The AWS Developer Associate exam is one of three AWS certifications at the associate level. This certification is geared towards those who work in development roles using AWS cloud services. If you don’t work as a developer, this might put you off. However, as you’ll learn in this article, this certification is both accessible and useful to those who do not come from a development background.
This article aims to help you to understand what to expect if you decide to pursue this certification. This includes coverage of the AWS DVA-C01 exam guide, as well as delving into some more detail on what services and topics you’ll need to know. You’ll also learn about the types of exam questions you’ll find when you take the exam and how to best prepare for them.
The AWS Certified Developer Associate DVA-C01 Exam Guide
The AWS Developer Associate certification is intended for those individuals who perform a development role working with AWS services. It is expected that you’ll have at least one year of hands-on experience developing and maintaining AWS-based applications. The exam validates the following ability to:
- Demonstrate an understanding of core AWS services, uses, and basic AWS architecture best practices
- Demonstrate proficiency in developing, deploying, and debugging cloud-based applications using AWS
In reality, you don’t need to know how to program and you don’t actually need to have experience of developer tools to pass this exam. Plenty of students pass this exam using only video-based training, practice tests, and hands-on practice using an AWS free-tier account.
The exam includes 65 questions and has a time limit of 130 minutes. You need to score a minimum of 720 out of 1000 points to pass the exam. The question format of the exam is multiple-choice (one correct response from four options) and multiple-response (two or more correct responses from five or more options).
In the AWS Certified Developer Associate (DVA-C01) exam guide, it is stated that students should have the following knowledge and experience:
- In-depth knowledge of at least one high-level programming language
- Understanding of core AWS services, uses, and basic AWS architecture best practices
- Proficiency in developing, deploying, and debugging cloud-based applications using AWS
- Ability to use the AWS service APIs, AWS CLI, and SDKs to write applications
- Ability to identify key features of AWS services
- Understanding of the AWS shared responsibility model
- Understanding of application lifecycle management
- Ability to use a CI/CD pipeline to deploy applications on AWS
- Ability to use or interact with AWS services
- Ability to apply a basic understanding of cloud-native applications to write code
- Ability to write code using AWS security best practices
- Ability to author, maintain, and debug code modules on AWS
- Proficiency writing code for serverless applications
- Understanding of the use of containers in the development process
Again, this may lead you to believe that you need strong development skills to have any chance of passing this exam but this is simply not true. In my video-based course for this exam, I teach you everything you need to know even if you don’t have this experience. You will need to learn how to read snippets of code, but you won’t need to be able to write any yourself.
Throughout the rest of this article, we’ll explore these knowledge requirements in more detail, so you get a clear idea of what to expect in the exam.
AWS Developer Associate Exam – Domains, Objective and Examples
The knowledge required is organized into five “domains”. Within each domain, there are several objectives that broadly describe the knowledge and experience expected to pass the exam.
Domain 1: Deployment
This domain makes up 22% of the exam and includes the following four objectives:
1.1 Deploy written code in AWS using existing CI/CD pipelines, processes, and patterns
1.2 Deploy applications using Elastic Beanstalk
1.3 Prepare the application deployment package to be deployed to AWS
1.4 Deploy serverless applications
What you need to know
You need to know how to use the AWS Developer Tools such as AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline. You’ll need to know how to use these tools for creating CI/CD pipelines to deploying code. These tools make it easy for you, so don’t be too intimidated by this if you’ve not worked with CI/CD pipelines before. In fact, in my AWS Developer Associate training course, I walk you through hands-on labs to demonstrate this to you.
You’ll definitely need to be confident when to use an appspec.yml file vs a buildspec.yml file. For CodeDeploy make sure you know the different deployment types such as in-place and blue/green and also the various traffic shifting options including canary, linear, and all-at-once. These are different for each service (Lambda, ECS, EC2 etc.) and you will be tested on this knowledge.
AWS Elastic Beanstalk can feature quite heavily on the exam. You’ll need to understand the structure of Elastic Beanstalk and its uses cases. Make sure you understand the difference between web server environments and worker environments. Elastic Beanstalk deployment policies come up often and it’s very important to understand the various features and constraints of each policy and when to use them. These include All-at-once, rolling, rolling with additional batch, and immutable.
Serverless is a big topic on the AWS Certified Developer Associate exam. You need to know how to deploy AWS Lambda functions, Amazon API Gateway APIs, Amazon DynamoDB tables, and other serverless services. This can include using AWS CodeDeploy, Amazon CloudFormation, and the AWS Serverless Application Model.
