AWS Certified Developer — Associate (DVA-C02)

A documentation-first study guide. AWS writes the exam from its own documentation, so reading the docs is the highest-leverage thing you can do. This guide is a curated index into the canonical references, FAQs, and a selection of whitepapers — organised around the four exam domains, not around services.

Maps to the published AWS Certified Developer — Associate (DVA-C02) exam guide. Domain weights and task statements are quoted from that PDF.

About the exam

Current exam code: DVA-C02 (released February 2023, exam guide v2.1 updated December 2024). No C03 announcement as of May 2026.

Format: 65 questions (50 scored + 15 unscored) · 130 minutes · $150 USD · scaled score 100–1000, pass at 720.

The four domains:

Domain 1 — Development with AWS Services — 32%
Domain 2 — Security — 26%
Domain 3 — Deployment — 24%
Domain 4 — Troubleshooting and Optimization — 18%

Primary official sources (bookmark these):

Whitepapers worth reviewing:

AWS Well-Architected Framework — foundational thinking for all AWS exams.
Practicing Continuous Integration and Continuous Delivery on AWS — covers CI/CD pipelines, CodePipeline, CodeBuild, CodeDeploy.
Introduction to DevOps on AWS — context for the deployment domain.
Serverless Applications Lens — Lambda, API Gateway, Step Functions patterns.

Priority tiers: The published domain weights (32/26/24/18) tell you how the exam is balanced across the four domains, but they don’t tell you that within each domain a handful of services account for most of the questions. Every section in this guide carries a tier badge based on triangulating the AWS exam guide, the experience reports of recent test takers, and the patterns that appear in the practice-exam community:

★★★ Core Heavily tested. Multiple questions will lean on this. Spend hours, not minutes — if you don’t know it well, you fail.
★★ Important Reliably tested, usually one or two questions. Read every linked page in the section, do the FAQ, understand the comparison points. A few hours per topic.
★ Light Known to appear, but typically as one distinguishing question or as wrong-answer distractors. Skim the docs, learn the one-line distinction, move on. Twenty minutes to an hour.

For an 8–12 week prep cycle the rough split that the data supports is about 60% of your time on Core topics, 30% on Important, and 10% on Light. The biggest single concentration of questions across the whole exam is the cluster around Lambda + API Gateway + DynamoDB + S3 + IAM + SQS/SNS + CodePipeline/CodeBuild/CodeDeploy — know those cold and you have the foundation of a pass.

How to use this guide:

Each section opens with a one-paragraph summary explaining what to focus on, then has up to three link sections: Core docs (user/developer guides — the canonical reference), FAQ (exam writers love edge cases from FAQs — do not skip), and Deeper reading (whitepapers, blog posts, re:Post articles).
If a link 404s, AWS has reorganised the docs. Search the page title to find the new location — the content almost always still exists.
The What’s New feed is worth a weekly scan in the last month before your exam; the exam lags new features by ~12 months but recent launches are a good prompt to revisit older chapters.

Part I — Domain 1: Development with AWS Services (32%)

The largest domain by weight. This is the core developer skillset — building applications on compute, storage, and database services using AWS SDKs and APIs.

Chapter 1 — Serverless compute

Maps to Task Statement 1.1 — Develop code for applications hosted on AWS

Knowledge of:

Architectural patterns (for example, event-driven, microservices, monolithic, choreography, orchestration, fanout)
Idempotency
Differences between stateful and stateless concepts
Differences between tightly coupled and loosely coupled components
Fault-tolerant design patterns (for example, retries with exponential backoff and jitter, dead-letter queues)
Differences between synchronous and asynchronous patterns

Skills in:

Creating fault-tolerant and resilient applications in a programming language (for example, Java, C#, Python, JavaScript, TypeScript, Go)
Creating, extending, and maintaining APIs (for example, response/request transformations, enforcing validation rules, overriding status codes)
Writing and running unit tests in development environments (for example, using AWS SAM)
Writing code to use messaging services
Writing code that interacts with AWS services by using APIs and AWS SDKs
Handling data streaming by using AWS services

1.1 AWS Lambda ★★★ Core

Lambda is the most heavily tested service on the DVA-C02. Know the execution model (cold starts, concurrency, provisioned concurrency), handler patterns, environment variables, layers, permissions (execution role vs resource-based policies), and integration patterns with API Gateway, S3, SQS, DynamoDB Streams. Expect 8-12 questions directly or indirectly involving Lambda.

Core docs

What is AWS Lambda? — service overview and core concepts
Lambda execution environment — lifecycle phases, cold starts, /tmp storage
Lambda function handlers — handler signature, context object, return values
Environment variables — configuration without code changes, KMS encryption
Lambda layers — shared code/dependencies across functions
Lambda concurrency — reserved vs unreserved, account limits, throttling
Provisioned concurrency — eliminate cold starts for latency-sensitive workloads
Lambda permissions model — execution role vs resource-based policies
Using Lambda with SQS — batch size, visibility timeout, partial batch responses
Using Lambda with DynamoDB Streams — event source mapping, batch processing
Lambda SnapStart — Java cold start optimization via cached snapshots
Lambda function URLs — HTTPS endpoints without API Gateway
Lambda versioning and aliases — immutable versions, traffic shifting with aliases

FAQ

AWS Lambda FAQ

Deeper reading

Best practices for working with AWS Lambda functions — performance, security, and cost optimization patterns
AWS Lambda Power Tuning — right-size memory for cost/performance balance

1.2 Amazon API Gateway ★★★ Core

API Gateway is the front door for serverless applications. Know REST vs HTTP vs WebSocket APIs, integration types (Lambda proxy vs non-proxy, HTTP, Mock), stages and deployments, authorizers (IAM, Cognito, Lambda), throttling and quotas, and caching. Expect 3-5 questions.

