AWS Certified Solutions Architect Professional Quick Facts (2025)

Exam Domain Breakdown

Domain 1: Design Solutions for Organizational Complexity (26% of the exam)

Architect network connectivity strategies.

• AWS Global Infrastructure
• AWS networking concepts (for example, Amazon Virtual Private Cloud [Amazon VPC], AWS Direct Connect, AWS VPN, transitive routing, AWS container services)
• Hybrid DNS concepts (for example, Amazon Route 53 Resolver, on-premises DNS integration)
• Network segmentation (for example, subnetting, IP addressing, connectivity among VPCs)
• Network traffic monitoring
• Evaluating connectivity options for multiple VPCs
• Evaluating connectivity options for on-premises, co-location, and cloud integration
• Selecting AWS Regions and Availability Zones based on network and latency requirements
• Troubleshooting traffic flows by using AWS tools
• Using service endpoints for service integrations

Summary: In this section, you will explore advanced networking strategies that connect multiple VPC environments, on-premises data centers, and hybrid architectures. Key considerations include how to leverage Direct Connect, VPN, and transitive routing to enable efficient communication across environments. You will also examine how hybrid DNS resolution and Route 53 help enable seamless routing between on-premises and cloud resources.

Equally important is recognizing the significance of segmentation, subnetting, and efficient IP allocation for large-scale organizations. Emphasis is placed on selecting the right AWS Regions and Availability Zones to reduce latency, monitoring traffic flow with AWS tools, and applying service endpoints for secure and optimized connectivity. The goal is learning to design resilient networks that scale with organizational growth.

Prescribe security controls.

• AWS Identity and Access Management (IAM) and AWS IAM Identity Center
• Route tables, security groups, and network ACLs
• Encryption keys and certificate management (for example, AWS Key Management Service [AWS KMS], AWS Certificate Manager [ACM])
• AWS security, identity, and compliance tools (for example, AWS CloudTrail, AWS Identity and Access Management Access Analyzer, AWS Security Hub, Amazon Inspector)
• Evaluating cross-account access management
• Integrating with third-party identity providers
• Deploying encryption strategies for data at rest and data in transit
• Developing a strategy for centralized security event notifications and auditing

Summary: This section emphasizes the design of robust security layers that align with enterprise governance standards. You will learn how IAM, IAM Identity Center, encryption services, and audit tools work together to protect workloads. Security mechanisms such as shared encryption keys, cross-account access, and centralized compliance logs are highlighted, showing how they tie into auditing and governance efforts across multiple accounts.

You will also review how AWS native tools like Security Hub, CloudTrail, and Inspector integrate into a holistic solution for monitoring identity, data protection, and compliance adherence. By mastering these concepts, you will be capable of implementing security frameworks that not only meet but often exceed industry compliance standards.

Design reliable and resilient architectures.

• Recovery time objectives (RTOs) and recovery point objectives (RPOs)
• Disaster recovery strategies (for example, using AWS Elastic Disaster Recovery, pilot light, warm standby, and multi-site)
• Data backup and restoration
• Designing disaster recovery solutions based on RTO and RPO requirements
• Implementing architectures to automatically recover from failure
• Developing the optimal architecture by considering scale-up and scale-out options
• Designing an effective backup and restoration strategy

Summary: This section is dedicated to building architectures that withstand failures without service disruption. You will review design decisions based on RTO and RPO requirements and determine how to implement appropriate disaster recovery methodologies like pilot light, warm standby, and multi-site active-active. Emphasis is placed on building automated recovery processes to ensure business continuity.

You’ll also learn how backup and restoration strategies complement scaling approaches to avoid downtime while keeping operational costs balanced. Whether through native tools like Elastic Disaster Recovery or managed services for backups, this area equips you with the knowledge needed to design architectures that stay resilient in every scenario.

Design a multi-account AWS environment.

