AWS Certified Solutions Architect - Professional (SAP-C02)
Prepare for the AWS Solutions Architect Professional exam with short focused lessons, real AWS architecture labs, domain-weighted quizzes, scenario reviews, and a beta full-length practice exam covering enterprise governance, security, networking, resilience, migration, modernization, cost, and continuous improvement.
Course Preview
Why This Course is Different
Get everything you need to master platform engineering and advance your career
Certificate of Completion
Earn a certificate while gaining real-world skills that go beyond traditional certification prep
Hands-on Labs
34 practical labs with real-world scenarios in pre-configured cloud environments
Expert-Led
Learn from Sam Gabrail, Former HashiCorp Sr. Solutions Engineer with 18+ years experience
Community Support
Join our community where members help each other and collaborate on learning
What You'll Master
Master all four SAP-C02 exam domains with weighted coverage
Design enterprise AWS architectures across multiple accounts, networks, regions, and teams
Select secure identity, encryption, audit, and detective-control patterns for complex environments
Build resilient and recoverable AWS solutions using RTO/RPO-driven tradeoffs
Choose compute, container, serverless, integration, data, and storage services for new workloads
Plan workload migrations and modernization using portfolio assessment, 7Rs, and data transfer strategies
Improve existing architectures across operations, security, performance, reliability, and cost
Eliminate distractors in professional-level AWS scenario questions
Course Curriculum
SECTION 1 – ORIENTATION, EXAM STRATEGY, AND ARCHITECTURE METHOD
- •Welcome to AWS Solutions Architect Professional
- •SAP-C02 Exam Format, Domain Weights, and Current Sources
- •How Professional-Level AWS Architecture Questions Are Written
- •Reading Requirements, Constraints, and Distractors
- •Well-Architected Framework as an Exam Lens
- •TeKanAid AWS Lab Guardrails and Cost-Safe Practice
- •AWS CLI, Region, Identity, and Architecture Baseline
- •Study Plan and Readiness Milestones
- •SAP-C02 Course DiagnosticQuiz
- •AWS CLI Architecture BaselineLab
SECTION 2 – ENTERPRISE GOVERNANCE AND ORGANIZATIONAL COMPLEXITY
- •Organizational Complexity on AWS: What Domain 1 Actually Tests
- •AWS Organizations, OUs, and the Account Container Model
- •Service Control Policies and Delegated Administration
- •Control Tower and Landing Zone Foundations
- •Account Vending Patterns and Guardrail Lifecycle
- •Multi-Account Network Models: Shared VPC, Hub-and-Spoke, and Inspection
- •Centralized Logging and Audit Account Design
- •Shared Services Accounts and Resource Access Manager
- •Tagging Strategy, Cost Allocation Tags, and Tag Policies
- •Chargeback, Showback, and Cost Visibility Models
- •Cross-Account Access and Federation Decision Patterns
- •Governance Tradeoffs for Regulated and High-Compliance Environments
- •Exam Decision Patterns for Organizational Complexity
- •Multi-Account Landing Zone GovernanceLab
- •Centralized Logging and Audit TrailLab
- •IAM Cross-Account AccessLab
- •Organizational Complexity QuizQuiz
SECTION 3 – SECURITY ARCHITECTURE AND IDENTITY CONTROLS
- •Security Architecture at Professional Depth
- •IAM Policy Evaluation Logic in Multi-Policy Scenarios
- •Permission Boundaries and SCPs in Delegated Admin Patterns
- •IAM Identity Center, Federation, and Third-Party IdPs
- •Cross-Account Role Assumption and the External ID Pattern
- •KMS Key Policies, Grants, and the Two-Layer Access Model
- •KMS Rotation, Multi-Region Keys, and Envelope Encryption
- •Secrets Manager vs Parameter Store and Credential Lifecycle
- •Network Security with Security Groups and NACLs
- •WAF, Shield, and Network Firewall — Edge and VPC Defense
- •KMS Key Policy and Envelope EncryptionLab
- •Config-Style S3 Compliance RemediationLab
- •Security Detection and Response ArchitectureLab