Core docs

What is Amazon API Gateway? — managed API service overview
Choosing between REST APIs and HTTP APIs — feature comparison, HTTP APIs are cheaper/faster
API Gateway integration types — Lambda, HTTP, Mock, AWS service integrations
Lambda proxy integration — pass full request to Lambda, no mapping templates
Deploying a REST API — stages, deployments, canary releases
Stages and stage variables — environment-specific configuration (dev/prod)
Controlling access to REST APIs — IAM, Cognito, Lambda authorizers
API Gateway throttling — rate limits, burst limits, usage plans
API Gateway caching — reduce backend calls, TTL, cache invalidation
WebSocket APIs — real-time two-way communication
Request validation — validate before reaching backend
Mapping templates — transform requests/responses with VTL

FAQ

Amazon API Gateway FAQ

Chapter 2 — Traditional compute

Maps to Task Statement 1.1 — Develop code for applications hosted on AWS

Knowledge of:

Architectural patterns (for example, event-driven, microservices, monolithic, choreography, orchestration, fanout)
Idempotency
Differences between stateful and stateless concepts
Differences between tightly coupled and loosely coupled components
Fault-tolerant design patterns (for example, retries with exponential backoff and jitter, dead-letter queues)
Differences between synchronous and asynchronous patterns

Skills in:

Creating fault-tolerant and resilient applications in a programming language (for example, Java, C#, Python, JavaScript, TypeScript, Go)
Creating, extending, and maintaining APIs (for example, response/request transformations, enforcing validation rules, overriding status codes)
Writing and running unit tests in development environments (for example, using AWS SAM)
Writing code to use messaging services
Writing code that interacts with AWS services by using APIs and AWS SDKs
Handling data streaming by using AWS services

2.1 Amazon EC2 for developers ★★ Important

While serverless dominates DVA-C02, you still need EC2 fundamentals. Know instance metadata service (IMDS v1 vs v2), user data scripts, IAM roles for EC2 (instance profiles), and how to retrieve credentials from the instance. Expect 1-2 questions.

Core docs

What is Amazon EC2? — virtual server fundamentals
Instance metadata and user data — retrieve instance info at 169.254.169.254
IMDSv2 (Instance Metadata Service Version 2) — session tokens protect against SSRF
IAM roles for EC2 — instance profiles, never embed credentials
Running commands on your Linux instance at launch — bootstrap scripts, runs as root
Instance types — compute/memory/storage optimized families

FAQ

Amazon EC2 FAQ

2.2 AWS Elastic Beanstalk ★★ Important

Beanstalk is a PaaS. Know deployment policies (All at once, Rolling, Rolling with additional batch, Immutable, Traffic splitting), .ebextensions for customization, environment tiers (Web server vs Worker), and how to deploy Docker containers. Expect 1-2 questions.

Core docs

What is AWS Elastic Beanstalk? — PaaS for deploying web applications
Deployment policies — All at once, Rolling, Immutable, Traffic splitting
Configuration files (.ebextensions) — YAML config in .ebextensions/ folder
Worker environments — process SQS messages, not HTTP requests
Deploying Docker containers — single or multi-container with ECS
Environment manifest (env.yaml) — define environment settings in code
Saved configurations — reusable environment configurations

FAQ

AWS Elastic Beanstalk FAQ

Chapter 3 — Data stores: NoSQL

Maps to Task Statement 1.2 — Develop code that uses AWS services for data stores

Knowledge of:

Serialization and deserialization
Caching strategies
Amazon DynamoDB keys and indexing
Data lifecycle management

Skills in:

Serializing and deserializing data to provide persistence to a data store
Connecting to data stores
Writing to data stores
Reading from data stores
Managing caching strategies

3.1 Amazon DynamoDB ★★★ Core

DynamoDB is heavily tested. Know partition keys vs sort keys, query vs scan, secondary indexes (GSI vs LSI), provisioned vs on-demand capacity, DynamoDB Streams, and TTL. Understand conditional writes, optimistic locking with version numbers, transactions, and the DynamoDB SDK patterns (DocumentClient). Expect 5-8 questions.

Core docs

What is Amazon DynamoDB? — fully managed NoSQL database
Core components of DynamoDB — tables, items, attributes, primary keys
Partition keys and sort keys — key design determines data distribution
Working with queries — efficient reads using partition key
Working with scans — full table reads, avoid in production
Global secondary indexes — alternate partition/sort keys, created anytime
Local secondary indexes — alternate sort key, must create at table creation
Read/write capacity modes — provisioned vs on-demand, RCU/WCU calculations
DynamoDB Streams — capture item-level changes, trigger Lambda
Conditional writes — optimistic locking, idempotent operations
Time to Live (TTL) — automatic item expiration at no cost
DynamoDB transactions — ACID across multiple items/tables
PartiQL for DynamoDB — SQL-compatible query language
DynamoDB Accelerator (DAX) — in-memory caching, microsecond reads

FAQ

Amazon DynamoDB FAQ

Deeper reading

Best practices for DynamoDB — partition key design, avoiding hot partitions
DynamoDB single-table design — advanced modeling patterns

3.2 Amazon ElastiCache ★★ Important

Know ElastiCache for caching patterns. Understand Redis vs Memcached, caching strategies (lazy loading, write-through), and common use cases (session stores, leaderboards). Know when to use ElastiCache vs DAX. Expect 1-2 questions.

Core docs

What is Amazon ElastiCache? — managed in-memory data store
Comparing Memcached and Redis — Redis for persistence/features, Memcached for simple caching
Caching strategies — lazy loading vs write-through patterns
ElastiCache for Redis — replication, clustering, persistence
ElastiCache for Memcached — multi-threaded, no persistence

FAQ

Amazon ElastiCache FAQ

Chapter 4 — Data stores: Relational

Maps to Task Statement 1.2 — Develop code that uses AWS services for data stores

Knowledge of:

Serialization and deserialization
Caching strategies
Amazon DynamoDB keys and indexing
Data lifecycle management

Skills in:

Serializing and deserializing data to provide persistence to a data store
Connecting to data stores
Writing to data stores
Reading from data stores
Managing caching strategies

4.1 Amazon RDS ★★ Important

Know RDS fundamentals from a developer perspective. Understand connection pooling (RDS Proxy), read replicas for read scaling, Multi-AZ for high availability, and IAM database authentication. Expect 1-2 questions.