• AWS Organizations and AWS Control Tower
• Multi-account event notifications
• AWS resource sharing across environments
• Evaluating the most appropriate account structure for organizational requirements
• Recommending a strategy for central logging and event notifications
• Developing a multi-account governance model

Summary: In this section, multi-account architectures are addressed from both governance and operational perspectives. You’ll explore how AWS Organizations and Control Tower provide centralized guardrails, consistent policies, and scalable account creation practices. This is vital for enterprises managing multiple workloads across different compliance and security boundaries.

Attention is also given to strategies that centralize logging and notifications, ensuring administrators maintain visibility across all accounts. By applying shared resource use cases, you’ll see how organizations can empower independent teams while retaining the overarching governance needed for consistency and compliance.

Determine cost optimization and visibility strategies.

• AWS cost and usage monitoring tools (for example, AWS Trusted Advisor, AWS Pricing Calculator, AWS Cost Explorer, AWS Budgets)
• AWS purchasing options (for example, Reserved Instances, Savings Plans, Spot Instances)
• AWS rightsizing visibility tools (for example, AWS Compute Optimizer, Amazon Simple Storage Service [Amazon S3] Storage Lens)
• Monitoring cost and usage with AWS tools
• Developing an effective tagging strategy that maps costs to business units
• Understanding how purchasing options affect cost and performance

Summary: This section ensures you can connect the dots between resource usage and business outcomes through strong cost monitoring and accountability practices. Key tools include Trusted Advisor, Cost Explorer, and Forecasting models within Budgets that allow you to proactively adjust infrastructure decisions.

Tagging strategies and understanding rightsizing recommendations from services like Compute Optimizer become essential to drive both efficiency and governance. Ultimately, this section equips you with the ability to recommend purchasing and monitoring models that maximize savings without sacrificing performance.

Domain 2: Design for New Solutions (29% of the exam)

Design a deployment strategy to meet business requirements.

• Infrastructure as code (IaC) (for example, AWS CloudFormation)
• Continuous integration and continuous delivery (CI/CD)
• Change management processes
• Configuration management tools (for example, AWS Systems Manager)
• Determining an application or upgrade path for new services and features
• Selecting services to develop deployment strategies and implement appropriate rollback mechanisms
• Adopting managed services as needed to reduce infrastructure provisioning and patching overhead
• Making advanced technologies accessible by delegating complex development and deployment tasks to AWS

Summary: Here you’ll learn to build deployment strategies that optimize speed, security, and resiliency. Topics include implementing infrastructure as code through CloudFormation, designing CI/CD pipelines, and incorporating rollback and release management tools for successful delivery.

You’ll also learn how managed services like Systems Manager reduce operations overhead by adjusting traditional processes to cloud-native models. This ensures consistency, compliance, and scalability in large enterprise deployment practices.

Design a solution to ensure business continuity.

• AWS Global Infrastructure
• AWS networking concepts (for example, Route 53, routing methods)
• RTOs and RPOs
• Disaster recovery scenarios (for example, backup and restore, pilot light, warm standby, multi-site)
• Disaster recovery solutions on AWS
• Configuring disaster recovery solutions
• Configuring data and database replication
• Performing disaster recovery testing
• Architecting a backup solution that is automated, is cost-effective, and supports business continuity across multiple Availability Zones or Regions
• Designing an architecture that provides application and infrastructure availability in the event of a disruption
• Using processes and components for centralized monitoring to proactively recover from system failures

Summary: In this section, continuity strategies are expanded to focus on solution design across diverse infrastructure. You’ll analyze the use of multi-Region deployments, replication configurations, and disaster recovery testing methodologies that ensure resilience for complex applications.

Monitoring systems ensure proactive recovery before significant impacts occur, while automated replication strategies maintain continuous availability. With these skills, you’ll design strategies that maximize business uptime.

Determine security controls based on requirements.

• IAM
• Route tables, security groups, and network ACLs
• Encryption options for data at rest and data in transit
• AWS service endpoints
• Credential management services
• AWS managed security services (for example, AWS Shield, AWS WAF, Amazon GuardDuty, AWS Security Hub)
• Specifying IAM users and IAM roles that adhere to the principle of least privilege access
• Specifying inbound and outbound network flows by using security group rules and network ACL rules
• Developing attack mitigation strategies for large-scale web applications
• Developing encryption strategies for data at rest and data in transit
• Specifying service endpoints for service integrations
• Developing strategies for patch management to remain compliant with organizational standards

Summary: This section covers the defense measures required to protect applications of any scale. You’ll learn how authentication, access policies, and endpoint configurations reduce vulnerabilities, while encryption strategies are applied to modernize data security at every stage.