Question: The source code for an application is stored in a file named index.js that is in a folder along with a template file that includes the following code:
AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' Resources: LambdaFunctionWithAPI: Type: AWS::Serverless::Function Properties: Handler: index.handler Runtime: nodejs12.x
What does a Developer need to do to prepare the template so it can be deployed using an AWS CLI command?
- Run the aws cloudformation compile command to base64 encode and embed the source file into a modified CloudFormation template
- Run the aws cloudformation package command to upload the source code to an Amazon S3 bucket and produce a modified CloudFormation template
- Run the aws lambda zip command to package the source file together with the CloudFormation template and deploy the resulting zip archive
- Run the aws serverless create-package command to embed the source file directly into the existing CloudFormation template
Answer: 2. The template shown is an AWS SAM template for deploying a serverless application. This can be identified by the template header: Transform: ‘AWS::Serverless-2016-10-31’. The Developer will need to package and then deploy the template. To do this the source code must be available in the same directory or referenced using the “codeuri” parameter. Then, the Developer can use the “aws cloudformation package” or “sam package” commands to prepare the local artifacts (local paths) that the AWS CloudFormation template references.
Question: A Developer has completed some code updates and needs to deploy the updates to an Amazon Elastic Beanstalk environment. The environment includes twelve Amazon EC2 instances and there can be no reduction in application performance and availability during the update. Which deployment policy is the most cost-effective choice so suit these requirements?
- All at once
- Rolling with additional batch
Answer: 3. The “rolling with additional batch” policy will add an additional batch of instances, updates those instances, then move onto the next batch.
Question: A Developer is writing an imaging microservice on AWS Lambda. The service is dependent on several libraries that are not available in the Lambda runtime environment. Which strategy should the Developer follow to create the Lambda deployment package?
- Create a ZIP file with the source code and all dependent libraries
- Create a ZIP file with the source code and a script that installs the dependent libraries at runtime
- Create a ZIP file with the source code and an appspec.yml file. Add the libraries to the appspec.yml file and upload to Amazon S3. Deploy using CloudFormation
- Create a ZIP file with the source code and a buildspec.yml file that installs the dependent libraries on AWS Lambda
Answer: 1. A deployment package is a ZIP archive that contains your function code and dependencies. You need to create a deployment package if you use the Lambda API to manage functions, or if you need to include libraries and dependencies other than the AWS SDK.
Domain 2: Security
This domain makes up 26% of the exam and includes the following three objectives:
2.1 Make authenticated calls to AWS services
2.2 Implement encryption using AWS services
2.3 Implement application authentication, and authorization
What you need to know
Security is an important topic for all AWS exams and with the AWS Developer Associate certification, you’ll need to be familiar with how to develop secure applications and use best practices for secure application development.
You need to understand how and when to use IAM users, groups, and roles. You should be familiar with how delegation works and how to assume roles programmatically. You need to know when to use access keys and when to use instance profiles. You’ll also need to be able to read JSON permissions policies and know how to construct them.
The AWS Developer Associate Exam includes quite a few questions on AWS Cognito. You’ll need to know when to use Cognito User Pools and Cognito Identity Pools. This can be a confusing topic but you need to be crystal clear on the differences on exam day. Also, make sure you understand Lambda authorizers and how to use them with API Gateway.
For encryption you need to understand the encryption SDK. AWS KMS, AWS CloudHSM, and Amazon S3 encryption come up regularly. Make sure you understand all the options and when and how to use each service. It’s important to understand the process of how data is protected with encryption. Encryption at rest vs encryption in-transit comes up too.
If encryption and security make your head spin, fear not! Enroll in my AWS Certified Developer Associate training course and you’ll learn these complex topics through visual and theoretical lessons and practical learning exercises.
Question: A developer needs to add sign-up and sign-in capabilities for a mobile app. The solution should integrate with social identity providers (IdPs) and SAML IdPs. Which service should the developer use?
- AWS Cognito user pool
- AWS Cognito identity pool
- API Gateway with a Lambda authorizer
- AWS IAM and STS
Answer: 1. User pools are for authentication (identify verification). With a user pool, your app users can sign in through the user pool or federate through a third-party identity provider (IdP). Identity pools are for authorization (access control). You can use identity pools to create unique identities for users and give them access to other AWS services.
