Back to Blog

AWS SAA-C03 Exam Domains: Weighted Study Strategy for Maximum Score

Strategic guide to the four AWS Solutions Architect Associate exam domains. Learn how to allocate study time based on domain weights and maximize your exam score.

By Sailor Team , April 13, 2026

AWS SAA-C03 Exam Domains: A Weighted Strategy for Maximum Score

The AWS Solutions Architect Associate (SAA-C03) exam is divided into four domains, each contributing a different percentage to your final score. Understanding these domain weights and building a study strategy around them is one of the most effective ways to maximize your score with the time you have available.

This guide breaks down each domain in detail, explains how they overlap, and provides a concrete study allocation strategy that helps you focus your effort where it matters most.

For a broader overview of the exam, start with our AWS Solutions Architect Associate guide.

The Four Domains at a Glance

DomainWeightApproximate Questions
Domain 1: Design Secure Architectures30%~20 questions
Domain 2: Design Resilient Architectures26%~17 questions
Domain 3: Design High-Performing Architectures24%~16 questions
Domain 4: Design Cost-Optimized Architectures20%~13 questions

The question counts are approximate since the exam contains 65 scored questions and the exact distribution may vary slightly between exam forms. However, the percentage weights are fixed and published by AWS.

Domain 1: Design Secure Architectures (30%)

Security is the single most heavily weighted domain on the SAA-C03. Nearly one-third of your exam score depends on your ability to design architectures that protect data, manage access, and meet compliance requirements.

Key Topics Within Domain 1

Identity and Access Management (IAM)

  • IAM users, groups, roles, and policies
  • Identity-based policies vs. resource-based policies
  • Permission boundaries and service control policies (SCPs)
  • Cross-account access patterns
  • IAM best practices and the principle of least privilege
  • AWS Organizations and multi-account strategies
  • AWS IAM Identity Center (formerly AWS SSO)

Data Protection

  • Encryption at rest using AWS KMS, S3 SSE, and EBS encryption
  • Encryption in transit using TLS/SSL and certificate management with ACM
  • Key management strategies (AWS managed keys vs. customer managed keys vs. customer provided keys)
  • Secrets management with AWS Secrets Manager and Systems Manager Parameter Store
  • Data classification and handling requirements

Network Security

  • VPC security groups and network ACLs
  • VPC endpoints (gateway and interface endpoints) for private service access
  • AWS PrivateLink for secure service-to-service communication
  • AWS WAF and AWS Shield for application and DDoS protection
  • VPC Flow Logs for network monitoring
  • Bastion hosts and Systems Manager Session Manager for secure access

Compliance and Governance

  • AWS Config for configuration compliance
  • AWS CloudTrail for API activity logging
  • Amazon GuardDuty for threat detection
  • AWS Security Hub for centralized security findings
  • Shared responsibility model

Study Strategy for Domain 1

Given its 30% weight, allocate approximately 30% of your study time to security. Start with IAM, as it is the foundation. Then work through encryption patterns, network security, and governance tools.

Quick wins in this domain:

  • Master the differences between security groups (stateful) and network ACLs (stateless)
  • Understand when to use IAM roles vs. IAM users
  • Know the encryption options for every major storage service (S3, EBS, RDS, DynamoDB)
  • Learn VPC endpoint types and when to use each

Security concepts are not isolated to Domain 1. Expect security-related requirements embedded in questions across all four domains. A question about cost optimization might still require you to choose the secure option among cost-effective alternatives.

Domain 2: Design Resilient Architectures (26%)

Resilience is about designing systems that survive failures and recover quickly. This domain tests your ability to build architectures that maintain availability and minimize data loss when components fail.

Key Topics Within Domain 2

High Availability Design

  • Multi-AZ deployments for databases (RDS Multi-AZ, Aurora)
  • Elastic Load Balancing (ALB, NLB, GLB) configuration and health checks
  • Auto Scaling groups with appropriate scaling policies
  • Multi-Region architectures for disaster recovery
  • Route 53 routing policies (failover, weighted, latency-based, geolocation)

Fault Tolerance

  • Loose coupling using SQS, SNS, and EventBridge
  • Decoupled architectures that isolate failure domains
  • Stateless application design patterns
  • Session management with ElastiCache or DynamoDB
  • Graceful degradation strategies

Backup and Recovery

  • RDS automated backups and manual snapshots
  • S3 versioning and cross-region replication
  • EBS snapshots and AMI management
  • AWS Backup for centralized backup management
  • Recovery point objective (RPO) and recovery time objective (RTO) concepts
  • Disaster recovery strategies: backup and restore, pilot light, warm standby, multi-site active-active

Scalability

  • Horizontal vs. vertical scaling
  • Auto Scaling policies: target tracking, step scaling, simple scaling
  • Read replicas for database read scaling
  • Caching strategies to reduce backend load
  • Serverless architectures that scale automatically (Lambda, Fargate)

Study Strategy for Domain 2

Allocate approximately 26% of your study time here. Focus on understanding the trade-offs between different availability levels and their associated costs.