Core docs

What is Amazon RDS? — managed relational database service
RDS Proxy — connection pooling for serverless, reduces failover time
Working with read replicas — scale reads, cross-region replication
Multi-AZ deployments — synchronous standby for high availability
IAM database authentication — token-based auth, no passwords in code
Managing connections with RDS Proxy — essential for Lambda database access

FAQ

Amazon RDS FAQ

4.2 Amazon Aurora ★ Light

Know Aurora’s developer-relevant features: Aurora Serverless v2 for variable workloads, reader endpoints for read scaling, and Data API for serverless access without connection management. Usually appears as a comparison with RDS.

Core docs

What is Amazon Aurora? — MySQL/PostgreSQL compatible, 5x throughput
Aurora Serverless v2 — auto-scales capacity, pay per ACU-second
Aurora connection management — cluster, reader, custom endpoints
Using RDS Data API — HTTP-based access without connection management

FAQ

Amazon Aurora FAQ

Chapter 5 — Object and file storage

Maps to Task Statement 1.2 — Develop code that uses AWS services for data stores

Knowledge of:

Serialization and deserialization
Caching strategies
Amazon DynamoDB keys and indexing
Data lifecycle management

Skills in:

Serializing and deserializing data to provide persistence to a data store
Connecting to data stores
Writing to data stores
Reading from data stores
Managing caching strategies

5.1 Amazon S3 ★★★ Core

S3 fundamentals are tested across multiple domains. Know bucket policies vs ACLs, pre-signed URLs (for both upload and download), S3 event notifications, storage classes, versioning, encryption options (SSE-S3, SSE-KMS, SSE-C), and multipart uploads. Expect 3-5 questions.

Core docs

What is Amazon S3? — object storage with 11 9s durability
Bucket policies — resource-based access control
Pre-signed URLs — time-limited access for upload/download
Amazon S3 event notifications — trigger Lambda, SQS, SNS on object changes
Storage classes — Standard, IA, Glacier tiers for cost optimization
Using versioning — preserve all versions, protect against accidental deletes
Protecting data with encryption — SSE-S3, SSE-KMS, SSE-C options
Multipart upload — required for files >5GB, recommended >100MB
S3 Transfer Acceleration — fast uploads via CloudFront edge locations
S3 Select — query CSV/JSON/Parquet without downloading entire object
Cross-origin resource sharing (CORS) — enable browser-based uploads

FAQ

Amazon S3 FAQ

5.2 Amazon EBS ★ Light

Know EBS basics for EC2 applications: volume types (gp3, io2, st1, sc1), snapshots, and encryption. Usually appears in context of EC2 workloads.

Core docs

Amazon EBS volumes — block storage attached to EC2
EBS volume types — gp3 default, io2 for high IOPS, st1/sc1 for throughput
EBS snapshots — incremental backups to S3, cross-region copy
EBS encryption — KMS-based, no performance impact

FAQ

Amazon EBS FAQ

5.3 Amazon EFS ★ Light

Know EFS as shared file storage for multiple EC2 instances or Lambda functions. Understand mount targets, access points, and Lambda integration.

Core docs

What is Amazon EFS? — serverless, elastic file system
How Amazon EFS works — mount targets, NFS protocol
Using EFS with Lambda — shared storage for serverless functions
EFS access points — enforce user identity, root directory

FAQ

Amazon EFS FAQ

Part II — Domain 2: Security (26%)

Security is woven through everything. The exam tests your ability to implement authentication, authorisation, and encryption in application code.

Chapter 6 — Identity and access management

Maps to Task Statement 2.1 — Implement authentication and/or authorization for applications and AWS services

Knowledge of:

Federated access and identity providers (for example, Security Assertion Markup Language [SAML], OpenID Connect [OIDC])
Caching sessions and credentials
Token-based authorization (for example, JSON Web Token [JWT])
Amazon Cognito user pools and identity pools
How to use AWS managed policies and customer-managed policies

Skills in:

Using an identity provider to implement federated access (for example, Amazon Cognito, AWS Identity and Access Management [IAM])
Securing applications by using bearer tokens
Configuring programmatic access to AWS
Making authenticated calls to AWS services
Assuming an IAM role
Defining permissions for principals

6.1 IAM for developers ★★★ Core

Know IAM policies deeply — identity-based vs resource-based, policy evaluation logic, and the explicit deny → explicit allow → implicit deny order. Understand IAM roles for Lambda, EC2, and ECS. Know when to use STS AssumeRole. Expect 3-5 questions.

Core docs

What is IAM? — identity and access management fundamentals
Policies and permissions — JSON policy structure, Effect/Action/Resource
Identity-based vs resource-based policies — who can do what vs who can access this
Policy evaluation logic — explicit deny → explicit allow → implicit deny
IAM roles — temporary credentials, trust policies
Using temporary credentials with AWS resources — SDK credential provider chain
IAM policy conditions — restrict by IP, time, MFA, tags
Permissions boundaries — cap maximum permissions for IAM entities

FAQ

AWS IAM FAQ

6.2 AWS STS ★★ Important

Know STS for temporary credentials. Understand AssumeRole, AssumeRoleWithWebIdentity (for mobile/web apps), and GetSessionToken. Know how Lambda and EC2 automatically retrieve temporary credentials.

Core docs

AWS Security Token Service — issue temporary credentials
Requesting temporary security credentials — STS API operations overview
AssumeRole — cross-account access, service roles
AssumeRoleWithWebIdentity — federated login for mobile/web apps
Using temporary credentials with AWS SDKs — automatic credential refresh

6.3 Amazon Cognito ★★★ Core

Cognito is heavily tested for user authentication. Know user pools (sign-up/sign-in, JWT tokens) vs identity pools (federated identities, temporary AWS credentials). Understand hosted UI, custom attributes, triggers (Lambda), and token handling. Expect 3-5 questions.

