AWS Certified Solutions Architect – Professional (SAP-C02) Online Training & Certification Prep
Advance to the highest AWS architecture credential. This rigorous course prepares experienced cloud architects for the SAP-C02 exam, covering complex multi-account designs, large-scale migration orchestration, advanced networking, and cost governance — reinforced by Live Labs in real AWS environments.
Course Overview
The AWS Certified Solutions Architect – Professional (SAP-C02) is the most demanding architecture credential in the AWS certification path. It requires not only deep knowledge of individual AWS services but the ability to evaluate complex, multi-constraint scenarios and select the architecturally correct solution across security, resiliency, performance, and cost dimensions simultaneously.
This Boost eLearning course is designed for architects and senior engineers who already hold Associate-level credentials and have substantial hands-on AWS experience. Instruction is delivered by AWS Certified Solutions Architect – Professional instructors who bring direct consulting and enterprise implementation experience to every module.
The course is structured around the four SAP-C02 exam domains. The design solutions for organisational complexity domain covers AWS Control Tower, AWS Organizations service control policies (SCPs), delegated administrator patterns, cross-account IAM roles, and the architecture of landing zones that scale from tens to hundreds of AWS accounts. The design for new solutions domain addresses advanced architecture patterns: microservices on Amazon ECS and EKS, event-driven pipelines using Kinesis Data Streams and Kinesis Data Firehose, data lake architectures with Lake Formation and Athena, and ML inference endpoints on Amazon SageMaker.
Migration planning at enterprise scale is treated as a first-class discipline. You will work through AWS Migration Hub tracking, Application Discovery Service data collection, Mainframe Modernization patterns, and the decision framework for choosing between lift-and-shift (MGN), re-platforming (Elastic Beanstalk or EKS), and full refactoring. The cost optimisation domain reaches beyond service selection into organisational cost governance: AWS Cost Anomaly Detection, tag-based chargeback, Reserved Instance pooling across accounts, and Savings Plans coverage analysis across a multi-account organisation.
Live Labs are calibrated to Professional-level complexity. Rather than single-service exercises, labs present multi-service integration challenges: build a cross-account CI/CD pipeline with CodePipeline and cross-account roles, configure a Transit Gateway with inter-Region peering and route table segmentation, implement a multi-Region active-active architecture with Route 53 Application Recovery Controller (ARC), and deploy a landing zone configuration with SCPs that enforce encryption compliance. Enrolment includes the Boost Pass Guarantee.
What You'll Learn
- Design multi-account AWS environments using AWS Control Tower, AWS Organizations, and landing zone patterns
- Implement service control policies (SCPs) and permission boundaries to enforce governance at scale
- Architect complex hybrid network topologies using Transit Gateway inter-Region peering, Direct Connect, and AWS Cloud WAN
- Design microservices architectures on Amazon ECS, Amazon EKS, and AWS App Mesh with service discovery and traffic management
- Build event-driven data pipelines using Kinesis Data Streams, Kinesis Data Firehose, AWS Glue, and Amazon Athena
- Plan and execute large-scale migrations using AWS Application Migration Service, Database Migration Service, and Migration Hub
- Implement multi-Region active-active and active-passive architectures using Route 53 Application Recovery Controller
- Design cost governance frameworks including cross-account Reserved Instance sharing, tag policies, and cost anomaly detection
- Evaluate and select container orchestration strategies across ECS on Fargate, self-managed EKS, and EKS Managed Node Groups
- Architect data lake solutions on S3 with Lake Formation access control, AWS Glue cataloguing, and Athena federated queries
- Apply Well-Architected Framework review methodology to existing architectures and produce prioritised improvement plans
- Design for regulatory compliance requirements mapping AWS controls to frameworks such as PCI-DSS, HIPAA, and FedRAMP
Who This Course Is For
- Senior solutions architects and lead cloud architects with at least two years of hands-on AWS experience
- AWS Certified Solutions Architect – Associate holders advancing to Professional certification
- Enterprise architects responsible for multi-account AWS organisation design
- Cloud consultants and AWS Partner technical staff delivering complex customer engagements
- Principal engineers owning large-scale cloud migration programmes
Course Outline
- AWS Organizations structure: management accounts, OUs, member accounts, and delegated administrators
- AWS Control Tower: landing zones, guardrails (preventive and detective), Account Factory
- Service control policies: design patterns, inheritance, and SCP deny vs IAM allow interactions
- Cross-account IAM roles and resource-based policies for service sharing
- AWS Resource Access Manager (RAM) for sharing VPCs, Transit Gateways, and License Manager configs
- Centralised logging architectures: AWS CloudTrail organisation trails, centralised Security Hub, Amazon Macie
- Live Lab: Deploy Control Tower, create an OU hierarchy, and attach a custom SCP that enforces S3 encryption
- Transit Gateway design: route tables, attachments, blackhole routes, and inter-Region peering
- AWS Cloud WAN for global network management across Regions and on-premises
- AWS Direct Connect: virtual interfaces (private, public, transit), hosted connections, and MACsec
- Network segmentation patterns: shared services VPC, inspection VPCs with Gateway Load Balancer
- DNS resolution across hybrid environments: Route 53 Resolver, Resolver endpoints, and DNS Firewall