Question: A development team is migrating data from various file shares to AWS from on-premises. The data will be migrated into a single Amazon S3 bucket. What is the SIMPLEST method to ensure the data is encrypted at rest in the S3 bucket?
- Use SSL to transmit the data over the Internet
- Ensure all requests use the x-amz-server-side-encryption-customer-key header
- Ensure all requests use the x-amz-server-side-encryption header
- Enable default encryption when creating the bucket
Answer: 4. Amazon S3 default encryption provides a way to set the default encryption behavior for an S3 bucket. You can set default encryption on a bucket so that all new objects are encrypted when they are stored in the bucket. The objects are encrypted using server-side encryption with either Amazon S3-managed keys (SSE-S3) or customer master keys (CMKs) stored in AWS Key Management Service (AWS KMS).
Domain 3: Development with AWS Services
This domain makes up 30% of the exam and includes the following four objectives:
3.1 Write code for serverless applications
3.2 Translate functional requirements into application design
3.3 Implement application design into application code
3.4 Write code that interacts with AWS services by using APIs, SDKs, and AWS CLI
What you need to know
I’ll state it again, you DON’T actually need to be able to write any code. You won’t be asked to write any code in the exam. However, you will need to be able to read some code. That doesn’t mean you need to understand any specific language, just that you might get asked to identify a structural pattern in the code and what the best practice should be.
For instance, keeping one-off time-consuming tasks outside of the Lambda function handler. Such as:
- Connecting to databases
- Initializing the AWS SDK
- Pulling in dependencies or datasets
You should be familiar with the API actions associated with some of the key services covered in the exam. This includes AWS Lambda, Amazon DynamoDB, AWS Elastic Beanstalk, Amazon S3, Amazon SQS, and others. You can look these up quite easily on the AWS website. It’s also a good idea to have some familiarity with the AWS CLI and know the basic commands for key services.
For design, make sure you’re familiar with the use cases for serverless services. Serverless applications come up a lot on the exam, as do microservices design patterns such as using Amazon ECS. AWS Lambda, Amazon API Gateway, Amazon DynamoDB, and Amazon S3 are the services that are MOST tested on the exam. But Amazon ECS is definitely important too – so make sure you know your launch types and task placement strategies.
The AWS Developer Associate Exam mainly covers API Gateway REST APIs, rather than WebSocket APIs. In the Developer Associate exam, the focus is mainly on method requests/responses, integration requests/responses, mapping templates, stages and stage variables, caches, and throttling. You should also understand usage plans and API keys.
Question: A Developer needs to create an instance profile for an Amazon EC2 instance using the AWS CLI. How can this be achieved? (Select THREE.)
- Run the
aws iam create-instance-profilecommand
- Run the
- Run the
aws iam add-role-to-instance-profilecommand
- Run the
- Run the
aws ec2 associate-instance-profilecommand
- Run the
Answer: 1,3,5. To add a role to an Amazon EC2 instance using the AWS CLI you must first create an instance profile. Then you need to add the role to the instance profile and finally assign the instance profile to the Amazon EC2 instance.
Question: A Developer needs to write some code to invoke an AWS Lambda function using the AWS Command Line Interface (CLI). Which option must be specified to cause the function to be invoked asynchronously?
- Set the
–invocation-typeoption to Event
- Set the
–invocation-typeoption to Invoke
- Set the
–payloadoption to Asynchronous
- Set the
–qualifieroption to Asynchronous
Answer: 1. Several AWS services, such as Amazon Simple Storage Service (Amazon S3) and Amazon Simple Notification Service (Amazon SNS), invoke functions asynchronously to process events. To do this using the CLI you can set the
–invocation-type option to
Domain 4: Refactoring
This domain makes up 10% of the exam and includes the following two objectives:
4.1 Optimize application to best use AWS services and features
4.2 Migrate existing application code to run on AWS
What you need to know
The AWS Developer Associate Exam includes scenarios such as optimizing the performance of applications on AWS using features such as caching, auto-scaling, and load balancing. Topics you should understand include caching with Amazon DynamoDB DAX, and Amazon ElastiCache, as well as when to use Amazon RDS read replicas and Multi-AZ.
Domain 4 also includes knowing when to use a specific service such as a serverless service over Amazon EC2 or Amazon RDS and how you might refactor services that are being migrated into the cloud using AWS Step Functions or application integration services such as Amazon SQS and Amazon SNS.
