AWS SAA-C03 · Design High-Performing Architectures

Domain 3: Design High-Performing Architectures

The second-largest SAA-C03 domain at 24% of the exam. Covers storage selection, compute optimization, managed databases, content delivery, and data ingestion pipelines.

Domain 3 · 24% of Exam · 5 Task Statements

SAA-C03 Domain Breakdown

Domain	Topic	Weight
1	Design Secure Architectures	30%
2	Design Resilient Architectures	26%
3	Design High-Performing Architectures (This Page)	24%
4	Design Cost-Optimized Architectures	20%

Task Statements

Task	Description	Key Services
3.1	High-performing and/or scalable storage solutions	S3, EBS, EFS, FSx, Storage Gateway
3.2	High-performing and elastic compute solutions	EC2, Batch, EMR, placement groups
3.3	High-performing database solutions	Aurora, RDS, DynamoDB, DAX, ElastiCache, Redshift
3.4	High-performing and/or scalable network architectures	CloudFront, Global Accelerator, Direct Connect, ELB
3.5	High-performing data ingestion and transformation	Kinesis, Glue, Athena, Lake Formation, DataSync

What You'll Master

Storage (Task 3.1)

S3 storage classes and lifecycle policies
S3 Transfer Acceleration
EBS types: gp3, io2, st1, sc1
EFS performance and throughput modes
FSx variants: Lustre, Windows, ONTAP
AWS Storage Gateway

Compute (Task 3.2)

EC2 instance families (M, C, R, I, P)
Placement groups (Cluster/Spread/Partition)
Enhanced networking and ENA
Spot, On-Demand, Reserved purchasing
AWS Batch for HPC workloads
Amazon EMR (Hadoop/Spark)

Databases (Task 3.3)

Aurora (Global DB, Serverless v2)
RDS Multi-AZ vs Read Replicas
DynamoDB: GSI, LSI, Streams, TTL
DAX microsecond caching
ElastiCache Redis vs Memcached
Amazon Redshift for analytics

Networking & Data (Tasks 3.4–3.5)

CloudFront origins and behaviors
Global Accelerator vs CloudFront
Direct Connect vs VPN
Kinesis Streams vs Firehose
AWS Glue ETL and Data Catalog
Athena, Lake Formation, DataSync

Exam Tips: Domain 3 is 24% of the exam. Focus on: (1) Storage class selection — know WHEN each class is appropriate. (2) Database selection — Aurora vs DynamoDB vs RDS vs Redshift use cases. (3) CloudFront vs Global Accelerator distinction — this is a classic distractor pair.

Key Services at a Glance

Amazon S3 Amazon EBS Amazon EFS Amazon FSx AWS Storage Gateway Amazon EC2 AWS Batch Amazon EMR Amazon Aurora Amazon RDS Amazon DynamoDB Amazon DAX Amazon ElastiCache Amazon Redshift Amazon CloudFront AWS Global Accelerator Amazon Kinesis AWS Glue Amazon Athena AWS Lake Formation Amazon QuickSight AWS DataSync

Core Concepts

Eight deep-dive concept areas covering every major service family tested in Domain 3.

1. S3 Storage Classes & Performance

Storage Class	Use Case	Retrieval	Min Duration	AZs
S3 Standard	Frequent access; default	Immediate	None	3+
S3 Standard-IA	Backups accessed <once/month	Immediate; retrieval fee	30 days	3+
S3 One Zone-IA	Reproducible data (thumbnails)	Immediate; retrieval fee	30 days	1
Glacier Instant	Archive; quarterly access	Milliseconds	90 days	3+
Glacier Flexible	Archival; 1–12 hr OK	1–12 hours; bulk free	90 days	3+
Glacier Deep Archive	Regulatory long-term	12–48 hours	180 days	3+
Intelligent-Tiering	Unpredictable access patterns	Immediate; no retrieval fee	None	3+

