AWS Certified Solutions Architect Associate Quick Facts (2025)

Exam Domain Breakdown

Domain 1: Design Secure Architectures (30% of the exam)

Design secure access to AWS resources

• Access controls and management across multiple accounts
• Federated access and identity services such as IAM and IAM Identity Center
• AWS global infrastructure concepts like Regions and Availability Zones
• AWS security best practices including the principle of least privilege
• Shared responsibility model awareness
• Applying security best practices to IAM users and root user
• Designing authorization models with IAM entities
• Role-based access control strategy using STS and cross-account access
• Designing security for multiple AWS accounts with Control Tower and SCPs
• Determining use cases for resource policies
• Knowing when to federate directory services with IAM roles

Summary: This section ensures you master how AWS identity and access management tools work together to protect resources. You’ll learn to design structures that scale securely across multiple accounts while maintaining centralized governance and delegated access. Particular attention is paid to optimally using policies, roles, and groups for a well-structured, least privilege access strategy that aligns to business requirements.

At a deeper level, you will explore how to apply federation, service control policies, and multi-account designs to simplify permissions across large environments. You will also learn the practical elements of IAM Identity Center, how to secure root accounts with MFA, and how to integrate AWS security concepts into everyday architecture decisions for a strong organizational security posture.

Design secure workloads and applications

• Application configuration and credential security
• Secure AWS service endpoints and traffic control
• Designing secure VPCs with subnets, ACLs, and NAT gateways
• AWS security services such as Cognito, GuardDuty, and Macie
• Understanding external threat vectors including DDoS and SQL injection
• Integrating AWS services for application security protections like Shield and WAF
• Securing external connections using VPN and Direct Connect
• Implementing segmentation through public and private subnets

Summary: This section focuses on securing your workloads and applications running on AWS. You’ll identify key services and architectural patterns used to protect traffic, manage credentials, and safeguard data flows in and out of networks. Learning how to apply network segmentation and service-level security features helps you build secure, compliant, and responsive systems that meet organizational goals.

You’ll also gain hands-on understanding of how AWS services like WAF, Shield, Cognito, and Macie can be woven into your architectures to prevent unauthorized access and mitigate threats. This knowledge enables you to confidently design applications that use encryption, proper endpoint management, and controlled connectivity to maintain end-to-end protection within AWS.

Determine appropriate data security controls

• Data access and governance principles
• Data recovery, retention, and classification
• Encryption and key management using AWS KMS
• Aligning AWS technologies with compliance needs
• Encrypting data in transit and at rest
• Managing encryption key policies
• Configuring backups, replication, and lifecycle protections
• Implementing rotation and renewal strategies for keys and certificates

Summary: This section builds your expertise in protecting data across its entire lifecycle. You’ll learn how to classify data, set governance policies, and apply encryption effectively to secure assets in transit and at rest. Hands-on comprehension of AWS KMS and AWS Certificate Manager ensures that you can implement robust and compliant encryption approaches for any level of workload sensitivity.

Beyond encryption, you will explore mechanisms for automating backup, replication, and recovery to maintain durability. You’ll also see how to align AWS services with organizational and regulatory mandates, using policies that establish a consistent and auditable data protection strategy across every layer of the architecture.

Domain 2: Design Resilient Architectures (26% of the exam)

Design scalable and loosely coupled architectures

• API management with API Gateway
• Using managed integration services such as SQS and Secrets Manager
• Applying caching strategies and microservice design principles
• Understanding horizontal and vertical scaling patterns
• Implementing event-driven and serverless solutions
• Leveraging edge acceleration through content delivery
• Using containers and orchestration with ECS and EKS
• Designing for queue-based decoupling and stateless architecture

Summary: This section dives into creating flexible, highly scalable systems that adapt easily to changing demands. You’ll learn to decouple application components using queues, events, and microservices to remove bottlenecks and achieve consistent reliability. Building with AWS managed services allows you to focus on the business logic while maintaining elasticity and resilience across workloads.

