Objectives in this domain

Design a deployment strategy using infrastructure as code with AWS CloudFormation and CI/CD pipelines that provide repeatable releases and safe rollback mechanisms.
Section 2.1hard
Select managed and serverless services to reduce provisioning, patching and operational overhead while meeting the solution's functional requirements.
Section 2.1medium
Design business continuity for a new workload with automated data and database replication and Amazon Route 53 routing to sustain availability across Availability Zones and Regions.
Section 2.2hard
Determine security controls for a new solution that enforce least privilege with IAM roles, scoped resource policies, security groups, network ACLs and VPC endpoints.
Section 2.3hard
Design attack mitigation and threat detection for large-scale web applications using AWS WAF, AWS Shield, Amazon GuardDuty and edge protections.
Section 2.3hard
Design a reliability strategy using Multi-AZ and multi-Region patterns, EC2 Auto Scaling and loosely coupled integration with Amazon SQS, Amazon SNS and AWS Step Functions.
Section 2.4hard
Design a solution to meet performance objectives by selecting instance families, storage options and purpose-built databases, and applying caching, buffering and replicas.
Section 2.5hard
Design an elastic, scalable architecture for varied access patterns using serverless compute, decoupling and demand-driven scaling to meet business objectives.
Section 2.5medium
Determine a cost optimisation strategy for a new solution by selecting pricing models, storage tiering and data transfer paths that reduce spend without breaching requirements.
Section 2.6hard

Sample question from this domain

Free sampleDesign for New Solutionshard

A financial services company defines its production environment with a single large AWS CloudFormation stack that includes an Amazon RDS database, security groups, and an Auto Scaling group. A release engineer must apply a template change that updates the database instance class and an IAM role, but a previous release caused an unexpected replacement of the database and a long outage. Leadership now requires that before any production update is executed, the team must see exactly which resources will be modified, replaced, or deleted, and obtain a sign-off, without applying anything. Which approach BEST gives the team that pre-execution visibility?

ACreate a CloudFormation change set from the revised template, review the action and replacement column for each resource to confirm whether the database is modified or replaced, gain sign-off, and only then execute the change set. Correct
BRun the stack update directly with rollback triggers configured on CloudWatch alarms, so that if the database is replaced and the alarm fires the stack automatically rolls back to the prior state before users are affected.
CEnable termination protection on the stack and turn on drift detection before the release, then run the update and rely on the drift report to highlight any resource that the change unexpectedly replaced or deleted during deployment.
DValidate the template with the CloudFormation linter and the validate-template action in the pipeline, capture the output for the approvers, and proceed with the update once the template is confirmed to be syntactically valid.

Use a CloudFormation change set to preview the exact resource actions and replacements of a stack update before executing it. A change set is a preview that CloudFormation generates by comparing the current stack state to the proposed template, returning each resource with its planned action and a flag for whether the update forces a replacement. This lets the team see a database replacement coming and gate the release on approval, which rollback triggers, drift detection, and template validation cannot do because they act during or after execution or only check syntax.

Why A is correct: A change set computes the difference between the running stack and the proposed template and lists every resource with its action and whether a replacement is required, so the team can confirm the database will not be replaced and obtain sign-off before executing anything.

Why B is wrong: Rollback triggers act only after the update has already started executing and a resource may have been replaced, so the change is applied first rather than previewed, which fails the requirement to see the impact before anything runs.

Why C is wrong: Termination protection only blocks stack deletion and drift detection compares deployed resources to the template after the fact, so neither previews the pending update or shows planned replacements before execution.

Why D is wrong: Template validation checks only syntax and structure and never compares against the deployed stack, so it cannot reveal that the instance-class change would force a replacement of the live database.

Other domains in this exam

Design Solutions for Organizational Complexity26% of the exam
Continuous Improvement for Existing Solutions25% of the exam
Accelerate Workload Migration and Modernization20% of the exam

See also the SAP-C02 cert hub, the study guide, and the cheat sheet.