Core docs

What is Amazon Cognito? — user authentication for web/mobile apps
User pools — sign-up/sign-in, returns JWT tokens
Identity pools (federated identities) — exchange tokens for temporary AWS credentials
User pool tokens — ID token, access token, refresh token
Lambda triggers — customize auth flows with pre/post hooks
Using Cognito with API Gateway — Cognito authorizer validates JWT tokens
Cognito hosted UI — pre-built sign-up/sign-in pages

FAQ

Amazon Cognito FAQ

Chapter 7 — Encryption and secrets

Maps to Task Statement 2.2 — Implement encryption by using AWS services

Knowledge of:

Encryption at rest and in transit
Certificate management (for example, AWS Private Certificate Authority)
Key protection (for example, key rotation)
Differences between client-side encryption and server-side encryption
Differences between AWS managed keys and customer-managed keys

Skills in:

Using encryption keys to encrypt or decrypt data
Generating certificates and SSH keys for development purposes
Using encryption across account boundaries
Enabling and disabling key rotation

7.1 AWS KMS ★★ Important

Know the difference between AWS managed keys, customer managed keys (CMKs), and data keys. Understand envelope encryption, key policies, and how KMS integrates with S3, DynamoDB, and Lambda environment variables. Expect 2-3 questions.

Core docs

What is AWS KMS? — managed key storage and cryptographic operations
AWS KMS keys — AWS managed vs customer managed keys
Envelope encryption — encrypt data key with KMS key, encrypt data with data key
Key policies — required for all KMS keys, defines key administrators/users
Encrypting Lambda environment variables — default encryption plus helpers for decryption
Using KMS with S3 — SSE-KMS encryption for objects
AWS Encryption SDK — client-side encryption library

FAQ

AWS KMS FAQ

7.2 AWS Secrets Manager ★★ Important

Know when to use Secrets Manager (automatic rotation, RDS/Redshift/DocumentDB credentials) vs Parameter Store. Understand how to retrieve secrets in Lambda and the rotation Lambda pattern. Expect 1-2 questions.

Core docs

What is AWS Secrets Manager? — store and rotate database credentials, API keys
Secrets Manager automatic rotation — built-in for RDS, Redshift, DocumentDB
Retrieving secrets — SDK and CLI access patterns
Using Secrets Manager with Lambda — cache secrets, use Lambda extension

FAQ

AWS Secrets Manager FAQ

7.3 AWS Systems Manager Parameter Store ★★ Important

Know Parameter Store for configuration and secrets. Understand parameter tiers (Standard vs Advanced), SecureString encryption with KMS, hierarchical parameters, and integration with Lambda. Often compared to Secrets Manager.

Core docs

AWS Systems Manager Parameter Store — configuration storage, free tier available
Parameter Store parameter tiers — Standard (4KB free) vs Advanced (8KB paid)
SecureString parameters — KMS-encrypted values
Parameter hierarchies — organize with paths like /app/prod/db-password
Parameter Store vs Secrets Manager — Secrets Manager for rotation, Parameter Store for config

Chapter 8 — Application security

Maps to Task Statement 2.3 — Manage sensitive data in application code

Knowledge of:

Data classification (for example, personally identifiable information [PII], protected health information [PHI])
Environment variables
Secrets management (for example, AWS Secrets Manager, AWS Systems Manager Parameter Store)
Secure credential handling

Skills in:

Encrypting environment variables that contain sensitive data
Using secret management services to secure sensitive data
Sanitizing sensitive data

8.1 AWS WAF ★ Light

Know WAF basics for protecting web applications. Understand web ACLs, managed rule groups, rate-based rules, and integration with API Gateway, CloudFront, and ALB. Usually one question.

Core docs

What is AWS WAF? — web application firewall for Layer 7 protection
Web ACLs — rules container, attached to CloudFront/ALB/API Gateway
Managed rule groups — pre-built rules for common threats (OWASP, IP reputation)
Rate-based rules — block IPs exceeding request threshold
Using WAF with API Gateway — protect REST APIs

FAQ

AWS WAF FAQ

Part III — Domain 3: Deployment (24%)

CI/CD pipelines and deployment strategies. Know the AWS developer tools suite cold.

Chapter 9 — CI/CD services

Maps to Task Statement 3.1 — Prepare application artifacts to be deployed to AWS

Knowledge of:

Ways to access application configuration data (for example, AWS AppConfig, Secrets Manager, Parameter Store)
Lambda deployment packaging, layers, and configuration options
Git-based version control tools (for example, Git, AWS CodeCommit)
Container images

Skills in:

Managing the dependencies of the code module (for example, environment variables, configuration files, container images) within the package
Organizing files and a directory structure for application deployment
Using code repositories in deployment environments
Applying application requirements for resources (for example, memory, cores)

9.1 AWS CodePipeline ★★★ Core

CodePipeline orchestrates CI/CD. Know stages, actions, artifacts, and how to integrate CodeCommit, CodeBuild, CodeDeploy, and third-party tools. Understand manual approval actions, cross-region deployments, and pipeline triggers. Expect 2-4 questions.

Core docs

What is AWS CodePipeline? — continuous delivery orchestration
Pipeline structure — stages, actions, transitions
Action types — Source, Build, Test, Deploy, Approval, Invoke
Working with artifacts — S3-backed input/output between stages
Manual approval actions — human gate before production
Cross-region actions — deploy to multiple regions
Triggers and webhooks — start pipelines on code changes

FAQ

AWS CodePipeline FAQ

9.2 AWS CodeBuild ★★★ Core

CodeBuild runs your builds. Know buildspec.yml structure (phases, artifacts, cache), environment variables (plaintext vs Parameter Store vs Secrets Manager), build environment images, and how to store build output. Expect 2-3 questions.