- IPv6 dual-stack architecture at enterprise scale
- Live Lab: Configure a Transit Gateway with inter-Region peering and separate route tables for production and development VPCs
- AWS Security Hub: aggregating findings, custom actions, and automated remediation via EventBridge
- AWS Config: managed rules, conformance packs, and organisation-level remediation
- Amazon GuardDuty, Amazon Inspector v2, and Amazon Macie for threat and data classification
- Encryption strategy: AWS KMS multi-Region keys, key policies, grants, and CloudHSM for dedicated HSMs
- Secrets Manager rotation patterns with Lambda and cross-account access
- AWS IAM Access Analyzer: external access findings and policy validation
- Compliance automation: mapping SCPs and Config conformance packs to PCI-DSS and HIPAA controls
- Live Lab: Enable Security Hub organisation-wide, create a custom insight, and configure EventBridge rules to auto-remediate a non-compliant S3 bucket
- Amazon ECS task definitions, Fargate launch type, capacity providers, and service auto scaling
- Amazon EKS: managed node groups vs Fargate profiles, IRSA (IAM roles for service accounts), cluster upgrades
- AWS App Mesh and Amazon VPC Lattice for service mesh and service networking
- API Gateway REST vs HTTP vs WebSocket APIs u2014 feature and cost trade-offs
- AWS Lambda advanced patterns: Provisioned Concurrency, SnapStart, Lambda layers, and extensions
- Step Functions: Standard vs Express workflows, service integrations, and error handling
- Live Lab: Deploy a microservice on ECS Fargate behind an ALB with service auto scaling and a circuit-breaker deployment configuration
- Data lake on Amazon S3: bucket design, partitioning strategies, and Lake Formation access control
- AWS Glue: crawlers, Data Catalog, ETL jobs, and Glue DataBrew for visual transformation
- Amazon Athena: federated queries, query result caching, and Iceberg table format
- Amazon Kinesis Data Streams vs Managed Streaming for Apache Kafka (MSK) for real-time ingestion
- Amazon Kinesis Data Firehose transformations and delivery to S3, Redshift, and OpenSearch Service
- Amazon Redshift: RA3 nodes, data sharing, Spectrum for S3 queries, and Serverless
- Amazon OpenSearch Service patterns: log analytics, full-text search, and anomaly detection
- Live Lab: Build an end-to-end streaming pipeline with Kinesis Data Streams u2192 Kinesis Data Firehose u2192 S3 u2192 Athena
- Migration strategy framework: the 7 Rs and decision criteria
- AWS Application Discovery Service and AWS Migration Hub Orchestrator
- AWS Application Migration Service (MGN) for lift-and-shift server migrations
- AWS Database Migration Service (DMS): full-load and CDC replication, supported engines
- AWS Mainframe Modernization: refactor vs replatform patterns for COBOL workloads
- VMware Cloud on AWS for vSphere workload migration
- Post-migration optimisation: Performance Insights, Compute Optimizer, and CloudWatch Container Insights
- Live Lab: Configure an AWS DMS replication task with change data capture (CDC) from a MySQL source to Amazon Aurora
- Multi-account cost allocation: tag policies, AWS Cost Categories, and chargeback models
- Reserved Instance portfolio management: instance size flexibility, convertible exchanges, and Marketplace
- Savings Plans: Compute vs EC2 Instance vs SageMaker u2014 coverage analysis and purchase strategy
- AWS Cost Anomaly Detection: alert configuration and root cause analysis
- AWS Trusted Advisor and Compute Optimizer across an AWS Organization
- Sustainability pillar: selecting Graviton instances, optimising utilisation, and measuring carbon footprint with AWS Customer Carbon Footprint Tool
- SAP-C02 exam structure: domain weighting, question length, and elimination strategies
- Timed case-study scenario: design a global multi-Region SaaS platform meeting stated RTO, RPO, compliance, and cost constraints
- Timed case-study scenario: architect a migration for an on-premises Oracle database fleet to Aurora PostgreSQL with zero-downtime cutover
- Full-length timed practice exam (75 questions)
- Domain-by-domain score review and remediation recommendations
About the Certification Exam
- Exam code
- SAP-C02
- Length
- 180 minutes
- Questions
- 75 scored questions (multiple choice and multiple response)
- Passing score
- 750 out of 1000
- Exam cost
- ~$300 USD
- Where
- Pearson VUE / PSI online proctored or at an authorised testing centre
The certification exam fee is paid separately to the testing provider and is not included in the course price unless stated otherwise.
Live Labs Included
Hands-on practice on real environments
This course includes Live Labs — direct access to real hardware and cloud environments so you build the skills the exam actually tests.
- Deploy AWS Control Tower with a custom OU hierarchy, create an Account Factory account, and attach a preventive SCP that denies creation of unencrypted S3 buckets
- Configure a Transit Gateway with three VPC attachments across two Regions, establish inter-Region peering, and implement route table segmentation to isolate production from development traffic
- Build a cross-account CI/CD pipeline using CodePipeline in a tools account that deploys to a target application account using cross-account IAM roles and a KMS CMK shared via RAM
- Enable AWS Security Hub across an AWS Organization with a delegated administrator, create a custom insight aggregating critical findings, and configure EventBridge rules for automated remediation
- Configure Route 53 Application Recovery Controller (ARC) routing controls and readiness checks for a multi-Region active-passive application; simulate a Region failure and execute a controlled failover
- Build a streaming data pipeline using Kinesis Data Streams, Kinesis Data Firehose with a Lambda transformation, S3 delivery with Hive-style partitioning, and an Athena query to validate ingested records
Pass Guarantee Included
Complete this course and if you don't pass the certification exam on your first attempt, we'll refund your course fee or give you a free retake — your choice.
