AWS Solutions Architect Associate – AWS CSA certification

Exam Blueprint

The table below lists the domains measured by this examination and the extent to which they are represented.

Domain % of Examination
1.0 Designing highly available, cost-efficient, fault-tolerant, scalable systems 60%
2.0 Implementation/Deployment 10%
3.0 Data Security 20%
4.0 Troubleshooting 10%
TOTAL 100%


1 Domain 1.0: Designing highly available, cost-efficient, fault-tolerant, scalable systems
1.1 Identify and recognize cloud architecture considerations, such as fundamental components and effective
Content may include the following:
• How to design cloud services
• Planning and design
• Monitoring and logging
• Familiarity with:
o Best practices for AWS architecture
o Developing to client specifications, including pricing/cost (e.g., on Demand vs. Reserved vs.
Spot; RTO and RPO DR Design)
o Architectural trade-off decisions (e.g., high availability vs. cost, Amazon Relational Database
Service (RDS) vs. installing your own database on Amazon Elastic Compute Cloud (EC2))
o Hybrid IT architectures (e.g., Direct Connect, Storage Gateway, VPC, Directory Services)
o Elasticity and scalability (e.g., Auto Scaling, SQS, ELB, CloudFront)


2 Domain 2.0: Implementation/Deployment
2.1 Identify the appropriate techniques and methods using Amazon EC2, Amazon S3, AWS Elastic
Beanstalk, AWS CloudFormation, AWS OpsWorks, Amazon Virtual Private Cloud (VPC), and AWS
Identity and Access Management (IAM) to code and implement a cloud solution.
Content may include the following:
• Configure an Amazon Machine Image (AMI)
• Operate and extend service management in a hybrid IT architecture
• Configure services to support compliance requirements in the cloud
• Launch instances across the AWS global infrastructure
• Configure IAM policies and best practices


3 Domain 3.0: Data Security
3.1 Recognize and implement secure practices for optimum cloud deployment and maintenance.
Content may include the following:
• AWS shared responsibility model
• AWS platform compliance
• AWS security attributes (customer workloads down to physical layer)
• AWS administration and security services
• AWS Identity and Access Management (IAM)
• Amazon Virtual Private Cloud (VPC)
• AWS CloudTrail
• Ingress vs. egress filtering, and which AWS services and features fit
• “Core” Amazon EC2 and S3 security feature sets
• Incorporating common conventional security products (Firewall, VPN)
• Design patterns
• DoS mitigation
• Encryption solutions (e.g., key services)
• Complex access controls (building sophisticated security groups, ACLs, etc.)
• Amazon CloudWatch for the security architect
• Trusted Advisor
• CloudWatch Logs


3.2 Recognize critical disaster recovery techniques and their implementation.
Content may include the following:
• Disaster recovery
o Recovery time objective
o Recovery point objective
o Amazon Elastic Block Store
• AWS Import/Export
• AWS Storage Gateway
• Amazon Route53
• Validation of data recovery method

4)  Domain 4.0: Troubleshooting
Content may include the following:
• General troubleshooting information and questions