- •CloudTrail, AWS Config, and Security Hub — The Audit Stack
- •GuardDuty, Detective, Inspector, and Macie — Picking the Right Detector
- •ACM, Private CA, and Automated Security Remediation
- •Exam Decision Patterns — Security Architecture Roundup
- •Security Architecture QuizQuiz
SECTION 4 – NETWORK, EDGE, AND HYBRID ARCHITECTURE
- •VPC Architecture for Professional Scenarios
- •Subnets, Route Tables, NAT, and Egress Patterns
- •VPC Peering vs Transit Gateway and Shared Services Routing
- •Gateway Endpoints, Interface Endpoints, and PrivateLink
- •Route 53 Resolver and Hybrid DNS
- •Direct Connect, Site-to-Site VPN, and Client VPN
- •CloudFront, Global Accelerator, and Edge Placement
- •Load Balancer Selection: ALB, NLB, and GWLB
- •VPC Flow Logs, Reachability Analyzer, and Network Troubleshooting
- •Exam Decision Patterns for Network Architecture
- •VPC Segmentation and RoutingLab
- •Private S3 Access PatternsLab
- •Transit Gateway Hub and SpokeLab
- •Hybrid Connectivity: Direct Connect and VPNLab
- •Network and Hybrid Architecture QuizQuiz
SECTION 5 – RESILIENCE, DISASTER RECOVERY, AND DATA PROTECTION
- •Section 5 Overview: Resilience and DR
- •RTO, RPO, MTTR, and Blast Radius
- •Four DR Strategies: Backup-Restore to Multi-Site
- •Multi-AZ vs Multi-Region Decisions
- •EC2, Auto Scaling, ELB, and Health-Check Recovery
- •RDS Multi-AZ and Read Replicas
- •Aurora Global Database and Failover
- •DynamoDB Global Tables and Consistency Tradeoffs
- •S3 Versioning, Replication, and Object Lock
- •EC2 + RDS Resilient Three-Tier BaselineLab
- •ALB + ASG High AvailabilityLab
- •S3 Data Protection LifecycleLab
- •RDS Multi-AZ + Read Replica FailoverLab
- •Backup and Restore RTO/RPOLab
- •AWS Backup, EBS Snapshots, and Restore Testing
- •Route 53, CloudFront Failover, and Global Accelerator
- •Chaos and DR Testing Concepts
- •Exam Decision Patterns: Resilience and DR
- •Resilience and DR QuizQuiz
SECTION 6 – NEW WORKLOAD DESIGN PATTERNS
- •Designing New Solutions from Requirements
- •Compute Selection: EC2, Auto Scaling, and Elastic Beanstalk
- •Compute Selection: App Runner, Batch, and Lambda
- •Container Selection: ECS, Fargate, and ECR
- •Container Selection: EKS and EKS Anywhere
- •Serverless Application Design: Lambda, API Gateway, and Step Functions
- •Event-Driven Integration: SQS, SNS, EventBridge, and MQ
- •Deployment Strategy: IaC, Blue/Green, Canary, Rollback, and Change Control
- •Service Quotas, Managed vs Self-Managed, and Emerging AI Architecture Controls
- •Exam Decision Patterns for New Workloads
- •Serverless API ResilienceLab
- •Lambda + SQS Async ResilienceLab
- •Event-Driven Order Workflow ArchitectureLab
- •CloudFormation Change Sets ArchitectureLab
- •CloudFront + Route 53 Global ApplicationLab
- •New Workload Design QuizQuiz
SECTION 7 – DATA, STORAGE, AND PERFORMANCE ARCHITECTURE
- •Storage Selection: S3, EBS, EFS, FSx, and Storage Gateway
- •S3 Performance, Lifecycle, Replication, Access Patterns, and Cost
- •RDS, Aurora, Aurora Serverless, and Relational Decision Patterns
- •DynamoDB Data Modeling, Capacity, Streams, and Global Tables
- •ElastiCache, DAX, and Caching Strategy
- •OpenSearch, Athena, Redshift, EMR, Glue, Lake Formation, and Analytics Tradeoffs
- •Kinesis, Firehose, MSK, and Streaming Decisions
- •Performance Metrics, KPIs, and Bottleneck Analysis
- •Rightsizing Compute, Storage, and Database Components
- •Exam Decision Patterns for Data and Performance
- •DynamoDB CLI Data ModelingLab
- •DynamoDB Global Table DesignLab
- •Storage Modernization: FSx, EFS, S3 GatewayLab
- •Analytics and Streaming Service SelectionLab
- •Data and Performance Architecture QuizQuiz
SECTION 8 – MIGRATION AND MODERNIZATION
- •Migration Drivers, Constraints, and Discovery
- •Portfolio Assessment, Dependency Mapping, and Wave Planning
- •The 7Rs: Retire, Retain, Rehost, Replatform, Repurchase, Refactor, Relocate
- •Application Migration Service, Migration Hub, and Discovery Service