You’ll also learn how patching practices, DDoS mitigation using AWS Shield, and monitoring with GuardDuty build a layered defense against external threats. As security remains central to AWS design models, this area delivers a complete picture of proactive and reactive measures that strengthen every workload.

Design a strategy to meet reliability requirements.

• AWS Global Infrastructure
• AWS storage services and replication strategies (for example Amazon S3, Amazon Relational Database Service [Amazon RDS], Amazon ElastiCache)
• Multi-AZ and multi-Region architectures
• Auto scaling policies and events
• Application integration (for example, Amazon Simple Notification Service [Amazon SNS], Amazon Simple Queue Service [Amazon SQS], AWS Step Functions)
• Service quotas and limits
• Designing highly available application environments based on business requirements
• Using advanced techniques to design for failure and ensure seamless system recoverability
• Implementing loosely coupled dependencies
• Operating and maintaining high-availability architectures (for example, application failovers, database failovers)
• Using AWS managed services for high availability
• Implementing DNS routing policies (for example, Route 53 latency-based routing, geolocation routing, simple routing)

Summary: This section develops your mastery in building resilient solutions that anticipate potential failures. You’ll learn to design environments around loosely coupled services, failover configurations, and AWS-managed solutions that enable seamless recoverability.

Scaling strategies combine with fault isolation to handle high traffic while avoiding single points of failure. By leveraging policies in auto scaling, Route 53 routing decisions, and multiple Region deployments, you establish an architecture that is both highly responsive and dependable.

Design a solution to meet performance objectives.

• Performance monitoring technologies
• Storage options on AWS
• Instance families and use cases
• Purpose-built databases
• Designing large-scale application architectures for a variety of access patterns
• Designing an elastic architecture based on business objectives
• Applying design patterns to meet performance objectives with caching, buffering, and replicas
• Developing a process methodology for selecting purpose-built services for required tasks
• Designing a rightsizing strategy

Summary: This section focuses on scaling performance with accuracy and efficiency. You’ll learn about instance selection, purpose-built databases, and specific design models (like caching and buffering) to optimize data-intensive workloads.

From monitoring solutions that proactively identify bottlenecks to tailoring server families against rich access patterns, your design approach will reflect performance balance aligned with business goals.

Determine a cost optimization strategy to meet solution goals and objectives.

• AWS cost and usage monitoring tools (for example, Cost Explorer, Trusted Advisor, AWS Pricing Calculator)
• Pricing models (for example, Reserved Instances, Savings Plans)
• Storage tiering
• Data transfer costs
• AWS managed service offerings
• Identifying opportunities to select and rightsize infrastructure for cost-effective resources
• Identifying appropriate pricing models
• Performing data transfer modeling and selecting services to reduce data transfer costs
• Developing a strategy and implementing controls for expenditure and usage awareness

Summary: This section emphasizes designing with cost awareness to align with performance requirements. It covers analyzing models like Reserved Instances, Savings Plans, and storage tiering in relation to workload demand.

Key practices include capacity modeling and using AWS tools for forecasting and adjustment. By pairing managed services with strong reporting and governance, this area ensures architecture decisions remain efficient and affordable.

Domain 3: Continuous Improvement for Existing Solutions (25% of the exam)

Determine a strategy to improve overall operational excellence.

• Alerting and automatic remediation strategies
• Disaster recovery planning
• Monitoring and logging solutions (for example, Amazon CloudWatch)
• CI/CD pipelines and deployment strategies (for example, blue/green, all-at-once, rolling)
• Configuration management tools (for example, Systems Manager)
• Determining the most appropriate logging and monitoring strategy
• Evaluating current deployment processes for improvement opportunities
• Prioritizing opportunities for automation within a solution stack
• Recommending the appropriate AWS solution to enable configuration management automation
• Engineering failure scenario activities to support and exercise an understanding of recovery actions

Summary: This section ensures that continuous improvement is built into operations. With monitoring, automation, and deployment best practices, you’ll explore how improvements are identified based on monitoring feedback loops and automation-first mindsets.