The material also supports a deeper understanding of when and how to select compute methods like containers or serverless designs to meet specific performance and scaling goals. By integrating caching, asynchronous messaging, and event routing, you will be able to craft architectures that deliver consistent performance and cost efficiency as they grow.

Design highly available and/or fault-tolerant architectures

• Using AWS global infrastructure with Regions, AZs, and Route 53
• Applying managed services for availability improvements
• Network basics and routing essentials
• Disaster recovery strategies such as backup and restore, warm standby, and active-active
• Distributed design patterns and failover planning
• Immutable infrastructure concepts
• Service quotas and throttling approaches
• Storing and replicating data for durability
• Using purpose-built AWS services for reliable architectures

Summary: This section teaches you how to design systems that stay operational even amid unexpected disruptions. You will examine how to use multiple Availability Zones and Regions for redundancy and explore patterns like failover and warm standby that ensure swift service recovery. Learning to align RPO and RTO values with specific DR strategies helps you tailor resilience to meet business continuity objectives.

You’ll also connect architectural design choices with the practical use of AWS tools such as Route 53 for health checks, X-Ray for monitoring, and managed database replication for data durability. These practices blend together to deliver infrastructures that maintain uptime, minimize single points of failure, and fulfill the promise of a highly available cloud environment.

Domain 3: Design High-Performing Architectures (24% of the exam)

Determine high-performing and/or scalable storage solutions

• Evaluating hybrid storage approaches across environments
• Matching use cases with storage types like object, file, and block
• Using S3, EFS, and EBS effectively
• Implementing scalable strategies for future capacity needs

Summary: This section deepens your understanding of how to select and configure AWS storage options that balance performance, durability, and scalability. You’ll differentiate between storage technologies and their role in application workloads. Learning to evaluate performance targets and capacity planning ensures that each data layer meets both current and expected business requirements.

Additionally, you’ll explore techniques such as hybrid connections and caching to integrate storage within larger distributed systems. You will gain confidence designing architectures that accommodate growth gracefully while maintaining low latency and cost control.

Design high-performing and elastic compute solutions

• Choosing compute services such as AWS Batch, EMR, Lambda, or Fargate
• Implementing distributed processing concepts across global infrastructure
• Applying queuing and messaging for decoupled scaling
• Using auto scaling features appropriately
• Selecting instance types and resource sizes based on workload needs

Summary: This section emphasizes how to create compute environments that automatically adapt to demand changes. You’ll analyze the trade-offs between EC2 instances, containers, and serverless workloads while learning scalability methods that ensure responsive performance under varying traffic conditions. Recognizing how to use AWS’s flexible scaling services empowers you to maintain efficiency through automation.

In practice, this knowledge enables you to build applications that run efficiently whether they process thousands or millions of requests. You’ll select compute resources by workload characteristics, ensuring that each component performs optimally and scales without service disruption.

Determine high-performing database solutions

• Planning capacity and understanding data access patterns
• Leveraging caching for high-throughput access
• Selecting appropriate engines for workload types
• Configuring replication and read replicas
• Integrating proxies and choosing database types such as relational or in-memory

Summary: This section teaches how to identify the right database configurations to achieve desired performance. You’ll evaluate database types such as Aurora, DynamoDB, or in-memory stores to ensure queries and workloads scale efficiently. Practical understanding of replication, caching, and optimized connections helps you minimize latency while maintaining data accuracy.

Through examples of how to size instances, apply capacity planning, and integrate database proxies, you will gain insight into achieving sustainable throughput. These principles are essential to building architectures that deliver quick responses and stay reliable as demand increases.

Determine high-performing and/or scalable network architectures

• Designing network topologies for global and hybrid architectures
• Using edge networking and content delivery services
• Applying load balancing concepts and configurations
• Selecting appropriate connection options such as VPN, Direct Connect, or PrivateLink

Summary: This section explains how to construct network environments designed for performance and scalability from the ground up. You’ll understand how to use Region and Availability Zone placement, subnet layouts, and load balancing strategies that maximize reach and responsiveness. Knowledge of edge acceleration and CDN deployment expands your ability to optimize user experiences across global audiences.