- •Database Migration with DMS, SCT, Native Tools, and Replication
- •Data Transfer with DataSync, Transfer Family, Snow Family, S3 Acceleration
- •Identity, DNS, Network, and Governance During Migration
- •Modernization with Containers, Serverless, Purpose-Built Databases
- •TCO, Risk, Rollback, and Cutover Decisions
- •Exam Decision Patterns for Migration and Modernization
- •Migration Wave Planning WorkshopLab
- •Database Migration Design LabLab
- •DataSync and Transfer Family Migration LabLab
- •S3 CLI Transfer Modeling LabLab
- •Migration and Modernization QuizQuiz
SECTION 9 – CONTINUOUS IMPROVEMENT, OBSERVABILITY, AND COST
- •Architecture Review for Existing Workloads
- •CloudWatch Metrics, Logs, Dashboards, Alarms, and Logs Insights
- •CloudTrail, Config, X-Ray, and Traceability
- •Automated Remediation with EventBridge, Lambda, SSM, and Step Functions
- •Patch, Backup, and Configuration Improvement Strategies
- •Reliability Improvement: Removing Single Points of Failure
- •Performance Improvement: Bottlenecks, SLAs, KPIs, and Scaling
- •Cost Improvement: Rightsizing, Savings Plans, Spot, Storage Tiers, and Data Transfer
- •Tagging, Budgets, Cost Explorer, CUR, Trusted Advisor, and Compute Optimizer
- •Well-Architected Review and Prioritized Remediation Roadmaps
- •Exam Decision Patterns for Continuous Improvement
- •CloudWatch Alarms and Logs InsightsLab
- •Systems Manager Operations PatternsLab
- •Cost Allocation and RightsizingLab
- •Observability and Architecture ReviewLab
- •Continuous Improvement and Cost QuizQuiz
SECTION 10 – EXAM READINESS, CAPSTONE, AND PRACTICE EXAMS
- •SAP-C02 Review by Domain Weight
- •Architecture Decision Matrices and Common Distractors
- •Multi-Account Multi-Region Case Study
- •Hybrid Migration Case Study
- •Resilience and Cost Tradeoff Case Study
- •Security and Governance Case Study
- •Final Study Plan and Exam-Day Strategy
- •Post-Certification Learning Path
- •SAP-C02 Capstone Architecture ReviewLab
- •Cross-Domain Review: Governance + New Workload DesignQuiz
- •Cross-Domain Review: Migration, Data, and Continuous ImprovementQuiz
- •Beta Full-Length Practice Exam 1 (75 Questions)Quiz
- •Beta Full-Length Practice Exam 2 (75 Questions)Quiz
Course Features
Hands-on Labs
Lots of hands-on labs to learn by doing
Join our Community
Community support to ask questions and collaborate
Test Your Knowledge
Quizzes to help you grasp the material well
See what others are saying about our Courses
“I like the Crossplane 101 course a lot. I think it is one of the best online courses I have taken (and I've taken a lot in the last 2 years, transitioning into DevOps). The labs are phenomenal – every task has a long tutorial with lots of explanations, gotchas, and recaps, and you always provide the reasoning for implementing a certain solution.”
“I just completed the Crossplane 101 course! Managing infrastructure as Kubernetes resources is a total game-changer. A huge thanks to TeKanAid and Sam Gabrail for the incredible training and insights.”
“Although I've worked with Crossplane in real production environments, I always felt there were gaps in my understanding. Completing this course filled those gaps perfectly. I had to unlearn and relearn quite a few things, especially around Crossplane v2.0 concepts. Well structured and thoughtfully put together. Highly recommended for building a strong, foundational understanding of Crossplane.”
“Dear Sam, I hope this email finds you well. If you remember before the end of last year I register for one your courses Terraform 101 – Certified Terraform Associate, I must admit that I learned a lot even though I was not patient enough for all videos to be available. All in all I enjoy the way you structured the course and how you went through it. The main reason of this email, to send you my gratitude for the content you created and to let you know that I passed my exam/test last week.”