Strategies such as blue/green deployments, automatic remediation, and disaster recovery exercises create systems resilient to disruption while maintaining pace with organizational demands.

Determine a strategy to improve security.

• Data retention, data sensitivity, and data regulatory requirements
• Automated monitoring and remediation strategies (for example, AWS Config rules)
• Secrets management (for example, Systems Manager, AWS Secrets Manager)
• Principle of least privilege access
• Security-specific AWS solutions
• Patching practices
• Backup practices and methods
• Evaluating a strategy for the secure management of secrets and credentials
• Auditing an environment for least privilege access
• Reviewing implemented solutions to ensure security at every layer
• Reviewing comprehensive traceability of users and services
• Prioritizing automated responses to the detection of vulnerabilities
• Designing and implementing a patch and update process
• Designing and implementing a backup process
• Employing remediation techniques

Summary: This section stresses continuous security assurance and automated prevention. Services like Config, Secrets Manager, and automated patch management become central tools for enforcing ongoing compliance.

Through monitoring traceability details and auditing, gaps are immediately corrected, closing off vulnerabilities quickly. With proactive remediation rules in place, organizations evolve toward always-on security.

Determine a strategy to improve performance.

• High-performing systems architectures (for example, auto scaling, instance fleets, placement groups)
• Global service offerings (for example, AWS Global Accelerator, Amazon CloudFront, edge computing services)
• Monitoring tool sets and services (for example, CloudWatch)
• Service level agreements (SLAs) and key performance indicators (KPIs)
• Translating business requirements to measurable metrics
• Testing potential remediation solutions and making recommendations
• Proposing opportunities for the adoption of new technologies and managed services
• Assessing solutions and applying rightsizing based on requirements
• Identifying and examining performance bottlenecks

Summary: Here, consistent optimization of workload performance is prioritized. Services like CloudFront and Global Accelerator improve delivery speed, while auto scaling maintains balance between load and available compute.

By comparing measured outcomes against SLAs and KPIs, continuous improvements are aligned with business needs. The inclusion of new technologies and rightsizing strategies keeps improvements agile yet efficient.

Determine a strategy to improve reliability.

• AWS Global Infrastructure
• Data replication methods
• Scaling methodologies (for example, load balancing, auto scaling)
• High availability and resiliency
• Disaster recovery methods and tools
• Service quotas and limits
• Understanding application growth and usage trends
• Evaluating existing architecture to determine areas that are not sufficiently reliable
• Remediating single points of failure
• Enabling data replication, self-healing, and elastic features and services

Summary: This section reinforces ongoing reliability evolution within solutions. From replication methods to scalable compute strategies, this area focuses on resolving gaps in existing architectures.

Importantly, you’ll learn methods to detect and remediate single points of failure proactively and apply elastic design as applications grow. With continuous evaluation, systems evolve ahead of user demand.

Identify opportunities for cost optimizations.

• Cost-conscious architecture choices (for example, using Spot Instances, scaling policies, and rightsizing resources)
• Price model adoptions (for example, Reserved Instances, Savings Plans)
• Networking and data transfer costs
• Cost management, alerting, and reporting
• Analyzing usage reports to identify underutilized and overutilized resources
• Using AWS solutions to identify unused resources
• Designing billing alarms based on expected usage patterns
• Investigating AWS Cost and Usage Reports at a granular level
• Using tagging for cost allocation and reporting

Summary: This section highlights continuous visibility into costs across accounts and workloads. With AWS insight tools, tagging, and granular cost and usage reporting, inefficiencies are quickly identified and addressed.

From resource rightsizing to exploring Spot Instance opportunities, you’ll develop a systematic practice where delivering optimal performance goes hand-in-hand with smart financial choices.

Domain 4: Accelerate Workload Migration and Modernization (20% of the exam)

Select existing workloads and processes for potential migration.

