Certification prep
AWS Solutions Architect – Associate (SAA-C03)
Started: June 2026 · Pace: 2 hours every night · Duration: 5 weeks (35 nights, ~70 hours)
I earned AWS Cloud Practitioner in 2021 and have since built production AWS for Global Ski Atlas (frontend + backend) and witcoskitech.com. This page is my public study log: what I already know from those systems, what I don't, and exactly what I'm doing each night to close the gap.
30%
Domain 1 — Secure Architectures
26%
Domain 2 — Resilient Architectures
24% + 20%
High-Performing + Cost-Optimized
What I already know
Scanned across Global Ski Atlas frontend (static site, wiki API, Cognito, Bedrock) and Global Ski Atlas backend (ECS Fargate pipeline, GeoParquet/Iceberg data lake). Strength: modern serverless + containers + NoSQL. Weakness: classic three-tier VPC, relational databases, and messaging patterns — exactly where SAA focuses.
Repo mapping: frontend → GlobalSkiAtlas_2 · backend → globalskiatlas_data. Additional labs use Cloud Resume Challenge where an isolated stack is safer than touching production atlas code.
| Service | Level |
|---|---|
| Amazon S3 | Production |
| Amazon CloudFront | Production |
| AWS Lambda | Production |
| Amazon API Gateway | Production |
| Amazon DynamoDB | Production |
| AWS IAM | Production |
| AWS CloudFormation / SAM | Production |
| Amazon ECS + Fargate | Production |
| Amazon ECR | Production |
| Amazon Cognito | Production |
| Amazon Bedrock | Production |
| AWS Glue Data Catalog | Hands-on |
| Apache Iceberg on S3 | Hands-on |
| Amazon Route 53 | Hands-on |
| AWS Certificate Manager | Hands-on |
| Amazon CloudWatch Logs | Hands-on |
| GitHub Actions → AWS | Production |
| Amazon VPC (partial) | Documented |
| Amazon EventBridge | Documented |
| Amazon Athena | Documented |
Architecture patterns I can explain from experience
- Frontend — static site: GitHub Actions → S3 → CloudFront → Route 53 (globalskiatlas.com)
- Frontend — serverless API: API Gateway → Lambda → DynamoDB (wiki CRUD, Iceberg stats, Bedrock chat)
- Backend — container batch: GitHub Actions → ECR → ECS Fargate → S3 GeoParquet (continent pipeline)
- Backend — data lake: S3 Parquet → Glue catalog → Iceberg snapshots → stats API
- Frontend — auth + AI: Cognito JWT validation; Bedrock Nova for chat and resort copy
- Both — IaC + CI/CD: SAM templates,
sam deploy, GitHub Actions with AWS credentials
Priority gaps (46 services marked Study)
- Amazon RDS / Aurora / Aurora Serverless
- Elastic Load Balancing (ALB, NLB, GWLB)
- NAT Gateway + multi-tier VPC design
- Amazon SQS, SNS, Step Functions
- Amazon ElastiCache
- AWS KMS (customer-managed keys)
- AWS Secrets Manager vs SSM Parameter Store
- AWS WAF + Shield
- AWS CloudTrail, Config, GuardDuty
- Amazon EC2 + Auto Scaling + EBS volume types
- S3 Glacier / lifecycle / Intelligent-Tiering
- Route 53 routing policies (weighted, failover, latency)
- AWS DMS, DataSync, Snow Family
- Cost Explorer, Savings Plans, Compute Optimizer
Full in-scope list: 119 services (12 know · 8 partial · 46 study · 53 awareness) — use the interactive checklist below to track every one.
Loading checklist…
Nightly structure (every 2-hour block)
Same rhythm every night so it becomes habit. Adjust minutes if a lab runs long — never skip the review block.
- Learn (20–40 min) — Read official exam guide task statements, AWS docs, or Skill Builder for that night's topic.
- Build (60–80 min) — Hands-on lab on my repos or account-level security setup. Ship something, don't just watch videos.
- Retain (20–30 min) — Check off services from this week's exam categories; practice questions; flashcards. Format: Scenario → best service → why not the others.