Quick wins in this domain:

  • Know the difference between RDS Multi-AZ (for availability) and Read Replicas (for performance)
  • Understand all four disaster recovery strategies and their RPO/RTO characteristics
  • Master Auto Scaling group configuration including launch templates and scaling policies
  • Learn SQS and SNS patterns for decoupled architectures

How Domain 2 Overlaps With Other Domains

Resilience overlaps significantly with Domain 3 (performance) and Domain 4 (cost). Many questions test your ability to choose an architecture that is both resilient and cost-effective, or both resilient and high-performing. For example, choosing between a multi-AZ RDS deployment (resilient but more expensive) and a single-AZ with automated backups (less resilient but cheaper) depends on the specific requirements stated in the question.

Domain 3: Design High-Performing Architectures (24%)

Performance optimization is about selecting the right services and configurations to deliver fast, responsive applications under varying load conditions.

Key Topics Within Domain 3

Compute Optimization

  • EC2 instance type selection (compute-optimized, memory-optimized, storage-optimized, general purpose)
  • Placement groups (cluster, spread, partition)
  • Enhanced networking and Elastic Fabric Adapter (EFA)
  • Lambda function configuration and performance tuning
  • Container services (ECS, EKS, Fargate) for workload portability

Storage Optimization

  • EBS volume types (gp3, io2, st1, sc1) and performance characteristics
  • S3 storage classes and access patterns
  • S3 Transfer Acceleration for faster uploads
  • EFS performance modes and throughput modes
  • FSx for high-performance file systems (Lustre, Windows File Server)

Database Optimization

  • RDS instance sizing and read replicas
  • Aurora performance advantages and global databases
  • DynamoDB capacity modes (provisioned vs. on-demand) and partition key design
  • ElastiCache (Redis, Memcached) for caching strategies
  • Database migration strategies with DMS

Networking Performance

  • CloudFront for edge caching and content delivery
  • Global Accelerator for improved global performance
  • VPC peering and Transit Gateway for efficient network routing
  • Direct Connect for dedicated, consistent network performance

Monitoring and Optimization

  • CloudWatch metrics, alarms, and dashboards
  • CloudWatch Logs and Logs Insights
  • AWS X-Ray for distributed tracing
  • Trusted Advisor performance recommendations

Study Strategy for Domain 3

Allocate approximately 24% of your study time here. Focus on understanding which service or configuration delivers optimal performance for specific workload types.

Quick wins in this domain:

  • Memorize EBS volume type characteristics (IOPS, throughput, use cases)
  • Understand when to use ElastiCache Redis vs. Memcached
  • Know when CloudFront vs. Global Accelerator is the right choice
  • Learn DynamoDB partition key design principles for even distribution

How Domain 3 Overlaps With Other Domains

Performance questions frequently include cost constraints. A question might ask for the “most cost-effective way to improve read performance,” requiring you to balance Domain 3 (performance) with Domain 4 (cost). Similarly, performance solutions must be secure (Domain 1) and resilient (Domain 2). CloudFront, for example, spans all four domains: it improves performance (Domain 3), adds security through HTTPS and signed URLs (Domain 1), provides redundancy through edge locations (Domain 2), and can reduce costs by offloading origin traffic (Domain 4).

Domain 4: Design Cost-Optimized Architectures (20%)

Cost optimization is the lightest domain by weight but should not be underestimated. Understanding AWS pricing models and cost-saving strategies is essential not just for this domain but for answering questions across all domains.

Key Topics Within Domain 4

Compute Pricing

  • EC2 pricing models: On-Demand, Reserved Instances, Savings Plans, Spot Instances, Dedicated Hosts
  • When to use each pricing model based on workload characteristics
  • Lambda pricing model (requests + duration)
  • Fargate pricing (vCPU + memory per second)

Storage Pricing

  • S3 storage classes (Standard, Standard-IA, One Zone-IA, Glacier Instant Retrieval, Glacier Flexible Retrieval, Glacier Deep Archive)
  • S3 Lifecycle policies for automatic storage class transitions
  • EBS volume pricing and snapshot costs
  • Data transfer costs (a frequently underestimated expense)

Database Pricing

  • RDS pricing: instance hours, storage, I/O, backup storage
  • Aurora pricing: instance hours, I/O, storage
  • DynamoDB pricing: provisioned vs. on-demand capacity modes
  • Reserved capacity options for databases

Cost Management Tools

  • AWS Cost Explorer for cost analysis
  • AWS Budgets for cost alerts
  • AWS Cost and Usage Reports for detailed billing data
  • Trusted Advisor cost optimization recommendations
  • Right-sizing recommendations

Architectural Cost Optimization

  • Serverless vs. server-based cost analysis
  • Managed services vs. self-managed cost comparison
  • Multi-tier architecture optimization
  • Data transfer cost minimization strategies
  • Appropriate use of caching to reduce backend costs

Study Strategy for Domain 4

Allocate approximately 20% of your study time here, but recognize that cost concepts permeate the entire exam.

