AWS Certified Solutions Architect - Professional (SAP-C02) Domain 1

Design Solutions for Organizational Complexity

Official Exam Guide: Domain 1: Design Solutions for Organizational Complexity

Skill Builder: AWS Certified Solutions Architect - Professional Exam Prep

---

Domain Overview

Domain 1 (26% of exam) focuses on architecting complex network connectivity, prescribing security controls, designing reliable architectures, multi-account environments, and cost optimization strategies.

---

Task 1.1: Architect network connectivity strategies

Knowledge Areas:

• AWS Global Infrastructure
• AWS networking (VPC, Direct Connect, VPN, transitive routing, container networking)
• Hybrid DNS (Route 53 Resolver, on-premises DNS integration)
• Network segmentation (subnetting, IP addressing, VPC connectivity)
• Network traffic monitoring

Essential Documentation:

• Amazon VPC User Guide
• AWS Direct Connect User Guide
• AWS Site-to-Site VPN
• AWS Transit Gateway
• Amazon Route 53 Resolver
• VPC Peering

---

Task 1.2: Prescribe security controls

Knowledge Areas:

• IAM and IAM Identity Center
• Route tables, security groups, network ACLs
• Encryption keys and certificate management (KMS, ACM)
• AWS security tools (CloudTrail, IAM Access Analyzer, Security Hub, Inspector)

Essential Documentation:

• AWS IAM User Guide
• AWS IAM Identity Center
• AWS Key Management Service
• AWS Certificate Manager
• AWS CloudTrail
• AWS Security Hub

---

Task 1.3: Design reliable and resilient architectures

Knowledge Areas:

• Recovery time objectives (RTOs) and recovery point objectives (RPOs)
• Disaster recovery strategies (Elastic Disaster Recovery, pilot light, warm standby, multi-site)
• Data backup and restoration

Essential Documentation:

• AWS Elastic Disaster Recovery
• AWS Well-Architected Reliability Pillar
• AWS Backup

---

Task 1.4: Design a multi-account AWS environment

Knowledge Areas:

• AWS Organizations and AWS Control Tower
• Multi-account event notifications
• AWS resource sharing across environments

Essential Documentation:

• AWS Organizations User Guide
• AWS Control Tower User Guide
• AWS Resource Access Manager

---

Task 1.5: Determine cost optimization and visibility strategies

Knowledge Areas:

• AWS cost monitoring tools (Trusted Advisor, Pricing Calculator, Cost Explorer, Budgets)
• AWS purchasing options (Reserved Instances, Savings Plans, Spot Instances)
• AWS rightsizing tools (Compute Optimizer, S3 Storage Lens)

Essential Documentation:

• AWS Cost Explorer
• AWS Budgets
• AWS Trusted Advisor
• AWS Compute Optimizer

---

AWS Service FAQs

• Amazon VPC FAQs
• AWS Direct Connect FAQs
• AWS Organizations FAQs
• AWS IAM FAQs

---

Study Tips

1. Master hybrid connectivity - Understand Transit Gateway for hub-and-spoke architectures, Direct Connect with VPN backup, and Route 53 Resolver for hybrid DNS.

2. Learn multi-account strategies - AWS Organizations with SCPs, Control Tower landing zones, and Resource Access Manager for cross-account sharing.

3. Understand disaster recovery - Know RTO/RPO requirements for each DR strategy (backup/restore, pilot light, warm standby, multi-site).

4. Practice security designs - IAM policies with least privilege, encryption at rest/in transit, security layers (security groups, NACLs, WAF).

5. Study cost optimization - Reserved Instances vs Savings Plans, Spot Instances, rightsizing with Compute Optimizer, cost allocation tags.

---

Note: This is Domain 1 of 4, representing 26% of exam content.