AWS Certified Solutions Architect - Professional (SAP-C02)

What you will practice:

Architect enterprise governance using AWS Organizations, OUs, SCP intent, centralized services, identity strategy, and standardized baselines.

• (Heavy focus under Domain 1: Organizational Complexity.)
• AWS Organizations design
• Multi-account strategy: workloads separated by environment, BU, app, compliance boundary
• Organizational Units (OUs): policy inheritance models and blast-radius control
• Centralized services patterns: shared networking, shared security, shared logging
• Policy guardrails at scale
• SCP intent (what SCPs are good for vs what they are not)
• Permission boundary concepts for delegated teams
• Centralized identity strategy
• IAM Identity Center (SSO) for workforce access patterns
• Cross-account role assumption patterns (trust relationships, session controls)
• Enterprise governance requirements
• Standard tagging and resource ownership models
• Standard account baseline: audit readiness, logging, security defaults
• Handling quota/service limit governance across an organization

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Design networking at scale: VPC CIDR planning, subnet tiering, Transit Gateway segmentation, hybrid connectivity, DNS, and inspection/egress control.

• (Organizational complexity + new solutions overlap.)
• VPC architecture design
• CIDR planning across multiple VPCs and multiple accounts (future-proofing and overlap avoidance)
• Subnet strategy (public/private/isolated), routing separation by tier
• Centralized routing and segmentation
• Transit Gateway design: hub-and-spoke vs domain-segmented routing (prod vs non-prod, PCI vs non-PCI)
• Route propagation and control patterns (what to share, what to isolate)
• Hybrid connectivity
• Site-to-Site VPN vs Direct Connect decision drivers (availability, throughput, latency, compliance)
• Redundant connectivity designs (HA at the edge, multiple DX locations, backup VPN)
• Traffic inspection and egress control
• Central egress VPC patterns
• Inspection layers (firewall insertion concepts, routing to inspection)
• DNS architecture
• Private DNS strategy for multi-VPC and hybrid name resolution
• Split-horizon DNS and centralized resolver patterns (conceptual)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Design identity and access for complex environments with least-privilege, workload identities, federation, root protections, and resource vs identity policy reasoning.

• (Explicitly critical in Domain 1 and Domain 2 scenarios.)
• IAM design for enterprises
• Role-based access models for platform teams vs application teams
• Least privilege at scale: managed policies vs inline policies vs permission boundaries
• Workload identities: instance roles, task roles, IRSA for EKS (conceptual intent)
• Federation and access governance
• External IdP federation patterns and session management controls
• Break-glass access concepts and root account protection mindset
• Resource policy vs identity policy reasoning
• S3 bucket policies, KMS key policies, and cross-account access models
• Security posture services awareness (architect-level)
• Central detection and posture management concepts (logging, findings aggregation, audit trails)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Build data protection and compliance-by-design with KMS key strategy, rotation, separation of duties, residency, and centralized evidence logging.

• (Cross-cuts all domains, heavily tested in scenario questions.)
• Encryption design
• KMS key strategy: AWS-managed vs customer-managed keys (and when CMKs matter)
• Envelope encryption concept and service integrations (S3, EBS, RDS, etc.)
• Key rotation, separation of duties, and cross-account key usage patterns
• Data classification and access
• Tiered access models for sensitive vs non-sensitive datasets
• Data residency and auditability considerations
• Backup, retention, and immutability
• Backup architecture across accounts/regions
• Versioning/immutability design patterns (where relevant)
• Compliance-by-design
• Logging and evidence trails (what must be logged, where it must be centralized)
• Controls mapping mindset (how architects translate requirements into AWS controls)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Choose compute and hosting patterns: EC2, containers, serverless, scaling strategies, and load balancing aligned to requirements.

