AWS SAA-C03 Cheat Sheet 2026
Everything you need on one page before exam day: domain weights, core services by category, the decision tables examiners love, must-know numbers, and the traps that sink first-timers.
01 Domain weights
SAA-C03 has four domains. Security and resilience together are more than half the exam — if your time is short, that is where it should go.
02 Core services by category
The 30-ish services that show up again and again. Know what each one is for and where it stops.
Compute
EC2 · Lambda · ECS/EKS · Fargate · Auto Scaling
EC2 for full control, Lambda for event-driven & no servers, Fargate for containers without managing nodes.
Storage
S3 · EBS · EFS · FSx · Storage Gateway
S3 object, EBS block (one EC2/AZ), EFS shared NFS (multi-AZ), FSx for Windows/Lustre.
Database
RDS · Aurora · DynamoDB · ElastiCache · Redshift
Relational vs NoSQL vs cache vs warehouse. DynamoDB for serverless single-digit-ms scale.
Networking
VPC · Route 53 · CloudFront · ELB · Direct Connect
VPC isolation, Route 53 DNS/routing policies, CloudFront edge cache, Direct Connect private link.
Security & Identity
IAM · KMS · Cognito · WAF · Shield · Secrets Manager
IAM roles over keys, KMS for encryption, Cognito for app users, WAF/Shield at the edge.
Integration
SQS · SNS · EventBridge · Step Functions
SQS to decouple/queue, SNS fan-out pub/sub, EventBridge event bus, Step Functions for orchestration.
Observability
CloudWatch · CloudTrail · AWS Config
CloudWatch = metrics/logs/alarms, CloudTrail = API audit, Config = resource compliance.
Migration & Edge
DataSync · DMS · Snowball · Global Accelerator
DMS for database migration, Snowball for petabyte offline transfer, Global Accelerator for static anycast IPs.
03 Pick the right database
| If the scenario says… | Choose | Why |
|---|---|---|
| Relational, managed, minimal ops | RDS | Managed MySQL/PostgreSQL/SQL Server with Multi-AZ failover. |
| Relational + cloud-scale + high throughput | Aurora | 5× MySQL throughput, 6 copies across 3 AZs, fast failover. |
| Key-value/NoSQL, serverless, <10 ms at any scale | DynamoDB | Single-digit-ms, on-demand scaling, global tables for multi-region. |
| Reduce read load / sub-ms cache | ElastiCache | Redis or Memcached in front of a database. |
| Petabyte analytics / BI / OLAP | Redshift | Columnar data warehouse for complex aggregate queries. |
04 Pick the right storage & S3 class
| Need | Service | Key fact |
|---|---|---|
| Object storage, web-scale | S3 | 11 nines durability; not a filesystem. |
| Block volume for one EC2 | EBS | Single-AZ; attach to one instance (multi-attach io2 aside). |
| Shared filesystem, many EC2 | EFS | NFS, auto-scaling, multi-AZ, Linux. |
| Windows file share / SMB | FSx for Windows | Fully managed SMB, AD-integrated. |
S3 storage classes — cost vs access
| Class | Use when |
|---|---|
| S3 Standard | Frequent access, low latency. |
| S3 Intelligent-Tiering | Unknown/changing access patterns — auto-moves tiers. |
| Standard-IA / One Zone-IA | Infrequent access; One Zone = recreatable data, lower cost. |
| Glacier Instant / Flexible / Deep Archive | Archive; retrieval minutes→hours; Deep Archive = cheapest, 12 h. |
05 Load balancers & decoupling
ALB
Layer 7 (HTTP/HTTPS). Path/host routing, WebSockets, containers/microservices.
NLB
Layer 4 (TCP/UDP). Ultra-low latency, millions of requests, static IP.
GWLB
Deploy/scale 3rd-party virtual appliances (firewalls, IDS/IPS).
SQS vs SNS
SQS = pull, one consumer per message, decouple. SNS = push, fan-out to many subscribers.
06 Must-know numbers
- S3 durability: 99.999999999% (11 nines); object size up to 5 TB; multipart upload above 5 GB.
- SQS: message retention 4 days default (max 14); visibility timeout default 30 s; max message 256 KB.
- Lambda: max timeout 15 minutes; /tmp up to 10 GB; memory up to 10 GB.
- EBS: gp3 baseline 3,000 IOPS; io2 Block Express for highest IOPS/throughput.
- VPC: 5 VPCs per region (soft); 200 subnets per VPC; one IGW per VPC.
- Route 53 routing: simple, weighted, latency, failover, geolocation, geoproximity, multivalue.
07 Common traps
08 FAQ
Is a cheat sheet enough to pass SAA-C03?
No. A cheat sheet is a final-week consolidation tool, not a substitute for hands-on practice. Use it to lock in service boundaries, domain weights, and decision rules after you have built things in the console and worked through full-length practice exams.
What is the SAA-C03 passing score?
720 out of 1000. The exam is scaled, so you do not need 72% of questions correct — the score is normalised across question difficulty. Aim for a consistent 80%+ on full-length practice tests before booking.
Which domain is most important on SAA-C03?
Design Secure Architectures is the heaviest at 30%, followed by Design Resilient Architectures at 26%. Together security and resilience are more than half the exam, so prioritise IAM, encryption, multi-AZ, and decoupling patterns.
How many services do I need to know for SAA-C03?
Working knowledge of roughly 30-40 core services and the ability to choose between them. The exam rarely asks trivia; it asks which service fits a scenario, so focus on boundaries: S3 vs EFS vs EBS, RDS vs DynamoDB, SQS vs SNS vs EventBridge.