Core docs

What is AWS CodeBuild? — managed build service, compiles and tests code
Build specification reference — buildspec.yml phases: install, pre_build, build, post_build
Build environment compute types — small to 2xlarge, ARM and GPU options
Environment variables — plaintext, Parameter Store, or Secrets Manager
Build caching — S3 or local cache for dependencies
Docker images in CodeBuild — build and push container images
VPC support in CodeBuild — access private resources during builds

FAQ

AWS CodeBuild FAQ

9.3 AWS CodeDeploy ★★★ Core

CodeDeploy handles deployments to EC2, Lambda, and ECS. Know deployment configurations (AllAtOnce, HalfAtATime, OneAtATime, Canary, Linear), appspec.yml structure, lifecycle hooks, and rollback triggers. Expect 2-4 questions.

Core docs

What is AWS CodeDeploy? — automated deployment to EC2, Lambda, ECS
Deployment configurations — AllAtOnce, HalfAtATime, OneAtATime, Canary, Linear
AppSpec file reference — appspec.yml defines deployment instructions
Lifecycle event hooks — BeforeInstall, AfterInstall, ValidateService
Deployments on Lambda — shift traffic between alias versions
Traffic shifting for Lambda — Canary10Percent5Minutes, Linear10PercentEvery1Minute
Deployments on ECS — Blue/Green with target group switching
Rollbacks — automatic on failure or CloudWatch alarm

FAQ

AWS CodeDeploy FAQ

9.4 AWS CodeArtifact ★ Light

Know CodeArtifact for hosting private package repositories. Understand domains, repositories, upstream repositories, and integration with npm, pip, Maven, NuGet. Typically one question.

Core docs

What is AWS CodeArtifact? — managed artifact repository
CodeArtifact concepts — domains, repositories, packages
Using CodeArtifact with npm — configure npm to use private registry
Using CodeArtifact with pip — configure pip for Python packages
Upstream repositories — chain to public registries (npm, PyPI, Maven Central)

FAQ

AWS CodeArtifact FAQ

Chapter 10 — Infrastructure as code

Maps to Task Statement 3.2 — Test applications in development environments

Knowledge of:

Features in AWS services that perform application deployment
Integration testing that uses mock endpoints
Lambda versions and aliases

Skills in:

Testing deployed code by using AWS services and tools
Performing mock integration for APIs and resolving integration dependencies
Testing applications by using development endpoints (for example, configuring stages in Amazon API Gateway)
Deploying application stack updates to existing environments (for example, deploying an AWS SAM template to a different staging environment)

10.1 AWS CloudFormation ★★ Important

Know CloudFormation basics: template structure (Resources, Parameters, Outputs, Mappings, Conditions), intrinsic functions (Ref, GetAtt, Sub, Join, If), and stack updates. Understand change sets, nested stacks, and cross-stack references. Expect 1-2 questions.

Core docs

What is AWS CloudFormation? — infrastructure as code, declarative templates
Template anatomy — Resources, Parameters, Outputs, Mappings, Conditions
Intrinsic functions — Ref, GetAtt, Sub, Join, If, ImportValue
Change sets — preview changes before updating stacks
Nested stacks — reusable template components
Cross-stack references — Export/ImportValue for sharing outputs

FAQ

AWS CloudFormation FAQ

10.2 AWS SAM ★★ Important

SAM extends CloudFormation for serverless. Know the SAM template structure (Transform, Globals, resource types like AWS::Serverless::Function), sam build, sam deploy, and sam local for testing. Expect 1-2 questions.

Core docs

What is AWS SAM? — CloudFormation extension for serverless
SAM template anatomy — Transform, Globals, serverless resource types
AWS::Serverless::Function — Lambda with simplified syntax
AWS::Serverless::Api — API Gateway REST API shorthand
sam build — compile code and prepare deployment artifacts
sam deploy — deploy to AWS via CloudFormation
sam local — test Lambda and API Gateway locally
SAM policy templates — pre-built IAM policies (DynamoDBCrudPolicy, S3ReadPolicy)

FAQ

AWS SAM FAQ

10.3 AWS CDK ★★ Important

Know CDK as infrastructure as code using familiar programming languages (TypeScript, Python, Java, C#). Understand constructs (L1, L2, L3), stacks, apps, and how CDK synthesizes to CloudFormation. Expect 1 question.

Core docs

What is the AWS CDK? — define infrastructure in TypeScript, Python, Java, C#
CDK concepts — apps, stacks, constructs hierarchy
Constructs — L1 (CFN), L2 (defaults), L3 (patterns)
Stacks — unit of deployment, maps to CloudFormation stack
cdk synth and cdk deploy — generate template and deploy
CDK Pipelines — self-mutating CI/CD pipeline

FAQ

AWS CDK FAQ

10.4 AWS Amplify ★ Light

Know Amplify for full-stack web and mobile app development. Understand Amplify Hosting (CI/CD for frontends), Amplify Studio, and the Amplify libraries for authentication, API, and storage. Usually one question.

Core docs

What is AWS Amplify? — full-stack web and mobile development platform
Amplify Hosting — CI/CD for static sites and SSR apps
Amplify Libraries — frontend SDKs for Auth, Storage, API
Amplify authentication — Cognito-backed auth with pre-built UI
Amplify API (GraphQL and REST) — AppSync and API Gateway integration

FAQ

AWS Amplify FAQ

Part IV — Domain 4: Troubleshooting and Optimization (18%)

The smallest domain but tests real-world skills. Know your observability tools.