Quick wins in this domain:

  • Master EC2 pricing models and know which workload patterns fit each (Spot for fault-tolerant batch processing, Reserved/Savings Plans for steady-state, On-Demand for unpredictable short-term)
  • Know all S3 storage classes and their access patterns and retrieval costs
  • Understand data transfer pricing (into AWS is free, between AZs and out of AWS is not)
  • Learn when serverless is cheaper than traditional compute

The Optimal Study Order

Based on domain weights, overlap, and foundational dependencies, here is the recommended study sequence:

Phase 1: Foundation (Weeks 1-2)

Start with core networking and IAM. VPC architecture and IAM are foundational to everything else. Without understanding VPCs, subnets, security groups, and IAM, other domains will not make sense.

Topics: VPC design, subnets, route tables, internet gateways, NAT gateways, security groups, NACLs, IAM users/roles/policies.

Phase 2: Security Deep Dive (Weeks 2-3)

Build on the IAM foundation with Domain 1. Since security is 30% of the exam and underpins all other domains, mastering it early pays dividends throughout your remaining preparation.

Topics: Encryption (KMS, S3 SSE, EBS), VPC endpoints, WAF, Shield, CloudTrail, Config, GuardDuty, Secrets Manager.

Phase 3: Compute and Storage (Weeks 3-5)

Cover the core services tested across Domains 2, 3, and 4. EC2, S3, RDS, and DynamoDB appear in questions spanning all four domains. Deep understanding of these services is essential.

Topics: EC2 instance types and pricing, EBS volume types, S3 storage classes and features, RDS configurations, DynamoDB design, Lambda fundamentals.

Phase 4: Resilience and Performance (Weeks 5-7)

Layer on architectural patterns from Domains 2 and 3. With core services understood, you can now focus on how to combine them into resilient, high-performing architectures.

Topics: Load balancing, Auto Scaling, Multi-AZ and Multi-Region, disaster recovery strategies, caching, CloudFront, Route 53, decoupled architectures.

Phase 5: Cost Optimization and Integration (Weeks 7-8)

Wrap up with Domain 4 and cross-domain integration. Cost optimization requires understanding all other domains first, since cost questions require comparing alternatives across different service categories.

Topics: Pricing models, cost management tools, serverless architectures, managed services, data transfer optimization, lifecycle policies.

Phase 6: Practice and Review (Weeks 8-10)

Dedicate the final phase entirely to practice exams and targeted review. This phase is where your score gains are greatest.

How to Identify Your Weak Domains

Self-assessment is critical. Here are three methods to find your weakest areas:

Method 1: Domain-Specific Practice Questions

Rather than taking a full practice exam, answer questions filtered by domain. This isolates your performance in each area without the variables of fatigue and time pressure. Score yourself per domain and compare against the 72% passing threshold.

Method 2: Full-Length Practice Exam Analysis

Take a full-length, timed practice exam and analyze your results by domain. Most quality practice exams, including the AWS Solutions Architect Associate Mock Exam Bundle, provide a domain-level score breakdown. Compare your domain scores to identify where you are losing the most points.

Method 3: Topic Confidence Rating

Go through the exam guide topic by topic and honestly rate your confidence on each item: strong, moderate, or weak. Any topic rated weak or moderate needs additional study time. This method requires honest self-assessment but provides a quick initial picture.

Maximizing Score Through Strategic Study Time Allocation

If you have limited time remaining before your exam, prioritize based on two factors: domain weight and your personal weakness.

The Priority Matrix

Your WeaknessHigh Weight Domain (1, 2)Low Weight Domain (3, 4)
WeakHighest priorityMedium priority
ModerateHigh priorityMedium-low priority
StrongLow priority (review only)Lowest priority

A weakness in Domain 1 (30% weight) costs far more than a weakness in Domain 4 (20% weight). Focus your limited time on high-weight domains where you are weakest.

