The DVA-C02 exam has a reputation problem. Developers assume it's easy because they already write code. Cloud architects assume it's narrow because it's "just developer stuff." Both groups underperform for opposite reasons.
Developers walk in comfortable with code but blank on AWS-specific deployment, IAM, and monitoring patterns. Architects walk in knowing AWS but underestimate how much actual application code and SDK behavior the exam tests. The DVA-C02 sits in an uncomfortable middle ground — it genuinely requires both.
What DVA-C02 Actually Tests
Five domains, each with a specific angle:
| Domain | Exam Weight | The Real Focus |
|---|---|---|
| Development with AWS Services | 32% | SDK, CLI, API patterns, Lambda, DynamoDB |
| Security | 26% | Credentials, IAM roles in code, Cognito, Secrets Manager |
| Deployment | 24% | CodePipeline, CodeBuild, CodeDeploy, Elastic Beanstalk, SAM |
| Troubleshooting and Optimization | 18% | X-Ray, CloudWatch Logs Insights, debugging patterns |
Development and Security together are 58%. If you're a backend developer with AWS experience, these are your strength. If you're coming from infrastructure, these are where you'll lose points.
The exam has 65 questions, 130 minutes. More time per question than the SAA-C03, but the questions are more technical and often include code snippets or CLI commands you need to interpret.
Domain 1: Development with AWS Services (32%)
Lambda — The Core Service
AWS Lambda dominates this domain. You need to understand Lambda beyond "serverless function runs on events."
Things the exam actually tests:
Lambda execution context — Lambda reuses execution environments between invocations when possible. Variables initialized outside the handler function persist between warm invocations. This is both a performance optimization and a bug source — if you store mutable state outside the handler, concurrent invocations can interfere.
Lambda concurrency — by default, Lambda can scale to 1,000 concurrent executions per Region. Reserved concurrency caps a function's concurrency (to protect downstream services). Provisioned concurrency keeps instances warm (eliminates cold starts for latency-sensitive functions).
Lambda destinations — instead of handling async invocation failures in your code, configure destinations: send successful results to SQS, failed results to a dead-letter queue or another Lambda.
The exam question: "A Lambda function processing SQS messages is failing intermittently and messages are being lost. How do you ensure failed messages are retained for investigation?" Answer: configure a Dead Letter Queue (DLQ) on the Lambda function or SQS queue.
DynamoDB From a Developer Perspective
The SAA-C03 tests DynamoDB as "use this for high-scale NoSQL." The DVA-C02 tests how you actually work with it.
Partition key design — DynamoDB distributes data across partitions based on the partition key. A poor partition key creates hot partitions — one partition gets hammered while others sit idle, throttling your writes.
Bad partition key: status (only a few values, most writes go to "active")
Good partition key: user_id (millions of values, distributed evenly)
Read/Write Capacity Modes:
- Provisioned — you specify read/write capacity units, pay for what you provision. Use when traffic is predictable.
- On-Demand — pay per request, scales automatically. Use when traffic is unpredictable or spiky.
DynamoDB Streams — captures item-level changes (inserts, updates, deletes) as a stream. Use with Lambda triggers to react to database changes without polling. The exam loves this pattern.
API Gateway Patterns
Amazon API Gateway — managed service for creating, publishing, and securing REST, HTTP, and WebSocket APIs.
Three integration types the exam tests:
- Lambda proxy integration — API Gateway passes the entire request to Lambda, Lambda handles everything
- AWS service integration — API Gateway calls an AWS service directly (e.g., put a message in SQS without Lambda in the middle)
- HTTP integration — proxy requests to an existing HTTP endpoint
Caching in API Gateway — enable caching to reduce backend calls. Cache TTL is configurable. The exam tests this as a cost and performance optimization.
Usage plans and API keys — throttle and monitor API usage by consumer. Different from IAM authorization — usage plans track and limit consumption per API key.
Domain 2: Security (26%)
Credentials — Never Hardcode Them
This is the most important security concept for developers, and it appears on the exam constantly.
The wrong way:
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Hardcoded in code, committed to Git, leaked to the world.
The right way depends on where your code runs:
- EC2 — attach an IAM Instance Profile. SDK automatically retrieves temporary credentials.
- Lambda — Lambda execution role. SDK automatically retrieves credentials.
- Local development — AWS credentials file (
~/.aws/credentials) or environment variables, never committed - Cross-account — IAM Role assumption via
sts:AssumeRole
AWS Secrets Manager — store database passwords, API keys, any secrets. Applications retrieve secrets at runtime via API call. Supports automatic rotation. This is the answer when the question mentions rotating database credentials automatically.