Chapter 11 — Monitoring and logging

Maps to Task Statement 4.1 — Assist in a root cause analysis

Knowledge of:

Logging and monitoring systems (for example, Amazon CloudWatch, AWS X-Ray)
Languages for log queries (for example, Amazon CloudWatch Logs Insights)
Data visualizations (for example, Amazon CloudWatch dashboards, Amazon QuickSight)
Code analysis tools

Skills in:

Debugging code to identify defects
Interpreting application metrics, logs, and traces
Querying logs to find relevant data
Implementing custom metrics
Reviewing application health by using dashboards and insights

11.1 Amazon CloudWatch ★★★ Core

CloudWatch is essential for all troubleshooting. Know metrics vs logs vs alarms, log groups/streams, CloudWatch Logs Insights queries, metric filters, and embedded metric format. Understand Lambda logging patterns and structured logging. Expect 3-5 questions.

Core docs

What is Amazon CloudWatch? — monitoring and observability service
CloudWatch concepts — namespaces, metrics, dimensions, statistics
CloudWatch Logs — log groups, streams, retention
CloudWatch Logs Insights — SQL-like queries for log analysis
Metric filters — extract metrics from log patterns
CloudWatch alarms — alert on metric thresholds
CloudWatch embedded metric format — emit metrics in JSON log output
Custom metrics — publish application-specific metrics via PutMetricData
CloudWatch dashboards — visualize metrics across resources

FAQ

Amazon CloudWatch FAQ

11.2 AWS X-Ray ★★ Important

X-Ray provides distributed tracing. Know segments, subsegments, annotations vs metadata, sampling rules, and the X-Ray SDK. Understand how to trace Lambda functions, API Gateway requests, and downstream services. Expect 2-3 questions.

Core docs

What is AWS X-Ray? — distributed tracing for request flows
X-Ray concepts — traces, segments, subsegments overview
Segments and subsegments — track work units, downstream calls
Annotations and metadata — annotations are indexed/searchable, metadata is not
Sampling rules — control trace volume and cost
X-Ray with Lambda — enable active tracing in function config
X-Ray with API Gateway — trace requests through API
X-Ray SDK for Python/Node.js/Java — instrument code for custom subsegments
Service maps — visualize distributed architecture

FAQ

AWS X-Ray FAQ

11.3 AWS CloudTrail ★★ Important

Know CloudTrail for API auditing and security analysis. Understand management events vs data events, trails, log file integrity validation, and CloudTrail Insights. Expect 1-2 questions.

Core docs

What is AWS CloudTrail? — API activity logging for security and compliance
CloudTrail concepts — events, trails, event history
Management events vs data events — control plane vs data plane operations
CloudTrail Insights — detect unusual API activity
Log file integrity validation — detect tampering with digest files

FAQ

AWS CloudTrail FAQ

11.4 Amazon Q Developer ★★ Important

Added to the exam in December 2024 (v2.1). Know what Amazon Q Developer does (AI-powered coding assistant), how it integrates with IDEs, and its capabilities for code generation, debugging, optimization, and automated test generation. Expect 1-2 questions.

Core docs

What is Amazon Q Developer? — AI coding assistant for AWS
Setting up Amazon Q Developer — IDE integrations (VS Code, JetBrains, CLI)
Code generation and suggestions — real-time inline completions
Using Amazon Q for troubleshooting — debug errors, explain code
Security scanning — detect vulnerabilities in code
Test generation — auto-generate unit tests

FAQ

Amazon Q Developer FAQ

Chapter 12 — Configuration and management

Maps to Task Statement 4.2 — Instrument code for observability

Knowledge of:

Distributed tracing
Differences between logging, monitoring, and observability
Structured logging
Application metrics (for example, custom, embedded, built-in)

Skills in:

Implementing an effective logging strategy to record application behavior and state
Implementing code that emits custom metrics
Adding annotations for tracing services
Implementing notification alerts for specific actions (for example, notifications about quota limits or deployment completions)
Implementing tracing by using AWS services and tools

12.1 AWS AppConfig ★ Light

Know AppConfig for dynamic configuration management. Understand deployment strategies, feature flags, configuration profiles, and validators. Often compared to Parameter Store and Secrets Manager.

Core docs

What is AWS AppConfig? — deploy configuration changes safely
AppConfig concepts — applications, environments, configuration profiles
Deployment strategies — gradual rollout with automatic rollback
Feature flags — toggle features without deployments
Using AppConfig with Lambda — Lambda extension caches configuration

12.2 AWS Systems Manager ★ Light

Beyond Parameter Store, know Run Command for executing commands across EC2 fleets, Session Manager for secure shell access, and Patch Manager. Developer-relevant for managing application environments.

Core docs

What is AWS Systems Manager? — operational management for AWS resources
Run Command — execute commands on EC2 without SSH
Session Manager — secure shell access without bastion hosts
Patch Manager — automate OS and application patching
Automation — runbooks for common operational tasks

FAQ

AWS Systems Manager FAQ

12.3 AWS CLI and SDKs ★★ Important

Know SDK credential resolution order (environment variables → shared credentials file → instance profile), pagination, waiters, and error handling patterns. Understand AWS CloudShell for browser-based CLI access.

Core docs

AWS CLI — command-line interface for AWS services
Configuring the AWS CLI — profiles, regions, output formats
Credential provider chain — env vars → config file → instance profile
AWS SDK for Python (Boto3) — Python library for AWS APIs
AWS SDK for JavaScript — modular v3 SDK for Node.js/browser
Pagination — iterate through large result sets
Waiters — poll until resource reaches desired state
Retry behavior — exponential backoff with jitter
AWS CloudShell — browser-based shell with pre-configured CLI

Chapter 13 — Messaging and event-driven architectures

Maps to Task Statement 1.3 — Implement application-to-application messaging

Knowledge of:

Event-driven and asynchronous application patterns
How to use the pub/sub messaging model
Polling, long polling, and streaming
How to use message queues

Skills in:

Using messaging services (for example, Amazon SQS, Amazon SNS, Amazon EventBridge)
Using event sources for Lambda (for example, Amazon Kinesis, Amazon DynamoDB Streams, Amazon SQS, Amazon SNS)
Integrating Lambda functions with event sources

13.1 Amazon SQS ★★★ Core

SQS is fundamental for decoupling. Know standard vs FIFO queues, visibility timeout, dead-letter queues, long polling, message attributes, and Lambda event source mappings with batch processing. Expect 3-4 questions.

