Unit 1: Design Solutions for Organizational Complexity

This guide covers Domain 1 of the AWS Certified Solutions Architect – Professional (SAP-C02) exam, focusing on architecting for large-scale, multi-account environments. This domain represents 26% of the exam weighting.

Learning Objectives

After studying this unit, you should be able to:

• Architect network connectivity strategies for complex multi-VPC and hybrid environments.
• Prescribe security controls and governance across a multi-account AWS organization.
• Design reliable and resilient architectures that scale across regions and accounts.
• Implement multi-account structures using AWS Organizations and Organizational Units (OUs).
• Determine cost optimization and visibility strategies to maintain accountability in large deployments.

Key Terms & Glossary

• AWS Organizations: An account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage.
• Organizational Unit (OU): A container for accounts within an organization. OUs can also contain other OUs, creating a hierarchy.
• Transit Gateway (TGW): A network transit hub that connects VPCs and on-premises networks through a central hub.
• Direct Connect (DX): A cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS.
• Service Control Policy (SCP): A type of organization policy used to manage permissions in your organization, offering central control over the maximum available permissions for all accounts.
• Virtual Interface (VIF): A configuration that allows access to AWS services via a Direct Connect connection (Public, Private, or Transit).

The "Big Idea"

As organizations grow, they transition from a single-account