AWS Certified CloudOps Engineer – Associate (SOA-C03) Study Guide [175 Minute Read]

A First-Principles Approach to Cloud Operations

Welcome to the AWS Certified CloudOps Engineer – Associate study guide. This guide doesn't just tell you what AWS services do — it teaches you why they exist, how to reason about them under pressure, and when to choose one over another. That mental model is what separates candidates who pass from those who walk out uncertain.

Official exam objectives: AWS Certified CloudOps Engineer – Associate (SOA-C03)

The SOA-C03 is scenario-heavy. You won't be asked to define CloudWatch — you'll be asked what to do when an Auto Scaling group isn't terminating instances correctly, or how to automatically remediate a non-compliant S3 bucket. Expect 60–70% application and analysis questions; memorizing facts isn't enough.

Exam at a glance: 65 questions (50 scored) · 180 minutes · Passing score: 720/1000 · $150 USD

Prerequisites: Familiarity with core AWS services (EC2, S3, VPC, IAM) and at least one year of hands-on operations experience. If you're new to AWS, earn Cloud Practitioner first.

Exam Domain Weights

Three domains tie at 22% — Monitoring, Reliability, and Deployment — making them collectively worth two-thirds of your score. Don't underinvest in any of them. Security and Networking round out the exam and frequently appear as the "wrong answer trap" in scenario questions, so you need depth there too.

(Table of Contents - For Reference)

