AWS SAA-C03 CERTIFICATION Ultimate Keyword Cheat Sheet

Studying for the AWS Certified Solutions Architect – Associate (SAA-C03) exam can feel like trying to drink from a firehose. With hundreds of services and architectural variations, the sheer volume of information is overwhelming.

However, passing the exam isn’t about memorizing every whitepaper—it’s about pattern recognition.

The AWS SAA exam uses specific, highly repeatable keyword triggers in its question stems. If you spot a particular phrase, the examiner is pointing you directly toward a specific service or architectural pattern. This practical guide breaks down the core AWS services into cheat-sheet tables and details the “trap pairs” AWS uses to trick you, giving you an absolute edge on exam day.

Goal: See the keyword → instantly know the service → eliminate distractors.

COMPUTE

Service	Trigger Keywords	Exam Shortcut	Common Trap
EC2	Reserved, Spot, Dedicated Host, AMI, User Data, Savings Plans	Traditional VM-based compute	Instance Store is ephemeral
Lambda	Serverless, event-driven, trigger, FaaS, S3 trigger, SQS trigger	No servers to manage	Max runtime = 15 minutes
ECS	Containers, Docker, task definition	AWS-native container platform	Not Kubernetes
EKS	Kubernetes, k8s, pods	Managed Kubernetes	More operational complexity
Fargate	Serverless containers, no infrastructure management	Containers without managing EC2	Still uses ECS or EKS underneath
ALB	HTTP, HTTPS, path routing, host routing, WebSocket	Layer 7 load balancer	No static IP
NLB	TCP, UDP, static IP, ultra-low latency	Layer 4 load balancer	No path-based routing
ASG	Auto scaling, target tracking, desired capacity	Automatic EC2 scaling	Scaling policy types matter
Elastic Beanstalk	Upload code, managed platform, PaaS	Fast app deployment	Infrastructure still visible

Compute Memory Rules

• Spot = Cheapest but interruptible
• Reserved = Long-term discount
• Dedicated Host = Compliance / licensing
• Lambda = Maximum 15-minute runtime
• Fargate = Containers with no EC2 management
• ALB = HTTP routing intelligence
• NLB = Extreme performance + static IP

STORAGE

Service	Trigger Keywords	Exam Shortcut	Common Trap
S3	Bucket, object storage, static website, lifecycle, replication	Unlimited object storage	Not a file system
S3 Glacier	Archive, compliance, cold storage, retain 7 years	Long-term archival	Retrieval can take hours
EBS	Block storage, IOPS, boot volume, snapshots	Storage for one EC2 instance	Locked to one AZ
EFS	Shared Linux storage, NFS, multiple EC2s	Multi-AZ shared file system	Linux only
FSx for Windows	SMB, Active Directory, Windows shares	Windows-native shared storage	Not NFS
FSx for Lustre	HPC, ML training, parallel file system	High-performance compute workloads	Expensive for simple workloads
Storage Gateway	Hybrid storage, on-prem access	Ongoing hybrid integration	Not for one-time migration

Storage Tier Shortcuts

S3 Storage Classes

Storage Class	Best For
Standard	Frequently accessed data
Standard-IA	Infrequent access
One Zone-IA	Cheap single-AZ storage
Intelligent-Tiering	Unknown access patterns
Glacier Instant	Fast archive retrieval
Glacier Flexible	Cheap archive
Glacier Deep Archive	Cheapest long-term archive

Storage Memory Rules

• EBS = One EC2
• EFS = Many Linux EC2s
• FSx Windows = Windows + SMB + AD
• Glacier = Compliance retention
• Storage Gateway = Hybrid access
• DataSync = Migration

DATABASES

Service	Trigger Keywords	Exam Shortcut	Common Trap
RDS	Relational, SQL, MySQL, PostgreSQL, OLTP	Managed relational DB	Read Replica ≠ HA
Aurora	Global DB, Serverless, high performance	AWS-optimized relational DB	More expensive
DynamoDB	NoSQL, key-value, single-digit ms, Global Tables	Serverless NoSQL	Partition key design matters
ElastiCache Redis	Cache, session store, pub/sub	In-memory cache	Data persistence options vary
Redshift	OLAP, BI, analytics, petabytes	Data warehouse	Not transactional
Neptune	Relationships, graph, fraud, recommendations	Graph database	Not relational
DocumentDB	MongoDB, JSON documents	Managed document database	Compatibility limitations
Timestream	IoT, telemetry, metrics, time-series	Time-stamped data	Specialized workload