You’ll also practice determining appropriate connectivity options that balance cost and latency. From Multi-AZ routing to hybrid network design, this section strengthens your ability to deliver fast, efficient, and secure network solutions on AWS infrastructure.

Determine high-performing data ingestion and transformation solutions

• Understanding ingestion frequency and transfer requirements
• Designing streaming services using Kinesis or EMR
• Applying data ingestion and transformation services such as Glue
• Building and securing data lakes
• Visualizing data using Athena or QuickSight

Summary: This section introduces comprehensive approaches to collecting and transforming data at scale. You’ll explore how to use AWS analytics and data-moving services to process datasets for reporting, intelligence, or application consumption. By learning to architect pipelines that handle real-time and batch flows, you can optimize the timeliness and reliability of business insights.

More broadly, the lessons help you build efficient data architectures that leverage secure access, proper storage tiers, and scalable processing power. Integrating ingestion, transformation, and presentation layers into cohesive data systems empowers organizations to make fast and data-driven decisions.

Domain 4: Design Cost-Optimized Architectures (20% of the exam)

Design cost-optimized storage solutions

• Applying lifecycle policies and cold storage tiers
• Managing backups, archiving, and hybrid storage
• Choosing the most cost-effective data transfer methods
• Selecting proper storage classes and capacity based on workload patterns

Summary: This section focuses on optimizing cost while maintaining performance across storage options. You’ll learn to determine the correct combination of storage services such as S3, EFS, and FSx, applying lifecycle management to reduce ongoing expenses. Awareness of storage access patterns informs when to use standard, infrequent access, or archival tiers most effectively.

Equipped with this insight, you’ll strategize backups and hybrid transfers that retain just the right amount of performance for the least cost. These practices free up budget for innovation while maintaining durability and compliance in data management.

Design cost-optimized compute solutions

• Using cost management tools such as Cost Explorer and AWS Budgets
• Selecting appropriate instance families and purchasing models like Spot or Reserved Instances
• Implementing scaling strategies that prevent over-provisioning
• Designing distributed and hybrid compute strategies with Outposts or Snowball Edge

Summary: This section highlights how intelligent compute planning directly improves efficiency. You’ll compare compute models and pricing structures to match workload behavior, ensuring that each environment delivers optimal performance within budget. Understanding optimization at the instance, container, and function level enables more predictable cost management.

By combining scaling policies, cost management tools, and hybrid strategies, you create architectures that deliver consistent results while minimizing waste. These decisions extend cost-benefit control into every phase of your compute lifecycle.

Design cost-optimized database solutions

• Planning retention, caching, and data capacity
• Choosing appropriate engines for cost alignment
• Managing replication, backup frequency, and format
• Evaluating DynamoDB, Aurora, and RDS for workload cost-fit scenarios

Summary: This section introduces cost control methods tailored to database environments. You’ll compare managed and serverless database models to select options that conserve resources while meeting performance goals. Understanding cost implications behind replication, scaling, and retention settings helps you select configurations that serve both technical and financial strategies.

You will also explore how to analyze cost-per-operation ratios and leverage caching solutions to limit overuse of read/write requests. Collectively, these methods create data platforms that are responsive and affordable, forming the foundation of sustainable database architectures.

Design cost-optimized network architectures

• Understanding NAT gateway and peering cost differences
• Selecting network routes to minimize transfer costs
• Designing network topologies for economical data flow
• Implementing caching and throttling where appropriate

Summary: This final section shows how to optimize network routing and connectivity for both performance and cost. You’ll learn about trade-offs between VPNs, Direct Connect, and internet paths, balancing reliability with expenditure. Detailed attention to peerings, gateways, and routing tables ensures that data travels efficiently within budget boundaries.

By applying these best practices, you’ll reduce data transfer overhead without compromising speed or security. This architectural awareness transforms complex network challenges into optimized solutions that scale gracefully while maintaining expected cost predictability.