“This course was a perfect introduction to Terraform and Infrastructure as Code. Loved the gitpod, saving me a lot of time for developer environment setup. We have a project at work where we want to go from a click-ops version of server-deploy to a more automated flow using ci/cd and terraform for deploying virtual servers.”
“I want to thank you for such wonderful courses. They are more comprehensive than other courses I have taken in the past. You take the time to explain every detail of the code and what it does exactly, further enforcing your student's understanding and confidence in what they are learning. Your methods are very effective and set you apart from other instructors.”
Choose your plan
Simple, Transparent Pricing
Unlock full access to TeKanAid courses, labs, and bootcamps
Pro
Course content without labs
Renews automatically. Cancel anytime.
Final price verified at checkout.
- Full access to all courses
- Progress tracking
- Certificate of completion
- Community access
- Bootcamp participation
- New content access
Premium
Full access with hands-on labs
Renews automatically. Cancel anytime.
Final price verified at checkout.
- Everything in Pro
- Unlimited hands-on labs
- Lab AI Assistant
- Accelerator bootcamps with live office hours
- Priority support
Prefer just this course?
Purchase AWS Certified Solutions Architect - Professional (SAP-C02) for a one-time fee of $79. Full access to course content, quizzes, certificates, and community features, lab access is not included.
Buy this course for $79 →Try it free, no credit card
Three free ways to start. All bridge into the paid Premium catalog when you're ready.
Not ready to commit? The crash course is email-only. No academy account required.
Hi there, I'm Sam
I'm a husband and father of two wonderful boys. I'm also very passionate 🔥 about all things technology. From when I was 10, I had a dream to become a computer 💻 engineer one day. Here I am today living the dream!
Thanks for visiting TeKanAid Academy. My goal is to teach you all things DevOps. Below are some of the things I've done over the years. I'm confident that I can help you achieve your dreams too.
- 18+ years of experience in various Information Technology fields from Telecommunications, Computer Networks, Digital Transformation, DevOps, Cybersecurity, and IoT
- President of TeKanAid Solutions Inc. building online content in the DevOps space
- Previous – Sr. Solutions Engineer at HashiCorp
View my Certifications
Terraform: Authorized HashiCorp Instructor
Verify my certificate
HashiCorp Authorized Instructors are experienced DevOps professionals who deliver official HashiCorp training courses in person and virtually.
Issued by HashiCorp Partner Network (HPN)
Vault: Authorized HashiCorp Instructor
Verify my certificate
HashiCorp Authorized Instructors are experienced DevOps professionals who deliver official HashiCorp training courses in person and virtually.
Issued by HashiCorp Partner Network (HPN)
HashiCorp Certified: Terraform Associate (002)
Verify my certificate
Earners of the HashiCorp Certified: Terraform Associate certification know the basic concepts, skills, and use cases associated with open source HashiCorp Terraform.
Issued by HashiCorp
HashiCorp Certified: Vault Associate (002)
Verify my certificate
Earners of the HashiCorp Certified: Vault Associate certification know the basic concepts, skills, and use cases associated with open source HashiCorp Vault.
Issued by HashiCorp
Featured Products
Week 4: AI Agents and Agentic Workflows
Part of the AI Platform Engineering Bootcamp. Week 4 of 8. The bootcamp follows an 8-week arc that culminates in a capstone Platform Assistant: a production-ready AI system you build by combining the LLM, RAG, agent, MLOps, model serving, and observability layers introduced across each week.
Learn More →
Week 1: AI Foundations for Infrastructure Engineers
Part of the AI Platform Engineering Bootcamp. Week 1 of 8. The bootcamp follows an 8-week arc that culminates in a capstone Platform Assistant: a production-ready AI system you build by combining the LLM, RAG, agent, MLOps, model serving, and observability layers introduced across each week.
Learn More →
Week 7: AI Observability and LLMOps
Part of the AI Platform Engineering Bootcamp. Week 7 of 8. The bootcamp follows an 8-week arc that culminates in a capstone Platform Assistant: a production-ready AI system you build by combining the LLM, RAG, agent, MLOps, model serving, and observability layers introduced across each week.
Learn More →
30-Day Money-Back Guarantee
Try it risk-free
I'm confident you'll get everything you need from this course and be 100% satisfied. But in the unlikely event you decide it's not for you just ask for a refund any time during the first 30 days and you'll get your money back with no questions asked.