S3 Transfer Acceleration: uses CloudFront edge network for faster uploads from geographically distant clients; enabled per bucket; ideal for international uploads
S3 Intelligent-Tiering: small monthly monitoring fee per object; automatically moves between Frequent and Infrequent tiers based on access patterns; no retrieval fees
One Zone-IA risk: data is lost if the single AZ fails — only use for reproducible or derived data

2. EBS Volume Types & File Systems

Type	Class	Max IOPS	Max Throughput	Use Case
gp3	SSD	16,000	1,000 MB/s	Boot volumes; default; IOPS independent of size
gp2	SSD	16,000	250 MB/s	Legacy; IOPS tied to size (3/GB)
io2 Block Express	SSD	256,000	4,000 MB/s	Critical DBs (SAP HANA, Oracle); 99.999% durable
io1	SSD	64,000	1,000 MB/s	I/O-intensive databases; older generation
st1	HDD	500 IOPS	500 MB/s	Big data, data warehouses, log processing
sc1	HDD	250 IOPS	250 MB/s	Lowest cost; infrequent large data; no boot

Key gp3 advantage: IOPS and throughput provisioned independently from capacity — gp2 tied IOPS to disk size (3 IOPS/GB); st1 and sc1 cannot be used as boot volumes
EFS: shared NFS file system; concurrent access from thousands of EC2s; auto-scales; multi-AZ; performance modes: General Purpose (default) vs Max I/O; throughput modes: Elastic (auto), Provisioned, Bursting
FSx for Lustre: HPC, ML, genomics — hundreds of GB/s, millions of IOPS, native S3 integration
FSx for Windows File Server: SMB protocol; Active Directory integration; for Windows-based workloads

3. EC2 Instance Families & Placement Groups

Family	Prefixes	Optimized For	Use Cases
General Purpose	M, T	Balanced compute/memory/network	Web servers, dev environments, small DBs
Compute Optimized	C	High CPU performance	Batch processing, HPC, ML inference, gaming
Memory Optimized	R, X	Large memory-to-compute ratio	In-memory databases, SAP HANA, real-time analytics
Storage Optimized	I, D	High sequential I/O, NVMe	NoSQL databases, data warehousing, distributed file systems
Accelerated Computing	P, G, Inf	GPU/ML/graphics acceleration	Deep learning training, graphics rendering, video encoding

Placement Group	Strategy	Benefit	Limit
Cluster	Same rack, same AZ	10 Gbps+ network; lowest latency	Single AZ; rack failure = all fail
Spread	Different hardware per instance	Reduces correlated failures	Max 7 instances per AZ
Partition	Groups on separate racks	Failure isolation per partition	For Hadoop, Kafka, Cassandra

T-series (burstable): accumulate CPU credits; T3 unlimited mode avoids credit exhaustion (charges may apply); ideal for dev/test with variable load
Enhanced Networking (ENA): SR-IOV for high PPS, lower latency; up to 100 Gbps; available on most current-gen instances; no extra cost
AWS Batch: fully managed batch compute on EC2/Fargate; job queues and compute environments; ideal for genomics, financial modeling, image processing
Amazon EMR: managed Hadoop/Spark; use Spot for task nodes (up to 90% savings); EMRFS uses S3 as persistent storage

4. Databases: Aurora & RDS

Amazon Aurora: AWS-proprietary MySQL/PostgreSQL-compatible; 5x faster than MySQL, 3x than PostgreSQL; 6 copies of data across 3 AZs (storage-level replication); up to 15 read replicas with auto-failover
Aurora Serverless v2: auto-scales in fine-grained ACU increments; ideal for intermittent/unpredictable workloads; pay per ACU-second; supports read and write scaling
Aurora Global Database: one primary + up to 5 secondary regions; replication lag <1 second; promote secondary in <1 minute for DR; ideal for global reads
RDS Multi-AZ: synchronous standby replica; automatic failover 60–120s; standby NOT readable — HA only, not for read scale
RDS Read Replicas: asynchronous replication; up to 15 replicas; same or cross-region; must be manually promoted for failover; use for READ scaling and cross-region DR
RDS Proxy: connection pooler; reduces Lambda-to-RDS connection overhead; faster failover; enforces IAM authentication; solves "too many connections" errors from Lambda at scale

Aurora vs RDS decision: Choose Aurora when you need MySQL/PostgreSQL compatibility with higher performance, more replicas, or cross-region active-active. Choose RDS when you need specific engine versions, Oracle, or SQL Server.