  • Phase 1: First Principles of Cloud Operations
    • 1.1. The Observability Problem: Why You Can't Manage What You Can't See
    • 1.2. From Metrics to Action: The Operations Loop
    • 1.3. AWS's Operations Philosophy: The Well-Architected Framework
    • 1.4. Reflection Checkpoint
  • Phase 2: Monitoring, Logging, Analysis, Remediation, and Performance Optimization (22%)
    • 2.1. CloudWatch Metrics, Alarms, and Dashboards
      • 2.1.1. Standard Metrics, Custom Metrics, and Namespaces
      • 2.1.2. Alarms, Composite Alarms, and Actions
      • 2.1.3. CloudWatch Dashboards (Multi-Account, Multi-Region)
      • 2.1.4. The CloudWatch Agent: Memory, Disk, and Container Metrics
    • 2.2. Logging and Audit Services
      • 2.2.1. CloudWatch Logs, Log Groups, and Logs Insights
      • 2.2.2. CloudTrail: API Logging and Analysis
      • 2.2.3. AWS X-Ray and Distributed Tracing
      • 2.2.4. SNS Notifications and AWS User Notifications
    • 2.3. Automated Remediation
      • 2.3.1. EventBridge: Event Routing and Automation
      • 2.3.2. Systems Manager Automation Runbooks
      • 2.3.3. Lambda-Based Remediation Patterns
    • 2.4. Performance Optimization
      • 2.4.1. Compute Optimization: EC2, Placement Groups, and Compute Optimizer
      • 2.4.2. Storage Optimization: EBS Volume Types and Performance
      • 2.4.3. S3 Performance: Transfer Acceleration, Multipart Uploads, and Lifecycle
      • 2.4.4. Shared Storage: EFS and FSx Selection and Tuning
      • 2.4.5. Database Performance: RDS Performance Insights and RDS Proxy
    • 2.5. Reflection Checkpoint
  • Phase 3: Reliability and Business Continuity (22%)
    • 3.1. Scalability and Elasticity
      • 3.1.1. EC2 Auto Scaling: Policies and Lifecycle Hooks
      • 3.1.2. Application-Level Caching: ElastiCache and CloudFront
      • 3.1.3. Database Scaling: RDS, DynamoDB, and Aurora
    • 3.2. High Availability and Fault Tolerance
      • 3.2.1. Elastic Load Balancing: ALB, NLB, and Target Groups
      • 3.2.2. Route 53 Health Checks and Routing Policies
      • 3.2.3. Multi-AZ Deployments and Fault-Tolerant Architectures
    • 3.3. Backup, Restore, and Disaster Recovery
      • 3.3.1. AWS Backup: Plans, Vaults, and Policies
      • 3.3.2. Snapshot Automation: EC2, RDS, EBS, S3, DynamoDB
      • 3.3.3. Point-in-Time Restore and RTO/RPO Objectives
      • 3.3.4. Versioning: S3 Object Versioning and FSx
      • 3.3.5. Disaster Recovery Strategies: Pilot Light to Multi-Site
    • 3.4. Reflection Checkpoint
  • Phase 4: Deployment, Provisioning, and Automation (22%)
    • 4.1. Cloud Resource Provisioning
      • 4.1.1. AMI Management and EC2 Image Builder
      • 4.1.2. Container Image Management with Amazon ECR
      • 4.1.3. CloudFormation: Templates, Stacks, and StackSets
      • 4.1.4. AWS CDK: Constructs, Apps, and Synthesis
      • 4.1.5. Third-Party IaC: Terraform and Git Integration
      • 4.1.6. Multi-Account Resource Sharing: RAM and StackSets
      • 4.1.7. Deployment Strategies: Blue/Green, Rolling, and Canary
    • 4.2. Operational Automation
      • 4.2.1. Systems Manager: The Operations Platform
      • 4.2.2. Event-Driven Automation: Lambda and S3 Event Notifications
      • 4.2.3. AWS Config: Rules, Remediation, and Compliance
    • 4.3. Reflection Checkpoint
  • Phase 5: Security and Compliance (16%)
    • 5.1. Identity and Access Management
      • 5.1.1. IAM Policies, Roles, and Permission Boundaries
      • 5.1.2. Federation, IAM Identity Center, and MFA
      • 5.1.3. Multi-Account Security: Organizations and SCPs
      • 5.1.4. Troubleshooting Access: CloudTrail, Access Analyzer, and Policy Simulator
      • 5.1.5. Trusted Advisor Security Checks and Remediation
    • 5.2. Data Protection and Infrastructure Security
      • 5.2.1. Encryption at Rest: KMS Key Types and Policies
      • 5.2.2. Encryption in Transit: ACM and TLS Certificate Management
      • 5.2.3. Secrets Management: Secrets Manager and Parameter Store
      • 5.2.4. Threat Detection: GuardDuty, Inspector, Macie, and Security Hub
    • 5.3. Reflection Checkpoint
  • Phase 6: Networking and Content Delivery (18%)
    • 6.1. VPC Architecture and Connectivity
      • 6.1.1. VPC Subnets, Route Tables, and Internet Access
      • 6.1.2. Security Groups and Network ACLs
      • 6.1.3. VPC Endpoints: Interface and Gateway
      • 6.1.4. Hybrid Connectivity: Site-to-Site VPN and Client VPN
      • 6.1.5. Network Protection: WAF, Shield, and Network Firewall
      • 6.1.6. Network Cost Optimization
    • 6.2. DNS, Content Delivery, and Global Acceleration
      • 6.2.1. Route 53 Resolver and Hybrid DNS
      • 6.2.2. Route 53 Advanced Routing and Health Checks
      • 6.2.3. CloudFront, Lambda@Edge, and Global Accelerator
    • 6.3. Network Troubleshooting
      • 6.3.1. VPC Flow Logs and Reachability Analyzer
      • 6.3.2. Load Balancer and Service Access Logs
      • 6.3.3. CloudFront Caching and Troubleshooting
      • 6.3.4. Hybrid Connectivity Troubleshooting
      • 6.3.5. CloudWatch Network Monitoring Services
    • 6.4. Reflection Checkpoint
  • Phase 7: Exam Readiness and Strategy
    • 7.1. How to Approach SOA-C03 Scenario Questions
    • 7.2. High-Yield Topics by Domain Weight
    • 7.3. Reflection and Final Exam Checklist
  • Phase 8: Glossary
🚀

Start Free. Upgrade When You're Ready.

Stay on your structured path while adding targeted practice with the full set of exam-like questions, expanded flashcards to reinforce concepts, and readiness tracking to identify and address weaknesses when needed.

Alvin Varughese
Written byAlvin Varughese
Founder15 professional certifications

Content last updated