SOA-C03 Security and Compliance Guide

AWS SOA-C03 security guide covering IAM, auditing, encryption, secrets, and compliance decisions.

Security on SOA-C03 stays operational. AWS expects CloudOps engineers to implement controls, audit access, manage multi-account security, protect data, and remediate findings without confusing those responsibilities with deep security architecture design.

Current weight in the exam guide

AWS currently weights Security and Compliance at 16% of scored content.

Work this domain in order

Lesson	Focus
4.1 IAM, Auditing & Multi-Account Security	Learn how AWS expects operators to implement and audit identity controls, account boundaries, and compliance guardrails.
4.2 Encryption, Secrets & Findings	Learn how data protection, secrets management, and security finding remediation work in day-two operations.

Fast routing inside this chapter

If the question is really about…	Go first to…
IAM, MFA, federation, policy conditions, CloudTrail, Access Analyzer, or multi-account compliance strategy	4.1 IAM, Auditing & Multi-Account Security
KMS, ACM, encryption, secrets storage, Security Hub, GuardDuty, Config, or Inspector findings	4.2 Encryption, Secrets & Findings

What strong answers usually do

choose the narrowest secure operational control that solves the problem
separate audit and access-review tools from enforcement tools
recognize that compliance guardrails and data protection are related but different lanes
treat remediation of findings as ongoing operational work, not one-time setup

In this section

SOA-C03 IAM, Auditing, and Multi-Account Controls Guide
Study SOA-C03 IAM, Auditing, and Multi-Account Controls: key concepts, common traps, and exam decision cues.
SOA-C03 Encryption, Secrets, and Data Protection Guide
Study SOA-C03 Encryption, Secrets, and Data Protection: key concepts, common traps, and exam decision cues.

Revised on Sunday, May 10, 2026

3. Provisioning & Automation

5. Networking & Delivery