• (Strong in Domain 2: New Solutions.)
• Compute decision framework
• EC2 vs containers vs serverless based on scaling, ops model, latency, control needs
• Autoscaling design: horizontal scale, warm pools, scale triggers, instance refresh strategies
• Container architecture
• ECS vs EKS choice drivers (ops overhead vs ecosystem needs)
• Cluster isolation strategies: per environment, per tenant, per workload criticality
• Serverless architecture patterns
• Event-driven and API-driven serverless designs
• Concurrency and throttling considerations (design-time constraints)
• Load balancing and ingress
• ALB vs NLB vs Gateway patterns (match to protocol and performance needs)
• Multi-AZ front-end design patterns and health-check strategies

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Select storage and data services: object, block, file, database reasoning, replication, caching, and performance tradeoffs.

• (Domain 2 emphasis, also influences resilience/cost.)
• Storage selection
• Object vs block vs file: correct service choice by access pattern and performance
• S3 architecture: prefix distribution concepts, lifecycle, replication, versioning
• EBS performance patterns and snapshot strategy
• EFS performance/scaling considerations for shared file workloads
• Database selection (architect reasoning)
• Relational vs NoSQL choice based on consistency, scale, query needs
• RDS/Aurora design concepts: Multi-AZ, read scaling, failover behavior
• DynamoDB design concepts: partitioning mindset, access patterns, global tables (conceptual)
• Caching and acceleration
• When to cache (read-heavy, latency-sensitive)
• CDN placement concepts for static and dynamic acceleration

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Design integration and event-driven architectures with queues, pub/sub, streaming, orchestration, API strategy, and cross-service eventing.

• (Heavily tested because Pro exam scenarios emphasize distributed systems.)
• Decoupling patterns
• Queues vs pub/sub vs streaming: when each is appropriate
• Asynchronous processing for resilience and burst handling
• Workflow orchestration
• State machine orchestration patterns for complex flows (saga-like thinking)
• API strategy
• API gateway patterns (auth placement, throttling, multi-stage deployment concepts)
• Cross-service eventing
• Event routing patterns and how events trigger remediation or downstream processing

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Engineer resilience with Multi-AZ and multi-region DR strategies, replication choices, failover orchestration, and controlled failback planning.

• (Resilience is core and appears across multiple domains.)
• High availability (Multi-AZ)
• Multi-AZ design for compute + data layers
• Eliminating single points of failure (SPOFs) across tiers
• Disaster recovery strategies
• Backup/restore vs pilot light vs warm standby vs active/active
• Region failover criteria (business criticality, RTO/RPO targets)
• Data replication strategy
• Storage replication vs database replication vs app-level replication tradeoffs
• Failover orchestration
• DNS failover concepts, health checks, traffic shifting approaches
• Runbooks and controlled failback planning (Pro exam-style scenarios)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Plan migration and modernization: discovery, landing zones, 6Rs decision logic, phased cutovers, data migration, and managed-service adoption.

• (Aligned to Domain 4: Accelerate Workload Migration and Modernization.)
• Migration planning
• Discovery and dependency mapping mindset (apps, data, identity, networking)
• Landing zone readiness before moving workloads
• Migration approaches
• Rehost vs replatform vs refactor vs retire vs retain decision logic
• Phased migration strategies with minimized downtime
• Data migration patterns
• Online vs offline migration considerations (latency, change rate, cutover window)
• Validation and rollback planning (data integrity, consistency checks)
• Modernization themes
• Moving from monolith to services, containers, managed databases
• Reducing ops burden by adopting managed services where appropriate

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice:

Continuously improve operations using observability, runbooks, automated remediation, performance tuning, and cost optimization across accounts.

• (Aligned to Domain 3: Continuous Improvement for Existing Solutions.)
• Operational excellence
• Runbooks, incident response lifecycle, and post-incident improvements
• Automated remediation patterns (event → action)
• Observability architecture
• Metrics/logs/traces correlation mindset for distributed systems troubleshooting
• Centralized logging and cross-account visibility patterns
• Performance tuning
• Bottleneck identification across compute, storage, database, and network
• Right-sizing and scaling policy tuning
• Cost optimization
• Cost drivers by architecture choice (data transfer, NAT, storage tiers, always-on compute)
• Savings Plans/Reserved Instances vs On-Demand vs Spot decision reasoning
• Lifecycle policies and tiering for storage cost control
• Multi-account cost allocation strategy using tags and billing structures

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.