Quite a few scenarios come up relating to migrating applications from on-premises to the AWS cloud. These scenarios can test your knowledge of the use cases for different services and the methods of migrating them. The trick is to identify what the key requirements are for the design such as cost-effectiveness, security, resilience, or performance.
Question: A call center application is being refactored into a serverless architecture. The new application includes several AWS Lambda functions that are involved in the automation of support tickets. What is the BEST way to coordinate the complex invocation logic for the Lambda function?
- Create a State Machine with AWS Step Functions
- Include the invocation of other Lambda functions within the Lambda code
- Create a Workflow using the Amazon Simple Workflow Service (SWF)
- Use the AWS Serverless Application Model (SAM)
Answer: 1. AWS Step Functions makes it easy to coordinate the components of distributed applications as a series of steps in a visual workflow. You can quickly build and run state machines to execute the steps of your application in a reliable and scalable fashion.
Question: A company recently migrated a multi-tier application to AWS. The web tier runs on an Auto Scaling group of Amazon EC2 instances and the database tier uses Amazon DynamoDB. The database tier requires extremely high performance and most requests are repeated read requests. What service can be used to scale the database tier for BEST performance?
- Amazon CloudFront
- Amazon ElastiCache
- Amazon DynamoDB Accelerator (DAX)
- Amazon SQS
Answer: 3. Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second.
Domain 5: Monitoring and Troubleshooting
This domain makes up 12% of the exam and includes the following two objectives:
5.1 Write code that can be monitored
5.2 Perform root cause analysis on faults found in testing or production
What you need to know
The last domain covers knowledge of services such as AWS CloudWatch, and AWS X-Ray. You’ll be tested on high-resolution and custom metrics with CloudWatch, namespaces, and dimensions. You should also be familiar with CloudWatch Events, CloudWatch Logs, and CloudWatch Alarms.
X-Ray is useful for root-cause analysis and comes up with a few exam questions. Make sure you know how to use get it working with services such as Amazon EC2, AWS Lambda, and Amazon DynamoDB. You’ll need to know some basic terminology including segments, subsegments, annotations, and metadata. You also need to understand how X-Ray works with the SDK.
AWS CloudTrail is used for logging API activity and is therefore used as an auditing tool. CloudTrail comes up in exam questions so you should be familiar with how to create CloudTrail trails and what information is logged. Also, make sure you’re absolutely clear on the difference between CloudWatch (monitoring) and CloudTrail (auditing).
Question: An application is instrumented to generate traces using AWS X-Ray and generates a large amount of trace data. A Developer would like to use filter expressions to filter the results to specific key-value pairs added to custom subsegments. How should the Developer add the key-value pairs to the custom subsegments?
- Add metadata to the custom subsegments
- Add annotations to the custom subsegments
- Add the key-value pairs to the Trace ID
- Setup sampling for the custom subsegments
Answer: 2. You can record additional information about requests, the environment, or your application with annotations and metadata. You can add annotations and metadata to the segments that the X-Ray SDK creates, or to custom subsegments that you create.
Question: An application running on Amazon EC2 is experiencing intermittent technical difficulties. The developer needs to find a solution for tracking the errors that occur in the application logs and setting up a notification when the error rate exceeds a certain threshold. How can this be achieved with the LEAST complexity?
- Use CloudTrail to monitor the application log files and send an SNS notification
- Configure the application to send logs to Amazon S3. Use Amazon Kinesis Analytics to analyze the log files and send an SES notification
- Configure Amazon CloudWatch Events to monitor the EC2 instances and configure an SNS topic as a target
- Use CloudWatch Logs to track the number of errors that occur in the application logs and send an SNS notification
Answer: 4. You can use CloudWatch Logs to monitor applications and systems using log data. For example, CloudWatch Logs can track the number of errors that occur in your application logs and send you a notification whenever the rate of errors exceeds a threshold you specify.
Free Practice Test
Click here to access Free Practice Questions for the AWS Developer Associate.
AWS Developer Associate Exam Training
The AWS Developer Associate Exam can be a difficult exam if you’re not fully prepared. Not only do you require the developer skills mentioned above, but also a foundational understanding of core AWS services. To make sure you have everything you need, enroll in our Ultimate Training Package for the AWS Developer Associate. This training package includes over 25 hours of video-based training, 390 practice questions, and a comprehensive cheat sheet PDF for offline study.
Get in touch with us here.