5. DynamoDB & DAX

DynamoDB: serverless NoSQL key-value and document; single-digit millisecond at any scale; primary key = partition key (+ optional sort key); automatically partitioned across nodes
Provisioned mode: set RCU/WCU; auto-scaling available; cheaper for predictable load; read = 4KB per RCU; write = 1KB per WCU
On-Demand mode: pay per request; instant scale; no capacity planning; ideal for spiky or unknown workloads
GSI (Global Secondary Index): different partition and sort key than base table; has own RCU/WCU; can be added any time; enables flexible queries on non-key attributes
LSI (Local Secondary Index): same partition key, different sort key; must be created at table creation; shares capacity with base table; up to 5 per table
DynamoDB Streams: captures INSERT/MODIFY/REMOVE events; 24-hour retention; triggers Lambda for event-driven processing; use for replication, aggregation, notifications
DAX (DynamoDB Accelerator): in-memory cache; microsecond latency; write-through; no app code changes (drop-in DAX client); ideal for read-heavy or hot-key workloads
DynamoDB TTL: automatically deletes expired items; no RCU/WCU consumed for deletion; use for sessions, temporary data, event logs

6. ElastiCache: Redis vs Memcached

Feature	Redis	Memcached
Data structures	Rich: sorted sets, lists, hashes, bitmaps, geospatial	Simple strings only
Persistence	Yes (RDB snapshots, AOF)	No
Multi-AZ / Replication	Yes; automatic failover	No replication
Pub/Sub	Yes	No
Multi-threaded	No (single-threaded core)	Yes
Use cases	Leaderboards, sessions, real-time analytics, pub/sub	Simple object caching, horizontal scale

Exam rule: persistence, replication, complex data structures, pub/sub, Multi-AZ → Redis. Simple fast caching, multi-threaded → Memcached
Cache-aside (lazy loading): app checks cache → miss → query DB → write to cache → serve. Most common pattern
Write-through: write to cache AND DB simultaneously; cache always current; higher write latency; no stale reads
Session caching: store user sessions in Redis/Memcached; stateless app servers scale freely; sessions survive instance termination

7. CloudFront vs Global Accelerator & Networking

Feature	CloudFront	Global Accelerator
Protocol	HTTP/HTTPS only	TCP, UDP (any)
Caching	Yes — 450+ edge locations	No caching
IP addresses	Dynamic (DNS-based)	Static Anycast IPs (2)
Network path	Internet + AWS edge	AWS global backbone only
Layer	Layer 7	Layer 3/4
Use cases	CDN, static/dynamic content, Lambda@Edge	Gaming, IoT, VoIP, non-HTTP, static IP needs

CloudFront behaviors: path patterns map to different origins (e.g., /images/* → S3, /api/* → ALB); cache policies control headers/query strings/cookies; Lambda@Edge modifies requests/responses at edge
Direct Connect: dedicated private connection from on-prem to AWS; 1 or 10 Gbps; consistent latency; not encrypted by default — add VPN over DX for encryption; weeks to provision
VPN vs Direct Connect: VPN = encrypted, over internet, quick setup, variable latency; Direct Connect = unencrypted (unless + VPN), dedicated, consistent latency, compliant for regulated workloads

8. Data Ingestion & Analytics

Service	Type	Key Capability	Destination / Use
Kinesis Data Streams	Real-time streaming	Ordered; multi-consumer; replay; 24h–365 days retention	Lambda, KDA, custom EC2
Kinesis Data Firehose	Managed delivery	Batch & deliver; Lambda transforms; ≥60s buffer	S3, Redshift, OpenSearch, Splunk
AWS Glue	Serverless ETL	Data Catalog; crawlers; Spark/Python jobs; job bookmarks	Athena, EMR, Redshift
Amazon Athena	Serverless query	SQL on S3 (Presto); pay per TB scanned	Glue Data Catalog integration
AWS Lake Formation	Data lake governance	Column/row-level security; centralized access controls	Glue, Athena, Redshift Spectrum
AWS DataSync	Online transfer	On-prem/other cloud to AWS storage; up to 10 Gbps	NFS, SMB → S3, EFS, FSx

