decisions include evaluating relational versus non-relational databases, using DynamoDB for scalability, and Aurora for enterprise-grade relational needs. Implementing database proxies such as RDS Proxy improves efficiency by managing connections in high-traffic environments. You will also integrate ElastiCache to reduce query loads and improve response times.

Capacity planning ensures that you can design databases that scale to future workloads, using appropriate instance types, IOPS provisioning, and replication through read replicas. The ability to configure these features reinforces high availability and distributed performance. By combining caching, replication, and engine selection, you can design responsive data services that meet organizational growth and business impact needs.

Task Statement 3.4: Determine high-performing and/or scalable network architectures.

• Knowledge of edge networking services with appropriate use cases (for example, Amazon CloudFront, AWS Global Accelerator)
• Knowledge of how to design network architecture (for example, subnet tiers, routing, IP addressing)
• Knowledge of load balancing concepts (for example, Application Load Balancer)
• Knowledge of network connection options (for example, AWS VPN, Direct Connect, AWS PrivateLink)
• Skills in creating a network topology for various architectures (for example, global, hybrid, multi-tier)
• Skills in determining network configurations that can scale to accommodate future needs
• Skills in determining the appropriate placement of resources to meet business requirements
• Skills in selecting the appropriate load balancing strategy

3.4 summary:
This section strengthens your knowledge of designing networks that maintain high throughput and low latency. Services such as CloudFront and Global Accelerator help extend workloads across the globe while supporting performance optimization. Combining subnet tiers, routing, and IP addressing strategies builds a secure and maintainable foundation.

Workload requirements extend into designing multi-tier, global, or hybrid networks as needed. Selecting connectivity options like VPN versus Direct Connect provides flexibility in handling private and secure traffic pathways. Elastic load balancing strategies allow workloads to adapt quickly to traffic demands, making sure service delivery remains optimal at scale. A well-architected network ensures predictable performance throughout different regions and use cases.

Task Statement 3.5: Determine high-performing data ingestion and transformation solutions.

• Knowledge of data analytics and visualization services with appropriate use cases (for example, Amazon Athena, AWS Lake Formation, Amazon QuickSight)
• Knowledge of data ingestion patterns (for example, frequency)
• Knowledge of data transfer services with appropriate use cases (for example, AWS DataSync, AWS Storage Gateway)
• Knowledge of data transformation services with appropriate use cases (for example, AWS Glue)
• Knowledge of secure access to ingestion access points
• Knowledge of sizes and speeds needed to meet business requirements
• Knowledge of streaming data services with appropriate use cases (for example, Amazon Kinesis)
• Skills in building and securing data lakes
• Skills in designing data streaming architectures
• Skills in designing data transfer solutions
• Skills in implementing visualization strategies
• Skills in selecting appropriate compute options for data processing (for example, Amazon EMR)
• Skills in selecting appropriate configurations for ingestion
• Skills in transforming data between formats (for example, .csv to .parquet)

3.5 summary:
This section hones in on the ingestion and transformation of data to prepare it for analytics and business insights. You will learn the applications of Athena for queries, Glue for ETL transformations, and Kinesis for streaming architectures. Knowledge of access controls and secure ingestion endpoints ensures that data flow remains safe across transfer services like DataSync or Storage Gateway.

From a design perspective, you will be able to select the right compute for data processing workloads, opt for appropriate visualization services with QuickSight, and architect pipelines that transform data formats for efficiency. Whether ingesting streaming data in real time or batch uploads at scale, mastering these services allows you to build strong data architectures that drive insightful and actionable outcomes.

Domain 4: Design Cost-Optimized Architectures (20% of the exam)

Task Statement 4.1: Design cost-optimized storage solutions.