Core docs

What is Amazon SQS? — fully managed message queuing
Standard vs FIFO queues — at-least-once vs exactly-once delivery
Visibility timeout — lock message during processing
Dead-letter queues — capture failed messages for debugging
Short and long polling — long polling reduces costs and latency
Message attributes — metadata without parsing body
Using Lambda with SQS — event source mapping, batch processing
Delay queues — postpone message delivery

FAQ

Amazon SQS FAQ

13.2 Amazon SNS ★★ Important

SNS handles pub/sub messaging. Know topics, subscriptions (Lambda, SQS, HTTP, email, SMS), message filtering, and fan-out patterns with SQS. Understand FIFO topics. Expect 1-2 questions.

Core docs

What is Amazon SNS? — pub/sub messaging for application-to-application
Topics — communication channels for publishers
Subscriptions — Lambda, SQS, HTTP, email, SMS endpoints
Message filtering — route to subscribers based on attributes
Fanout to SQS queues — one message to many queues
FIFO topics — ordered delivery, exactly-once processing
Message attributes — metadata for filtering and processing

FAQ

Amazon SNS FAQ

13.3 Amazon EventBridge ★★ Important

EventBridge is the modern event bus (added emphasis in v2.1). Know event patterns, rules, targets, and the difference from SNS. Understand scheduled rules, schema discovery, and event replay. Expect 1-2 questions.

Core docs

What is Amazon EventBridge? — serverless event bus for AWS and SaaS
Events and event patterns — JSON-based matching for routing
Rules — match events and route to targets
Targets — 20+ AWS services (Lambda, SQS, Step Functions)
Scheduled rules — cron/rate expressions for scheduled tasks
Schema discovery — auto-detect event structure, generate code bindings
Event replay — archive and replay past events
EventBridge Pipes — point-to-point integration with filtering/transformation

FAQ

Amazon EventBridge FAQ

13.4 AWS Step Functions ★★ Important

Step Functions orchestrates workflows. Know standard vs express workflows, state types (Task, Choice, Parallel, Map, Wait), error handling (Retry, Catch), and integration with Lambda. Expect 1-2 questions.

Core docs

What is AWS Step Functions? — visual workflow orchestration
Standard vs Express workflows �� Standard for long-running, Express for high-volume
State types — Task, Choice, Parallel, Map, Wait, Pass, Succeed, Fail
Error handling — Retry with backoff, Catch for fallback
Service integrations — direct calls to 200+ AWS APIs
Map state for iteration — process arrays in parallel or inline
Callback patterns — pause workflow, resume with task token

FAQ

AWS Step Functions FAQ

13.5 AWS AppSync ★★ Important

Know AppSync for managed GraphQL APIs. Understand resolvers, data sources (DynamoDB, Lambda, HTTP), real-time subscriptions, and caching. Often compared to API Gateway for GraphQL use cases.

Core docs

What is AWS AppSync? — managed GraphQL and Pub/Sub APIs
Designing GraphQL APIs — schema definition, types, queries, mutations
Resolvers — connect schema fields to data sources
Data sources — DynamoDB, Lambda, HTTP, RDS, OpenSearch
Real-time data — GraphQL subscriptions via WebSocket
AppSync caching — server-side response caching
Authorization modes — API key, IAM, Cognito, OIDC, Lambda

FAQ

AWS AppSync FAQ

Chapter 14 — Container services

Maps to Task Statement 1.1 — Develop code for applications hosted on AWS

Knowledge of:

Architectural patterns (for example, event-driven, microservices, monolithic, choreography, orchestration, fanout)
Idempotency
Differences between stateful and stateless concepts
Differences between tightly coupled and loosely coupled components
Fault-tolerant design patterns (for example, retries with exponential backoff and jitter, dead-letter queues)
Differences between synchronous and asynchronous patterns

Skills in:

Creating fault-tolerant and resilient applications in a programming language (for example, Java, C#, Python, JavaScript, TypeScript, Go)
Creating, extending, and maintaining APIs (for example, response/request transformations, enforcing validation rules, overriding status codes)
Writing and running unit tests in development environments (for example, using AWS SAM)
Writing code to use messaging services
Writing code that interacts with AWS services by using APIs and AWS SDKs
Handling data streaming by using AWS services

14.1 Amazon ECS ★★ Important

Know ECS fundamentals: task definitions, services, clusters, and Fargate vs EC2 launch types. Understand task IAM roles, service discovery, and Blue/Green deployments with CodeDeploy. Expect 1-2 questions.

Core docs

What is Amazon ECS? — managed container orchestration
Task definitions — container specs, CPU/memory, environment
Services — maintain desired task count, load balancing
AWS Fargate — serverless compute for containers
Task IAM roles — fine-grained permissions per task
Service discovery — Cloud Map integration for DNS-based discovery
Blue/Green deployments — CodeDeploy-managed target group switching

FAQ

Amazon ECS FAQ

14.2 Amazon EKS ★ Light

Know EKS basics: managed Kubernetes control plane, node groups (EC2 vs Fargate), and IAM roles for service accounts (IRSA). Usually appears as a comparison with ECS.

Core docs

What is Amazon EKS? — managed Kubernetes service
Getting started with Amazon EKS — cluster creation and kubectl setup
Managed node groups — AWS-managed EC2 worker nodes
Fargate on EKS — serverless pods without node management
IAM roles for service accounts — pod-level AWS permissions (IRSA)

FAQ

Amazon EKS FAQ

14.3 Amazon ECR ★ Light

ECR stores Docker images. Know how to push/pull images, repository policies, lifecycle policies, image scanning, and cross-region replication. Usually appears alongside ECS/EKS questions.