The 80/20 Rule for Each Domain

Within each domain, not all topics are tested equally. Focus on the services and concepts that appear most frequently:

Domain 1 high-frequency topics: IAM policies and roles, KMS encryption, VPC security groups and NACLs, VPC endpoints Domain 2 high-frequency topics: Auto Scaling, Load Balancing, Multi-AZ RDS, SQS decoupling, disaster recovery strategies Domain 3 high-frequency topics: EBS volume types, CloudFront, ElastiCache, DynamoDB performance, EC2 instance types Domain 4 high-frequency topics: EC2 pricing models (especially Spot and Reserved), S3 storage classes, serverless cost comparison, data transfer costs

How Practice Exams Help Target Weak Domains

Practice exams serve two critical functions in a domain-weighted study strategy:

Diagnostic Function

Your first practice exam should be taken before you finish studying, ideally after covering all four domains at a basic level. The domain-level breakdown reveals exactly where to focus your remaining study time. Without this data, you are guessing which areas need work.

Validation Function

Subsequent practice exams confirm that your targeted study is working. If your Domain 1 score was 60% on the first practice exam and 80% after focused security study, you know your effort was effective. If it has not improved, you need to change your study approach for that domain.

The Mock Exam Bundle includes multiple full-length exams with per-domain scoring, making it straightforward to track your progress across all four domains and adjust your study plan accordingly.

Cross-Domain Concepts to Master

Some concepts span multiple domains and appear in questions regardless of which domain they technically belong to. Mastering these cross-cutting topics gives you an outsized return on study time:

  • VPCs and networking (Domains 1, 2, 3): Every architecture sits in a VPC. Understanding VPC design, subnets, routing, and security is non-negotiable.
  • S3 (Domains 1, 3, 4): S3 appears in security (encryption, access policies), performance (transfer acceleration, storage classes), and cost (lifecycle policies, storage class selection).
  • IAM (all domains): Access control is relevant to every architectural decision.
  • CloudWatch (Domains 2, 3): Monitoring is essential for both resilience (alarms, health checks) and performance (metrics, dashboards).
  • Serverless architectures (Domains 2, 3, 4): Lambda, API Gateway, DynamoDB, and Step Functions appear in resilience, performance, and cost questions.

Putting It All Together

Your study plan should reflect the domain weights, your personal strengths and weaknesses, and the overlapping nature of the exam content. Here is the formula:

  1. Assess your current knowledge level per domain
  2. Allocate base study time proportional to domain weights (30/26/24/20)
  3. Add extra time to your weakest domains by reducing time on your strongest
  4. Use practice exams every one to two weeks to measure progress
  5. Adjust allocation based on practice exam domain scores
  6. Focus the final week on your two weakest domains and cross-domain concepts

For a complete week-by-week study plan built around these principles, see our AWS Solutions Architect study plan. For additional exam-day strategies, review our exam tips guide.

Frequently Asked Questions

What are the four domains of the AWS SAA-C03 exam?

The four domains are: Design Secure Architectures (30%), Design Resilient Architectures (26%), Design High-Performing Architectures (24%), and Design Cost-Optimized Architectures (20%).

Which domain has the highest weight on the AWS Solutions Architect exam?

Domain 1: Design Secure Architectures carries the highest weight at 30% of the total exam score. This makes security the most important single area to study.

How many questions are on the AWS SAA-C03 exam?

The exam contains 65 scored questions. You have 130 minutes to complete them. There may be additional unscored questions used by AWS for statistical purposes, but you will not know which questions are unscored.

What passing score do I need for the AWS Solutions Architect Associate exam?

The passing score is 720 out of 1000. This does not translate directly to a percentage of questions correct since AWS uses a scaled scoring method, but roughly corresponds to answering about 72% of questions correctly.

Should I study all four domains equally?

No. Allocate your study time proportionally to domain weights, then adjust based on your personal strengths and weaknesses. Spending equal time on Domain 4 (20%) and Domain 1 (30%) means you are under-investing in the area that contributes most to your score.

Which domain is the hardest on the SAA-C03?

Difficulty is subjective and depends on your background. Developers often find Domain 1 (Security) challenging due to limited exposure to IAM and compliance. Operations professionals may struggle with Domain 3 (Performance) if they lack experience with database optimization and caching. Assess your own weaknesses rather than relying on general difficulty ratings.

How do I know which domain I am weakest in?

Take a full-length practice exam that provides domain-level scoring. Compare your scores across domains to identify where you are losing the most points. The Mock Exam Bundle provides this domain-level breakdown.

Do exam questions always stay within one domain?

No. Many questions test concepts from multiple domains simultaneously. A question might ask you to design a solution that is secure (Domain 1), highly available (Domain 2), and cost-effective (Domain 4). This is why understanding cross-domain concepts is essential.

What order should I study the domains in?

Start with networking and IAM fundamentals, then study Domain 1 (Security) deeply since it is the highest-weighted domain and foundational to all others. Follow with core compute and storage services, then Domains 2 and 3, and finish with Domain 4 (Cost Optimization), which requires knowledge of all other domains to study effectively.

Limited Time Offer: Get 80% off all Mock Exam Bundles | Sale ends in 7 days. Start learning today.

Claim Now