• Knowledge of access options (for example, an S3 bucket with Requester Pays object storage)
• Knowledge of AWS cost management service features (for example, cost allocation tags, multi-account billing)
• Knowledge of AWS cost management tools with appropriate use cases (for example, AWS Cost Explorer, AWS Budgets, AWS Cost and Usage Report)
• Knowledge of AWS storage services with appropriate use cases (for example, Amazon FSx, Amazon EFS, Amazon S3, Amazon EBS)
• Knowledge of backup strategies
• Knowledge of block storage options (for example, hard disk drive [HDD] volume types, solid state drive [SSD] volume types)
• Knowledge of data lifecycles
• Knowledge of hybrid storage options (for example, DataSync, Transfer Family, Storage Gateway)
• Knowledge of storage access patterns
• Knowledge of storage tiering (for example, cold tiering for object storage)
• Knowledge of storage types with associated characteristics (for example, object, file, block)
• Skills in designing appropriate storage strategies (for example, batch uploads to Amazon S3 compared with individual uploads)
• Skills in determining the correct storage size for a workload
• Skills in determining the lowest cost method of transferring data for a workload to AWS storage
• Skills in determining when storage auto scaling is required
• Skills in managing S3 object lifecycles
• Skills in selecting the appropriate backup and/or archival solution
• Skills in selecting the appropriate service for data migration to storage services
• Skills in selecting the appropriate storage tier
• Skills in selecting the correct data lifecycle for storage
• Skills in selecting the most cost-effective storage service for a workload

4.1 summary:
This section helps you focus on designing storage architectures with cost in mind. You will learn the trade-offs between different storage classes and access patterns in S3, EBS, EFS, and FSx services. Knowledge of tiering and lifecycle policies ensures data can be managed across warm and cold storage tiers, minimizing costs over time. It also involves evaluating hybrid storage options and backup strategies appropriate for long-term requirements.

In practical design, you will apply tools like Cost Explorer and Budgets to track cost efficiency. By structuring lifecycle management and migration strategies, you can align performance and retention with business needs. Ultimately, you gain the ability to design balanced storage solutions that deliver both resiliency and cost control, empowering businesses to use storage cost efficiently without performance loss.

Task Statement 4.2: Design cost-optimized compute solutions.

• Knowledge of AWS cost management service features (for example, cost allocation tags, multi-account billing)
• Knowledge of AWS cost management tools with appropriate use cases (for example, Cost Explorer, AWS Budgets, AWS Cost and Usage Report)
• Knowledge of AWS global infrastructure (for example, Availability Zones, AWS Regions)
• Knowledge of AWS purchasing options (for example, Spot Instances, Reserved Instances, Savings Plans)
• Knowledge of distributed compute strategies (for example, edge processing)
• Knowledge of hybrid compute options (for example, AWS Outposts, AWS Snowball Edge)
• Knowledge of instance types, families, and sizes (for example, memory optimized, compute optimized, virtualization)
• Knowledge of optimization of compute utilization (for example, containers, serverless computing, microservices)
• Knowledge of scaling strategies (for example, auto scaling, hibernation)
• Skills in determining an appropriate load balancing strategy (for example, Application Load Balancer [Layer 7] compared with Network Load Balancer [Layer 4] compared with Gateway Load Balancer)
• Skills in determining appropriate scaling methods and strategies for elastic workloads (for example, horizontal compared with vertical, EC2 hibernation)
• Skills in determining cost-effective AWS compute services with appropriate use cases (for example, Lambda, Amazon EC2, Fargate)
• Skills in determining the required availability for different classes of workloads (for example, production workloads, non-production workloads)
• Skills in selecting the appropriate instance family for a workload
• Skills in selecting the appropriate instance size for a workload

4.2 summary:
This section builds expertise in aligning compute strategies with cost optimization. You will explore the purchasing options available such as On-Demand Instances, Reserved Instances, Savings Plans, and Spot pricing. The section also emphasizes selecting instance families and sizes that match workload needs while reducing over-provisioning. With hybrid and distributed options like AWS Outposts and Snowball Edge, you can extend your compute reach while keeping costs transparent.