Core docs

What is Amazon ECR? — managed container registry
Pushing an image — authenticate, tag, docker push
Pulling an image — authenticate and docker pull
Image scanning — detect vulnerabilities on push or scheduled
Lifecycle policies — auto-delete old/untagged images
Repository policies — cross-account image sharing

FAQ

Amazon ECR FAQ

Chapter 15 — Networking for developers

Maps to Task Statement 1.1 — Develop code for applications hosted on AWS

Knowledge of:

Architectural patterns (for example, event-driven, microservices, monolithic, choreography, orchestration, fanout)
Idempotency
Differences between stateful and stateless concepts
Differences between tightly coupled and loosely coupled components
Fault-tolerant design patterns (for example, retries with exponential backoff and jitter, dead-letter queues)
Differences between synchronous and asynchronous patterns

Skills in:

Creating fault-tolerant and resilient applications in a programming language (for example, Java, C#, Python, JavaScript, TypeScript, Go)
Creating, extending, and maintaining APIs (for example, response/request transformations, enforcing validation rules, overriding status codes)
Writing and running unit tests in development environments (for example, using AWS SAM)
Writing code to use messaging services
Writing code that interacts with AWS services by using APIs and AWS SDKs
Handling data streaming by using AWS services

15.1 Amazon VPC essentials ★ Light

Know VPC basics relevant to developers: subnets (public vs private), security groups vs NACLs, NAT gateways for Lambda/Fargate in private subnets, and VPC endpoints for accessing AWS services privately.

Core docs

What is Amazon VPC? — isolated network in AWS
Subnets — public (IGW route) vs private
Security groups — stateful firewall at instance level
Network ACLs — stateless firewall at subnet level
NAT gateways — outbound internet for private subnets
VPC endpoints — access AWS services without internet
Lambda in a VPC — access private resources, needs NAT for internet

FAQ

Amazon VPC FAQ

15.2 Amazon CloudFront ★ Light

Know CloudFront basics for caching and content delivery. Understand origins (S3, ALB, custom), cache behaviors, Origin Access Control (OAC), and Lambda@Edge/CloudFront Functions for edge computing.

Core docs

What is Amazon CloudFront? — global CDN for low-latency delivery
Origins — S3, ALB, custom HTTP servers
Cache behaviors — path patterns, caching policies, TTL
Origin Access Control — restrict S3 access to CloudFront only
Lambda@Edge — run Lambda at edge locations
CloudFront Functions — lightweight request/response manipulation

FAQ

Amazon CloudFront FAQ

15.3 Elastic Load Balancing ★ Light

Know the three load balancer types: ALB (Layer 7, HTTP/HTTPS), NLB (Layer 4, TCP/UDP), and their use cases. Understand target groups, health checks, and sticky sessions.

Core docs

What is Elastic Load Balancing? — distribute traffic across targets
Application Load Balancer — Layer 7, HTTP/HTTPS, path-based routing
Network Load Balancer — Layer 4, ultra-low latency, static IP
Target groups — instances, IPs, Lambda functions
Health checks — verify target availability
Sticky sessions — route user to same target

FAQ

Elastic Load Balancing FAQ

15.4 Amazon Route 53 ★ Light

Know Route 53 basics: hosted zones, record types (A, AAAA, CNAME, Alias), and routing policies (simple, weighted, latency, failover). Usually one question.

Core docs

What is Amazon Route 53? — scalable DNS and domain registration
Hosted zones — container for DNS records
Record types — A, AAAA, CNAME, MX, TXT, etc.
Alias records — point to AWS resources without IP lookup
Routing policies — simple, weighted, latency, failover, geolocation
Health checks — monitor endpoint availability

FAQ

Amazon Route 53 FAQ

Chapter 16 — Analytics and streaming

Maps to Task Statement 1.3 — Implement application-to-application messaging

Knowledge of:

Event-driven and asynchronous application patterns
How to use the pub/sub messaging model
Polling, long polling, and streaming
How to use message queues

Skills in:

Using messaging services (for example, Amazon SQS, Amazon SNS, Amazon EventBridge)
Using event sources for Lambda (for example, Amazon Kinesis, Amazon DynamoDB Streams, Amazon SQS, Amazon SNS)
Integrating Lambda functions with event sources

16.1 Amazon Kinesis ★★ Important

Know the difference between Kinesis Data Streams (real-time, shards, consumers, 24hr-365 day retention) vs Kinesis Data Firehose (near-real-time, auto-scaling, delivery to S3/Redshift/OpenSearch). Understand Lambda integration. Expect 1-2 questions.

Core docs

What is Amazon Kinesis Data Streams? — real-time data streaming at scale
Kinesis Data Streams concepts — streams, shards, records, producers, consumers
Shards — unit of capacity, 1MB/s in, 2MB/s out
What is Amazon Kinesis Data Firehose? — load streaming data to S3, Redshift, OpenSearch
Using Lambda with Kinesis — process records with event source mapping
Kinesis Client Library (KCL) — Java library for consumer applications
Enhanced fan-out — dedicated 2MB/s per consumer

FAQ

Amazon Kinesis FAQ

16.2 Amazon Athena ★ Light

Know Athena for serverless SQL queries on S3 data. Understand supported formats (Parquet, CSV, JSON), partitioning for performance, and integration with Glue Data Catalog.

Core docs

What is Amazon Athena? — serverless SQL queries on S3 data
Getting started with Athena — query basics, workgroups
Supported formats — Parquet, CSV, JSON, ORC, Avro
Partitioning — organize data by date/region to reduce scan
Integration with Glue — use Glue Data Catalog for schema

FAQ

Amazon Athena FAQ

16.3 Amazon OpenSearch Service ★ Light

Know OpenSearch for search and log analytics. Understand domains, index patterns, and common use cases (application logs, full-text search). Often paired with Kinesis Firehose for log ingestion.

Core docs

What is Amazon OpenSearch Service? — managed search and analytics
Getting started — create domain, configure access
Indexing data — bulk API, index patterns
Loading streaming data with Kinesis — Firehose to OpenSearch pipeline

FAQ

Amazon OpenSearch Service FAQ