Kinesis vs SQS: Kinesis = ordered streaming, multiple consumers, replay, real-time analytics; SQS = message queue, one consumer per message, no replay after deletion, decoupling
Athena cost optimization: partition data by date/region; use columnar formats (Parquet, ORC) to reduce TB scanned
Glue job bookmarks: track previously processed data for incremental ETL — avoids reprocessing on re-run
Amazon Redshift: columnar data warehouse; Redshift Spectrum queries S3 directly; use for OLAP analytics at petabyte scale

Memory Hooks

Six targeted mnemonics to lock in the trickiest Domain 3 distinctions for exam day.

💾

EBS Quick Reference

Boot=gp3 · DB=io2 · Big Sequential=st1 · Cheap Archive=sc1

gp3 is the new default — it decouples IOPS from disk size (gp2 did not). io2 Block Express for sub-ms critical DB. st1 for large throughput workloads. sc1 for the lowest cost cold storage. Neither st1 nor sc1 can be used as boot volumes.

🗂️

DynamoDB Indexes

GSI = Global (any key, anytime). LSI = Local (same partition, at creation).

GSI = Global — any partition key, any sort key, own RCU/WCU, add at any time. LSI = Local — must share the same partition key, defined only at table creation. Need flexible querying on new attributes? Always add a GSI.

⚡

Redis vs Memcached

Redis = Rich. Memcached = Minimalist.

Redis = Rich features: persistence, replication, pub/sub, sorted sets, Multi-AZ failover. Memcached = Minimalist: pure cache, multi-threaded, no persistence. Exam shortcut: any mention of replication, persistence, or complex data → Redis.

🌐

CloudFront vs Global Accelerator

CloudFront = Content. Global Accelerator = Connections.

CloudFront = HTTP caching at 450+ edge locations (static/dynamic content). Global Accelerator = TCP/UDP routing over AWS backbone, static Anycast IPs, no caching. Not HTTP? Need static IP? → Global Accelerator.

🌊

Kinesis vs SQS

Kinesis = Stream (replay). SQS = Queue (one-and-done).

Kinesis = ordered stream, multiple independent consumers, replay available, real-time analytics. SQS = queue, one consumer per message, message deleted after processing, async decoupling. Need replay or multiple consumers? → Kinesis Data Streams.

🔵

Aurora Advantage

6 copies · 3 AZs · 15 replicas · <1s cross-region

Aurora's storage layer maintains 6 copies across 3 AZs automatically. Up to 15 read replicas with sub-10ms lag. Aurora Global Database replicates cross-region in <1 second for global reads and sub-minute DR failover. Choose Aurora = MySQL/PostgreSQL + HA.

Flashcards

Click any card to reveal the answer. Eight high-yield concepts for Domain 3.

Tap a card to flip it

S3 Intelligent-Tiering

When should you use it?

Use when access patterns are unpredictable. Automatically moves objects between Frequent and Infrequent tiers. Small monitoring fee per object; no retrieval fees. Eliminates guesswork about which storage class to choose.

gp3 vs gp2 EBS

What is the key difference?

gp3 decouples IOPS from capacity — provision up to 16,000 IOPS independent of disk size. gp2 IOPS scaled with size (3 IOPS/GB). gp3 is cheaper and more flexible — always prefer gp3 for new workloads.

DynamoDB On-Demand vs Provisioned

Which capacity mode fits which workload?

On-Demand = pay per request, instant scale, no planning — best for spiky or unknown workloads. Provisioned = set RCU/WCU, auto-scaling available, cheaper for predictable consistent load.

Kinesis Data Streams vs Kinesis Data Firehose

What is the key distinction?