Operationally, you will apply auto scaling and load balancing strategies that match workloads to their most efficient configuration. By combining purchasing models with workload scaling, you can optimize both performance and cost outcomes. This capability allows you to continually build cloud applications that are resilient, efficient, and cost predictable for organizations.

Task Statement 4.3: Design cost-optimized database solutions.

• Knowledge of AWS cost management service features (for example, cost allocation tags, multi-account billing)
• Knowledge of AWS cost management tools with appropriate use cases (for example, Cost Explorer, AWS Budgets, AWS Cost and Usage Report)
• Knowledge of caching strategies
• Knowledge of data retention policies
• Knowledge of database capacity planning (for example, capacity units)
• Knowledge of database connections and proxies
• Knowledge of database engines with appropriate use cases (for example, heterogeneous migrations, homogeneous migrations)
• Knowledge of database replication (for example, read replicas)
• Knowledge of database types and services (for example, relational compared with nonrelational, Aurora, DynamoDB)
• Skills in designing appropriate backup and retention policies (for example, snapshot frequency)
• Skills in determining an appropriate database engine (for example, MySQL compared with PostgreSQL)
• Skills in determining cost-effective AWS database services with appropriate use cases (for example, DynamoDB compared with Amazon RDS, serverless)
• Skills in determining cost-effective AWS database types (for example, time series format, columnar format)
• Skills in migrating database schemas and data to different locations and/or different database engines

4.3 summary:
This section focuses on applying cost optimization principles to database solutions. You will assess trade-offs between engines like DynamoDB and RDS while applying retained backups and replication for best efficiency. Understanding caching strategies and proxies ensures databases continue performing while minimizing unnecessary costs from direct resource overuse. Capacity planning further aligns performance requirements with budget control.

In design practice, you will use AWS cost tools to analyze consumption and create optimized storage and retention lifecycles. You will also balance compliance needs with cost through scheduled backup strategies and snapshots. By selecting suitable database engines and applying serverless or managed service approaches, architectures remain agile, scalable, and cost-optimized.

Task Statement 4.4: Design cost-optimized network architectures.

• Knowledge of AWS cost management service features (for example, cost allocation tags, multi-account billing)
• Knowledge of AWS cost management tools with appropriate use cases (for example, Cost Explorer, AWS Budgets, AWS Cost and Usage Report)
• Knowledge of load balancing concepts (for example, Application Load Balancer)
• Knowledge of NAT gateways (for example, NAT instance costs compared with NAT gateway costs)
• Knowledge of network connectivity (for example, private lines, dedicated lines, VPNs)
• Knowledge of network routing, topology, and peering (for example, AWS Transit Gateway, VPC peering)
• Knowledge of network services with appropriate use cases (for example, DNS)
• Skills in configuring appropriate NAT gateway types for a network (for example, a single shared NAT gateway compared with NAT gateways for each Availability Zone)
• Skills in configuring appropriate network connections (for example, Direct Connect compared with VPN compared with internet)
• Skills in configuring appropriate network routes to minimize network transfer costs (for example, Region to Region, Availability Zone to Availability Zone, private to public, Global Accelerator, VPC endpoints)
• Skills in determining strategic needs for content delivery networks (CDNs) and edge caching
• Skills in reviewing existing workloads for network optimizations
• Skills in selecting an appropriate throttling strategy
• Skills in selecting the appropriate bandwidth allocation for a network device (for example, a single VPN compared with multiple VPNs, Direct Connect speed)

4.4 summary:
This section develops cost awareness in network designs. You will evaluate decisions around NAT gateways, Route 53 DNS, and network routing that directly impact cost structures. Strategies like VPC endpoint adoption reduce unnecessary public network transfers, while Global Accelerator ensures application users benefit from optimized paths globally.

In hands-on design, you will determine the connectivity approach that optimizes cost while delivering reliable performance, whether dedicated Direct Connect, VPN, or peering. Considering load balancing and bandwidth allocation in cost contexts gives clarity on how to scale network resources efficiently. The outcome is the ability to recommend designs that balance performance demands with practical cost optimization.