5-week nightly calendar
Week 1 Security · Week 2 VPC + messaging · Week 3 RDS + resilience · Week 4 Performance · Week 5 Cost + mocks
Week 1
Night 1: Baseline + Domain 1 intro
30m learn · 60m build · 30m retain
- Read SAA-C03 exam guide domains
- Review Security + Management services (Week 1 categories)
- 10 practice questions (security)
Lab repo: Audit IAM policies on deploy user and ECS roles
Night 2: Lab 1A — KMS + S3 encryption
20m learn · 70m build · 30m retain
- KMS key policies vs IAM policies
- Enable SSE-KMS on a test prefix in witcoskitech bucket
- Verify deploy still works
Lab repo: Cloud Resume Challenge — SSE-KMS
Night 3: Lab 1B — Secrets Manager
20m learn · 70m build · 30m retain
- Secrets Manager vs Parameter Store
- Move Cognito config to Secrets Manager
- Tighten Lambda GetSecretValue scope
Lab repo: Global Ski Atlas frontend — wiki auth secrets
Night 4: Lab 1C — WAF on CloudFront
20m learn · 70m build · 30m retain
- Managed rule groups overview
- Attach WAF Web ACL to distribution
- Test wiki POST still works
Lab repo: witcoskitech.com or globalskiatlas.com
Night 5: CloudTrail + Config + Access Analyzer
30m learn · 60m build · 30m retain
- CloudTrail vs Config vs GuardDuty
- Enable trail + two Config rules
- Fix one over-broad IAM finding
Lab repo: Account-level security
Night 6: Week 1 review
20m learn · 40m build · 60m retain
- Check off remaining Week 1 category services
- 25 timed practice questions
- Domain 1 task checkpoints
Night 7: Week 1 consolidation
30m learn · 30m build · 60m retain
- Draw security architecture for both sites
- 15 practice questions (missed topics)
- Plan Week 2 VPC diagram on paper
Week 2
Night 8: VPC fundamentals
40m learn · 50m build · 30m retain
- Public/private subnets, IGW, NAT, SG vs NACL
- Draw 2-AZ VPC for Fargate pipeline
- 5 flashcards: NAT vs IGW
Lab repo: Paper design before build
Night 9: Lab 2A — VPC build (part 1)
20m learn · 80m build · 20m retain
- Create VPC + subnets + route tables
- NAT Gateway in public subnet
- Document IDs in AWS_ECS_DEPLOYMENT.md
Lab repo: Global Ski Atlas backend — aws/
Night 10: Lab 2A — private Fargate (part 2)
20m learn · 80m build · 20m retain
- Run Iceland ECS task in private subnet
- Confirm S3 output lands
- Troubleshoot SG if task fails
Lab repo: ECS run-task private subnets
Night 11: ELB + ALB theory
50m learn · 40m build · 30m retain
- ALB vs NLB vs GWLB use cases
- Target groups + health checks
- 20 practice questions (resilience)
Night 12: Lab 2B — EventBridge schedule
20m learn · 70m build · 30m retain
- EventBridge cron for monthly pipeline
- IAM role for ECS target
- CloudWatch alarm on task failure
Lab repo: Implement doc in AWS_ECS_DEPLOYMENT.md §242
Night 13: Lab 2C — SQS decoupling (part 1)
30m learn · 60m build · 30m retain
- SQS standard vs FIFO, DLQ
- Create queue + DLQ via SAM
- Pipeline sends message on success
Lab repo: New sam-pipeline-notify stack
Night 14: Lab 2C — SQS (part 2) + SNS
20m learn · 70m build · 30m retain
- Lambda consumer triggers iceberg stats upload
- SNS email on success/failure
- Compare SNS fan-out vs SQS
Lab repo: sam-pipeline-notify
Week 3
Night 15: RDS + Aurora deep dive
60m learn · 30m build · 30m retain
- RDS Multi-AZ vs read replicas vs Aurora
- Aurora Serverless v2 + RDS Proxy
- 20 practice questions (databases)
Night 16: Lab 2D — Aurora study stack (part 1)
20m learn · 80m build · 20m retain
- SAM/CFN: VPC + Aurora Serverless v2 private
- Security group: Lambda → Aurora only
- Create sample relational table
Lab repo: Cloud Resume Challenge rds-study/
Night 17: Lab 2D — Aurora (part 2)
20m learn · 80m build · 20m retain
- Lambda reads/writes Postgres row
- Compare to DynamoDB visitor counter
- Document when to pick each
Lab repo: rds-study/
Night 18: DynamoDB resilience
30m learn · 60m build · 30m retain
- PITR + Streams on wiki tables
- Stub stream Lambda
- Global tables awareness read
Lab repo: Global Ski Atlas frontend — wiki tables
Night 19: DR + backup patterns
50m learn · 40m build · 30m retain
- RTO/RPO scenarios
