AWS Solutions Architect SAA-C03 Certification Exam Note # 2 (Setting Up Your New AWS Free Tier Account)

AWS Solutions Architect SAA-C03 Exam Note # 2 (Setting Up Your AWS Free Tier Account) by Tim Layton
Tim Layton Photo

I am writing detailed notes as I prepare for the brand new AWS Solutions Architect Exam SAA-C03 exam.

I start from the very beginning and take a step-by-step approach so you can easily follow along.

In the first few notes, I make sure you get set up for success, and then we dive into Identity and Access Management and keep moving forward into more complex topics.

You can find all of my study notes on my AWS Solutions Architect SAA-C03 Home Page and follow along or use the information as a study aide to help you in your exam preparation.

You can connect with me on LinkedIn to network and be up to date on my latest cloud security thoughts.


I will walk you through the entire process of setting up your new AWS free tier account that you should use to study and get some hands-on skills.

What You Will Need:

  • Unique email address or dynamic alias i.e.,
  • Credit card (for overage charges) – I will help you set up a billing alarm, so you don’t get any surprise charges on your credit card. 
  • Mobile phone to receive an SMS verification text message.  I also strongly recommend that you use MFA on your privileged account and NEVER use your root account. I will help you set up MFA on your mobile device in a future article.
  • AWS Account Name and alias


Go to the AWS home page to start the process of setting up your AWS free tier account

Click on the “Create an AWS Account” in the upper right corner of your browser as shown in the graphic directly below.

You will be taken to the signup form as shown below. 

Now, you will supply your unique email address that is used as your root account that governs and controls your account.  You need to click on the “Verify email address” button and enter the code AWS emailed you to verify your account. 

For example, and my AWS account could be something like SAA-C03 Study Acct. 

You will also enter your AWS account name before being allowed to move forward.  You can change your account name and alias later if you want or need to do that and I will cover how to do that in a future article.

After your email account has been verified, you will enter your root account password. 

Your password must be at least 8 characters long and include at least 3 of the following: upper case letters, lower case letters, numbers, and non-alphanumeric numbers.

I strongly suggest using a random password generator and making it at least 24 characters or more. This is your root account, and if it is compromised, that would be your worst nightmare. I will cover how to properly secure your root account in detail in a future article.

Next, you will need to enter your full name, address, and mobile phone number.  You will also need to check the acknowledgment box at the bottom of the form.

Next, you will provide your credit card information. 

Next, you will need to verify your identity via your mobile device via an SMS text message or voice code. 

Now you will verify your identity by entering the SMS or voice code. 

Now you will select a support plan to complete your new account registration. 

If everything is successful, you should be taken to the Success Screen.

In the next lesson, I will walk you through how to configure your new account: 

  • Configure account alias 
  • Enable access to billing for IAM users 
  • Update your billing preferences
  • Set up a billing alarm based on your threshold


The AWS Certifications page has detailed information about the entire AWS suite of exams and certifications.

You can follow along with my notes below in order to help prepare yourself for the difficult SAA-C03 exam. You must already possess the AWS Certified Cloud Practitioner foundational certification or else you will be lost and likely fail the exam.

No matter how you study and prepare for the exam, I strongly suggest that you take the free 3-hour exam prep course that is available for free directly from AWS. My suggestion is to make this the last thing you do before you think you are ready to take the exam. If you don’t feel confident in the materials presented during this training, go back and study your weak areas before attempting the exam.

Tim Layton specializes in demystifying the complexities and technical jargon associated with cloud computing security and risk management for business stakeholders across the enterprise. Tim is a cloud security thought leader defining actionable and defensible strategies to help enterprise stakeholders make risk-based decisions and prioritize investments in the new digital frontier.

Stay Connected With Tim Layton



Get My Free Cloud Security Risk Management Journal


Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service. (NIST 800–30)

Threat: a potential cause of an unwanted incident that can result in harm to a system or organization. (ISO 27001)

Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. (NIST 800–30)

Vulnerability: weakness of an asset or control that can be exploited by one or more threats. (ISO 27001)

Likelihood: A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or a set of vulnerabilities. (NIST 800–30)

Likelihood: chance of something happening. (ISO 27001)

Risk: A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. (NIST 800–30)

Risk: effect of uncertainty on objectives. (ISO 27001)

Security Controls: The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. (NIST 800–30)

Compensating Security Control: A management, operational, and/or technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system. (NIST 800–30)

Impact Level: The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability. (NIST 800–30)

Residual Risk: A portion of risk remaining after security measures have been applied. (NIST 800–30)

Security Posture: The security status of an enterprise’s networks, information, and systems based on information assurance resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes. (NIST 800–30)

Get My Free Cloud Security Risk Management Journal

Tim Layton

Tim Layton

Get Tim Layton's Free Cloud Security Journal so you can remain current with the latest cloud security trends and updates. Tim is a cloud security thought leader defining actionable and defensible strategies to help organization's make risk-based decisions and prioritize investments.

Recommended Articles