Critical Database Exam Traps

Confusing Pair	Real Difference
Multi-AZ vs Read Replica	Multi-AZ = HA, Read Replica = Read Scaling
DynamoDB vs RDS	NoSQL vs Relational
Redshift vs RDS	Analytics vs Transactions
ElastiCache Redis vs Memcached	Redis supports persistence + replication

Database Memory Rules

• Multi-AZ = Failover
• Read Replica = Read scaling
• Aurora Global = Cross-region replication
• DAX = DynamoDB cache
• Redshift = Historical analytics
• Neptune = Highly connected data

NETWORKING

Service	Trigger Keywords	Exam Shortcut	Common Trap
VPC	CIDR, subnet, security group, NACL	Private AWS network	SG vs NACL confusion
Route 53	DNS, latency routing, failover, weighted	Managed DNS	Routing policies matter
CloudFront	CDN, edge cache, low latency	Content caching	Not routing optimization
API Gateway	Serverless API, throttling, API key	Managed API layer	Often paired with Lambda
Transit Gateway	Many VPCs, centralized routing	Hub-and-spoke networking	Replaces complex peering
Direct Connect	Dedicated connection, consistent bandwidth	Private AWS connectivity	Not encrypted by default
Site-to-Site VPN	IPSec, encrypted internet connection	Fast hybrid setup	Variable latency
Global Accelerator	Anycast IP, AWS backbone, TCP/UDP	Traffic routing optimization	No caching

Networking Memory Rules

• Security Groups = Stateful
• NACLs = Stateless
• NAT Gateway = Private subnet outbound internet
• Transit Gateway = Large-scale VPC connectivity
• CloudFront = Caching
• Global Accelerator = Routing

Route 53 Routing Policies

Policy	Use Case
Simple	Single resource
Weighted	A/B testing
Latency	Fastest region
Failover	Disaster recovery
Geolocation	Country-based routing
Geoproximity	Distance + bias routing
Multi-value	Basic DNS load balancing

SECURITY

Service	Trigger Keywords	Exam Shortcut	Common Trap
IAM	Roles, policies, least privilege, SCP	Identity and permissions	SCPs only restrict
KMS	Encryption, CMK, SSE-KMS, key rotation	Encryption management	Envelope encryption concept
Secrets Manager	Secret rotation, DB credentials	Automatic secret rotation	Higher cost
WAF	SQL injection, XSS, web ACL	Layer 7 protection	Not DDoS protection
Shield	DDoS, volumetric attacks	Layer 3/4 protection	Shield Advanced is expensive
GuardDuty	Threat detection, anomalies, crypto mining	ML-based threat detection	No blocking capability
Macie	PII, sensitive S3 data, GDPR	S3 data classification	S3 only
Inspector	CVE scanning, vulnerability assessment	Automated security scanning	Not runtime protection
Cognito	User pools, OAuth, federated login	App authentication	User Pool vs Identity Pool

Security Memory Rules

• IAM Role = Temporary credentials
• SCP = Organization-wide guardrails
• KMS = Auditable encryption
• WAF = Web attack protection
• Shield = DDoS protection
• Macie = PII discovery in S3
• Cognito User Pool = Authentication
• Cognito Identity Pool = AWS credentials

INTEGRATION & MESSAGING

Service	Trigger Keywords	Exam Shortcut	Common Trap
SQS	Queue, decouple, async, DLQ	Reliable message queue	FIFO throughput limits
SNS	Fanout, publish-subscribe, notifications	Push messaging	Not persistent queueing
EventBridge	Event bus, cron, SaaS integrations	Event-driven architecture	Formerly CloudWatch Events
Step Functions	Workflow, orchestration, retries	Coordinate multiple services	State machine concepts
Kinesis	Streaming, clickstream, real-time ingestion	Real-time data streaming	Streams vs Firehose