- AWS Backup vs snapshots vs cross-region
- 25 practice questions (resilience)
Night 20: VPN + Direct Connect + TGW
60m learn · 30m build · 30m retain
- Site-to-Site VPN vs DX vs TGW
- PrivateLink vs VPC peering
- Diagram 3 exam scenarios
Lab repo: Theory night — no deploy
Night 21: Week 3 review
20m learn · 40m build · 60m retain
- Draw 3-tier VPC + ALB + Aurora
- 30 timed practice questions
- Tear-down checklist for Aurora if done
Week 4
Night 22: Lab 3A — ElastiCache
30m learn · 60m build · 30m retain
- Redis use cases + Lambda-in-VPC tradeoff
- Cache GET wiki pages (or CloudFront TTL)
- CloudWatch latency comparison
Lab repo: Global Ski Atlas frontend — lambda/wiki-api
Night 23: Lab 3B — Athena on Iceberg
20m learn · 70m build · 30m retain
- Athena workgroup + Glue catalog
- SQL: resort counts by country
- Athena vs Redshift decision table
Lab repo: Global Ski Atlas backend — register_iceberg.py
Night 24: Lab 3C — Route 53 advanced
30m learn · 60m build · 30m retain
- Weighted / failover / latency routing
- Health check on witcoskitech.com
- Test subdomain routing lab
Lab repo: Cloud Resume Challenge DNS
Night 25: CloudFront + API performance
30m learn · 60m build · 30m retain
- Cache behaviors for /api/* paths
- API Gateway throttling
- Build CloudWatch dashboard
Lab repo: Global Ski Atlas frontend — wiki-api-production.md
Night 26: EC2 + EBS + Spot
40m learn · 50m build · 30m retain
- EBS gp3/io2/st1/sc1 matrix
- Optional: Spot EC2 PMTiles job vs Fargate
- Cost table from AWS_ECS_DEPLOYMENT.md
Lab repo: Global Ski Atlas backend — WORLD_SCALE.md
Night 27: Integration services
50m learn · 40m build · 30m retain
- EventBridge vs SQS vs Kinesis vs Step Functions
- AppSync awareness
- 25 practice questions (performance)
Night 28: Week 4 review
20m learn · 40m build · 60m retain
- Storage class decision tree (S3/EBS/EFS)
- 30 practice questions
- Update architecture notes
Week 5
Night 29: Lab 4A — S3 lifecycle + cost
30m learn · 60m build · 30m retain
- Lifecycle rules on old pipeline prefixes
- Cost Explorer top services
- AWS Budget alert
Lab repo: globalskiatlas-backend-k8s-output
Night 30: Lab 4B — Fargate right-sizing
40m learn · 50m build · 30m retain
- Compare ecs-task-pipeline-*.json sizes
- Savings Plans vs Spot vs On-Demand
- Compute Optimizer read
Lab repo: Global Ski Atlas backend — aws/
Night 31: Lab 4C — Step Functions capstone
20m learn · 80m build · 20m retain
- State machine: ECS → SQS → Lambda → SNS
- Error handling + Catch states
- Deploy sam-pipeline-orchestrator
Lab repo: Global Ski Atlas backend — new SAM stack
Night 32: Architecture write-up
30m learn · 60m build · 30m retain
- Document GSA frontend + backend stacks
- One security/resilience/cost win per tier
- Link labs to Well-Architected pillars
Lab repo: Portfolio artifact
Night 33: Practice exam 1
10m learn · 130m build · 20m retain
- Timed full mock (130 min)
- Review every wrong answer
- List weak services
Night 34: Weak-area drill
20m learn · 60m build · 40m retain
- Re-study top 3 missed domains
- 40 targeted questions
- Redo 5 missed scenarios aloud
Night 35: Practice exam 2 + schedule
10m learn · 130m build · 20m retain
- Second timed mock — target ≥75%
- Schedule real exam if ready
- Tear down NAT/Aurora/ElastiCache labs
Labs and code map
| Lab | System |
|---|---|
| WAF, Cognito, wiki cache, CloudFront tuning | Global Ski Atlas frontend |
| VPC, ECS, SQS, Athena, lifecycle, Step Functions | Global Ski Atlas backend |
| KMS, Aurora study stack, Route 53 labs | Cloud Resume Challenge (witcoskitech.com) |
Resources
- Official SAA-C03 exam guide
- AWS Skill Builder — Exam Prep: Solutions Architect Associate
- Practice exams (Week 5, Nights 33 & 35) — Tutorials Dojo or Stephane Maarek on Udemy
Tear-down reminder
After labs, delete NAT Gateways, Aurora clusters, ElastiCache nodes, and idle EC2 to avoid ongoing charges. Keep Budget alerts, lifecycle rules, and WAF — those save money or harden prod.
Last updated June 2026. I'll revise this page as I complete each week.