Streams = real-time, custom consumers, replay available, manage shards manually. Firehose = fully managed delivery to S3/Redshift/OpenSearch, near-real-time (≥60s buffer), no custom consumers, Lambda transforms.

Aurora vs RDS Read Replicas

How do they differ?

Aurora = up to 15 replicas, <10ms replica lag, share same storage cluster as primary, auto-failover promotion. RDS = up to 5–15 replicas (engine-dependent), async replication, manual promotion required.

ElastiCache Write-Through Pattern

How does it work?

On every database write, update the cache simultaneously. Cache always has current data. Slightly higher write latency but no stale reads. Opposite of lazy loading (cache-aside), which only populates on cache miss.

FSx for Lustre

What is the primary use case?

High-performance computing (HPC): ML training, financial simulations, genomics, video rendering. Integrates natively with S3. Delivers hundreds of GB/s throughput and millions of IOPS — the fastest file system on AWS.

CloudFront Signed URLs vs Signed Cookies

Which to use when?

Signed URL = access to a single file (individual download, one object). Signed Cookie = access to multiple files (entire premium section, video streaming library). Signed URLs override cache behaviors; use cookies for subscription content areas.

Study Advisor

Select your current level for a targeted Domain 3 study plan.

Beginners — Build Your Foundation

Draw the S3 storage class chart: cost on Y-axis, retrieval speed on X-axis — place each class visually
Learn EBS types by use case: boot → gp3, high IOPS DB → io2, big sequential reads → st1, cheap cold storage → sc1
Understand the DynamoDB primary key concept: every query must include the partition key; sort key enables range queries
Practice explaining Multi-AZ vs Read Replicas to someone: Multi-AZ = HA with sync standby; Read Replicas = async for read scale
Watch an AWS CloudFront demo to visualize edge caching before memorizing the distinctions

Resources

Authoritative AWS documentation and whitepapers for Domain 3 deep dives.

Official AWS Documentation

Amazon S3 Storage Classes — Developer Guide — Comprehensive comparison of all storage classes with pricing and use cases
Amazon EBS Volume Types — EC2 User Guide — Performance specifications and use case guidance for all EBS types
Amazon DynamoDB Best Practices Guide — Table design, index strategy, and capacity optimization
Amazon CloudFront Developer Guide — Cache behaviors, origins, Lambda@Edge, signed URLs
Amazon Kinesis Data Streams Developer Guide — Shards, consumers, retention, and Kinesis vs Firehose

AWS Whitepapers

AWS Storage Services Overview Whitepaper — Architecture patterns for S3, EBS, EFS, and FSx
Database Caching Strategies Using Redis — Cache-aside, write-through, and write-behind patterns
Amazon Aurora Under the Hood — Storage Architecture — Deep dive on Aurora's 6-copy quorum storage model

Exam Guide

The official AWS Certified Solutions Architect – Associate (SAA-C03) Exam Guide V1.1 lists all task statements and knowledge areas for each domain. Download it directly from aws.amazon.com/certification to ensure your study plan covers all tested objectives.

Design High-Performing Architectures

Domain 3: Design High-Performing Architectures

SAA-C03 Domain Breakdown

Task Statements

What You'll Master

Storage (Task 3.1)

Compute (Task 3.2)

Databases (Task 3.3)

Networking & Data (Tasks 3.4–3.5)

Key Services at a Glance

Core Concepts

1. S3 Storage Classes & Performance

2. EBS Volume Types & File Systems

3. EC2 Instance Families & Placement Groups

4. Databases: Aurora & RDS

5. DynamoDB & DAX

6. ElastiCache: Redis vs Memcached

7. CloudFront vs Global Accelerator & Networking

8. Data Ingestion & Analytics

Memory Hooks

Practice Quiz — Domain 3

Flashcards

Study Advisor

Beginners — Build Your Foundation

Intermediate — Deepen Key Distinctions

Advanced — Architect Complete Solutions

Exam Week — Tighten Critical Distinctions

Day Before — Final Review

Resources

Official AWS Documentation

AWS Whitepapers

Exam Guide

Ready to Ace SAA-C03 Domain 3?