Integration Memory Rules

• SNS = One-to-many push
• SQS = Reliable queue
• EventBridge = Event routing
• Step Functions = Workflow orchestration
• Kinesis Streams = Real-time custom consumers
• Firehose = Managed delivery to S3/Redshift

ANALYTICS

Service	Trigger Keywords	Exam Shortcut	Common Trap
Athena	Query S3, serverless SQL, ad hoc	SQL directly on S3	Pay per TB scanned
Glue	ETL, crawler, schema discovery	Data transformation	Not a query engine
OpenSearch	Full-text search, Kibana, logs	Search and log analytics	Operational overhead
EMR	Spark, Hadoop, MapReduce	Big data processing	Cluster management
QuickSight	Dashboard, BI, visualization	AWS BI dashboards	SPICE terminology

Analytics Memory Rules

• Athena = Query S3 instantly
• Glue = ETL + Catalog
• OpenSearch = Search logs
• EMR = Spark/Hadoop processing
• QuickSight = Dashboards

MIGRATION

Service	Trigger Keywords	Exam Shortcut	Common Trap
Snowball	Offline transfer, petabytes, ship device	Large offline migration	Not real-time sync
DMS	Database migration, minimal downtime	Database migration	SCT needed for heterogeneous
DataSync	NFS to S3, SMB to EFS	File migration	Not ongoing hybrid access
MGN	Lift-and-shift, rehost to EC2	Server migration	Minimal modernization

Migration Memory Rules

• Snowball = Massive offline transfer
• DMS = Database migration
• DataSync = File migration
• Storage Gateway = Ongoing hybrid access
• MGN = Lift and shift servers

MONITORING & GOVERNANCE

Service	Trigger Keywords	Exam Shortcut	Common Trap
CloudWatch	Metrics, alarms, logs, dashboards	Monitoring platform	RAM/disk metrics need agent
CloudTrail	API audit, compliance, who did what	AWS activity logs	Data events cost extra
Config	Compliance, drift, resource history	Resource configuration tracking	Not API auditing
X-Ray	Distributed tracing, latency bottlenecks	Microservice tracing	Requires instrumentation
Health Dashboard	AWS outages, personal health events	Service health visibility	Global vs account-specific

Monitoring Memory Rules

• CloudTrail = WHO did WHAT
• Config = WHAT changed
• CloudWatch = Metrics and alarms
• X-Ray = Distributed tracing
• Health Dashboard = AWS service issues

HIGHEST-YIELD AWS SAA TRAP QUESTIONS

Trap Pair	Correct Understanding
Multi-AZ vs Read Replica	HA vs Read Scaling
CloudTrail vs Config	Audit Logs vs Compliance Tracking
SNS vs SQS	Fanout vs Queue Buffering
CloudFront vs Global Accelerator	Caching vs Routing
Direct Connect vs VPN	Dedicated line vs Encrypted internet
ALB vs NLB	Layer 7 vs Layer 4
EFS vs FSx Windows	Linux NFS vs Windows SMB
Secrets Manager vs Parameter Store	Rotation vs Simplicity
DataSync vs Storage Gateway	Migration vs Hybrid access
Kinesis Streams vs Firehose	Real-time consumers vs Managed delivery

LAST-MINUTE EXAM CRAM RULES

If you see these words, think these services immediately

Keyword	Service
Decouple	SQS
Fanout	SNS
Serverless API	API Gateway + Lambda
Kubernetes	EKS
No infrastructure management	Fargate
Shared Linux storage	EFS
SMB + Active Directory	FSx Windows
Global low-latency content	CloudFront
Real-time streaming	Kinesis
Audit who changed something	CloudTrail
Compliance tracking	Config
SQL query on S3	Athena
PII discovery in S3	Macie
DDoS protection	Shield
SQL injection protection	WAF
Long-term archive	Glacier
Petabyte analytics	Redshift
Event orchestration	Step Functions

Pro-Tip for Exam Day

When you read a question stem on the SAA-C03 exam, do not immediately read the options. First, scan the prompt for constraints like “lowest cost,” “minimum operational overhead,” or “highly available.” Highlight the keyword triggers from this cheat sheet, mentally formulate the ideal AWS architecture, and then find the option that matches your pattern.

Good luck, and go clear that exam!

Further Reading: Hidden Costs of Chasing Certifications Nobody Talks About