• Migration assessment and tracking tools (for example, AWS Migration Hub)
• Portfolio assessment
• Asset planning
• Prioritization and migration of workloads (for example, wave planning)
• Completing an application migration assessment
• Evaluating applications according to the seven common migration strategies (7Rs)
• Evaluating total cost of ownership (TCO)

Summary: This section enables you to identify which workloads are best suited for migration. It begins with portfolio and asset assessments and continues with methods such as wave planning to prioritize and sequence migration strategies.

You will also learn to evaluate TCO and select the most appropriate migration pathway among the 7Rs to align with business goals. This structured approach makes migrations both predictable and successful.

Determine the optimal migration approach for existing workloads.

• Data migration options and tools (for example, AWS DataSync, AWS Transfer Family, AWS Snow Family, S3 Transfer Acceleration)
• Application migration tools (for example, AWS Application Discovery Service, AWS Application Migration Service)
• AWS networking services and DNS (for example, Direct Connect, AWS Site-to-Site VPN, Route 53)
• Identity services (for example, IAM Identity Center, AWS Directory Service)
• Database migration tools (for example, AWS Database Migration Service [AWS DMS], AWS Schema Conversion Tool [AWS SCT])
• Governance tools (for example, AWS Control Tower, Organizations)
• Selecting the appropriate database transfer mechanism
• Selecting the appropriate application transfer mechanism
• Selecting the appropriate data transfer service and migration strategy
• Applying the appropriate security methods to migration tools
• Selecting the appropriate governance model

Summary: In this section, migration tools, integrations, and governance decisions take center stage. You will learn how Direct Connect, Route 53, and VPNs enable secure ties between cloud and on-premises during migrations.

Database assessment and replication, when combined with services like SCT and DMS, ensure data integrity during transfer. Combined with governance guardrails, migrations can be secure, structured, and smooth.

Determine a new architecture for existing workloads.

• Compute services (for example, Amazon Elastic Compute Cloud [Amazon EC2], AWS Elastic Beanstalk)
• Containers (for example, Amazon Elastic Container Service [Amazon ECS], Amazon Elastic Kubernetes Service [Amazon EKS], AWS Fargate, Amazon Elastic Container Registry [Amazon ECR])
• AWS storage services (for example, Amazon Elastic Block Store [Amazon EBS], Amazon Elastic File System [Amazon EFS], Amazon FSx, Amazon S3, Volume Gateway)
• Databases (for example, Amazon DynamoDB, Amazon OpenSearch Service, Amazon RDS, self-managed databases on Amazon EC2)
• Selecting the appropriate compute platform
• Selecting the appropriate container hosting platform
• Selecting the appropriate storage service
• Selecting the appropriate database platform

Summary: This section focuses on identifying new hosting strategies for workloads. You’ll evaluate EC2 and Elastic Beanstalk for workloads requiring control compared to containerized services like EKS and ECS for distributed systems.

AWS storage and database platforms play key roles, with DynamoDB offering NoSQL alternatives and RDS providing relational management. By mastering these, you will align existing workloads with more efficient operating environments.

Determine opportunities for modernization and enhancements.

• Serverless compute offerings (for example, AWS Lambda)
• Containers (for example, Amazon ECS, Amazon EKS, Fargate)
• AWS storage services (for example, Amazon S3, Amazon EFS)
• Purpose-built databases (for example, DynamoDB, Amazon Aurora Serverless, ElastiCache)
• Integration services (for example, Amazon SQS, Amazon SNS, Amazon EventBridge, Step Functions)
• Identifying opportunities to decouple application components
• Identifying opportunities for serverless solutions
• Selecting the appropriate service for containers
• Identifying opportunities for purpose-built databases
• Selecting the appropriate application integration service

Summary: The final section emphasizes driving modernization within migrated workloads. You will see how serverless computing and containers enable efficiency, agility, and scalability across application designs.

By implementing message queues, purpose-built databases, and integration services, monolithic applications transform into agile, decoupled systems. This enables modernization across the enterprise landscape, ensuring long-term innovation leadership.