dc dotCreds
Reference guide

AWS Solutions Architect Professional Course Notes

Study AWS Solutions Architect Professional section notes, then jump straight into the guided course or related practice questions without losing your place.

Continue Course Start Practice
Checking access

Checking Pro access...

Looking for your active Pro access before showing Course Notes. This usually takes just a moment.

Course Notes preview

Unlock Pro for the full per-exam reference guide.

Preview one piece from each section. Pro includes every Course Notes section, summary, key point, common mistake, exam tip, related-question review, and PDF export.

Includes full Course Mode and Course Notes.

Section 1 Foundations: Complexity Preview
More in this section
  • Full summary in Pro version
  • 11 more key points in Pro version
  • 3 more common mistakes in Pro version
  • 3 more exam tips in Pro version
  • 34 more related questions in Pro version

Summary

SAP-C02 multi-account design starts by deciding where governance boundaries belong. AWS Organizations gives the account hierarchy, AWS Control Tower creates a governed landing zone, and SCPs set maximum permissions for accounts or OUs. Use separate accounts to reduce blast radius for production, security tooling, shared services, logging, and regulated workloads instead of trying to separate everything with IAM policies inside one account.

Key Points

  • AWS Organizations: Choose this when multiple AWS accounts need hierarchy, policy boundaries, consolidated billing, and organizational management.

Common Mistakes

  • Using SCPs as if they grant permissions when they only set maximum permissions for accounts and OUs.

Exam Tips

  • Use separate accounts and OUs to reduce blast radius and apply governance boundaries.
Section 2 Resilience & DR Preview
More in this section
  • Full summary in Pro version
  • 11 more key points in Pro version
  • 3 more common mistakes in Pro version
  • 3 more exam tips in Pro version
  • 33 more related questions in Pro version

Summary

Resilience design starts with failure domains and recovery targets. Multi-AZ patterns reduce local infrastructure failure inside a Region, while multi-Region patterns address regional isolation, customer proximity, and stricter recovery objectives. A workload with minutes of RTO and low RPO usually needs warm or active recovery architecture rather than backup-only recovery.

Key Points

  • RTO: Choose recovery designs based on RTO when the business specifies how quickly service must return after failure.

Common Mistakes

  • Choosing backup-only recovery for workloads with low RTO or low RPO requirements.

Exam Tips

  • Map every DR answer to RTO, RPO, failure domain, and consistency needs.
Section 3 Security Principles Preview
More in this section
  • Full summary in Pro version
  • 11 more key points in Pro version
  • 3 more common mistakes in Pro version
  • 3 more exam tips in Pro version
  • 20 more related questions in Pro version

Summary

Security design for SAP-C02 is about choosing the control at the right layer. The Well-Architected Security Pillar frames identity, detection, infrastructure protection, data protection, and incident response as separate design concerns. A mature design does not rely on one perimeter; it limits identity scope, protects network paths, encrypts data, rotates secrets, and leaves usable evidence when something fails.

Key Points

  • Defense in Depth: Choose layered controls when one failure should not expose identity, network, data, and application layers at once.

Common Mistakes

  • Using Direct Connect alone when the requirement specifically needs encrypted tunnels over the dedicated connection.

Exam Tips

  • Use VPN over Direct Connect when encryption is required over dedicated connectivity.
Section 4 Network Integration Preview
More in this section
  • Full summary in Pro version
  • 11 more key points in Pro version
  • 3 more common mistakes in Pro version
  • 3 more exam tips in Pro version
  • 19 more related questions in Pro version

Summary

Enterprise network design starts by choosing where routing decisions are centralized. Transit Gateway is the hub for many VPCs, VPNs, and Direct Connect attachments when point-to-point peering becomes unmanageable. A shared services VPC can host inspection, directory, DNS, and tooling services, but the design must control which spokes can reach it and which east-west paths are allowed.

Key Points

  • Transit Gateway: Choose Transit Gateway when many VPCs, VPNs, and Direct Connect paths need hub-and-spoke routing instead of mesh peering.

Common Mistakes

  • Building full-mesh VPC peering when Transit Gateway is the scalable hub for many VPCs and hybrid attachments.

Exam Tips

  • Transit Gateway is the scalable private routing hub; Global Accelerator improves public application entry.
Section 5 Modernization Strategies Preview
More in this section
  • Full summary in Pro version
  • 13 more key points in Pro version
  • 3 more common mistakes in Pro version
  • 3 more exam tips in Pro version
  • 19 more related questions in Pro version

Summary

Modernization strategy starts with a migration portfolio, not with a tool. Migration wave planning groups applications by dependency, business risk, data gravity, identity coupling, and rollback tolerance. Application Discovery Service helps collect server and dependency data, while Migration Hub gives progress visibility across migration work, but neither service decides whether a workload should be rehosted, replatformed, or refactored.

Key Points

  • Migration Wave Planning: Choose wave planning when many applications must move in dependency-aware groups with defined cutover and rollback windows.

Common Mistakes

  • Starting with AWS DMS or Migration Hub before dependency mapping and migration wave planning are clear.

Exam Tips

  • Discovery and dependency mapping come before migration wave sequencing.
Section 6 Cost Management Preview
More in this section
  • Full summary in Pro version
  • 11 more key points in Pro version
  • 3 more common mistakes in Pro version
  • 3 more exam tips in Pro version
  • 19 more related questions in Pro version

Summary

SAP-C02 cost design starts with workload behavior. Savings Plans fit steady compute commitment across supported services, while Spot Instances fit interruption-tolerant compute and Instance Scheduler fits predictable nonproduction shutdown windows. These choices reduce different kinds of waste, so the answer should follow whether usage is steady, flexible, or time-bound.

Key Points

  • Cost Optimization Pillar: Use this Well-Architected lens when cost choices need to be evaluated against business value, usage patterns, and operational tradeoffs.

Common Mistakes

  • Buying Savings Plans before proving steady eligible usage with cost and utilization evidence.

Exam Tips

  • Savings Plans fit steady eligible compute usage; Spot fits interruption-tolerant workloads.