AWS Systems Manager Parameter Store — similar to Secrets Manager but simpler and cheaper. Use for configuration values and non-sensitive data. Secrets Manager is the answer when rotation or encryption is specifically mentioned.
Cognito — Identity for Applications
Amazon Cognito — managed user identity service for web and mobile applications.
Two distinct components:
- User Pools — user directory, handles sign-up/sign-in, JWT tokens, MFA, social login (Google, Facebook)
- Identity Pools (Federated Identities) — exchange tokens (from User Pools, Google, SAML) for temporary AWS credentials to directly access AWS services
The exam pattern: "Users need to sign in and then access their personal S3 bucket." Use Cognito User Pool for authentication + Identity Pool to get temporary credentials for S3 access.
Domain 3: Deployment (24%)
The AWS Developer Tools Pipeline
The exam tests the four CodeX services as an integrated pipeline:
- AWS CodeCommit — managed Git repository (note: AWS announced deprecation in 2024, but it still appears on the exam)
- AWS CodeBuild — managed build service, runs tests, compiles code, produces artifacts
- AWS CodeDeploy — deploys applications to EC2, Lambda, ECS, or on-premises servers
- AWS CodePipeline — orchestrates the pipeline, connects CodeCommit/GitHub → CodeBuild → CodeDeploy
Deployment strategies in CodeDeploy — this is heavily tested:
| Strategy | Behavior | Downtime | Risk |
|---|---|---|---|
| In-place | Update instances one by one | Brief | Rollback is slow |
| Blue/Green | New environment, then shift traffic | None | Higher cost temporarily |
| Canary | Shift small % of traffic first | None | Catches issues early |
| Linear | Gradually shift traffic in equal increments | None | Controlled rollout |
The exam: "A company needs to deploy with zero downtime and the ability to instantly roll back." That's Blue/Green deployment.
Elastic Beanstalk Deployment Policies
AWS Elastic Beanstalk — PaaS that handles infrastructure provisioning. You deploy code, Beanstalk handles EC2, load balancers, Auto Scaling.
Deployment policies:
- All at once — fastest, but causes downtime, not for production
- Rolling — deploy to batches, some old version running during deployment
- Rolling with additional batch — spin up new instances first, always maintain full capacity
- Immutable — deploy to fresh instances, swap if healthy, safest but slowest
- Traffic splitting — canary testing, send % of traffic to new version
The exam tests when each is appropriate. "Zero downtime" + "quickly revert" = Immutable.
AWS SAM
AWS Serverless Application Model (SAM) — open-source framework for building serverless applications. Extends CloudFormation with shorthand for Lambda, API Gateway, DynamoDB.
SAM CLI commands the exam references:
sam build— compile and package the applicationsam deploy— deploy to AWSsam local invoke— test Lambda locally
The exam question: "A developer wants to test Lambda functions locally before deploying." Answer: SAM CLI with sam local invoke.
Domain 4: Troubleshooting and Optimization (18%)
X-Ray for Distributed Tracing
AWS X-Ray — distributed tracing service that visualizes requests as they travel through your application components.
Key concepts:
- Trace — end-to-end path of a request
- Segment — data about work done by a single service
- Subsegment — granular timing within a segment (SQL query, HTTP call)
- Sampling — X-Ray doesn't trace every request (too expensive). Default: first request each second + 5% of additional requests.
To use X-Ray in Lambda: enable active tracing in the Lambda configuration. The Lambda runtime automatically sends trace data.
CloudWatch — What Developers Actually Use
Amazon CloudWatch — monitoring and observability service.
For developers, three capabilities matter most:
- CloudWatch Logs — application log output. Lambda automatically sends logs here.
- CloudWatch Logs Insights — SQL-like query language to search and analyze logs. "Find all requests that took over 5 seconds" is a Logs Insights query.
- CloudWatch Alarms — trigger actions when metrics cross thresholds. Can invoke Lambda, send SNS notification, trigger Auto Scaling.
Embedded Metric Format (EMF) — structure your Lambda log output as JSON with specific fields, and CloudWatch automatically extracts them as custom metrics. No separate API call needed.
The Study Approach That Works
Stephane Maarek's DVA-C02 course on Udemy is the most comprehensive video preparation — 46 hours, covers every service in depth. It's long. You don't need to watch every section at 1x speed.
Efficient approach:
- Services you know: watch at 1.5x, focus on AWS-specific behavior
- Services you don't know: 1x, take notes, do the hands-on labs
- Skip nothing in Lambda, DynamoDB, API Gateway, CodeDeploy, Cognito
Tutorials Dojo DVA-C02 practice exams — 400+ questions. The explanations for wrong answers are where the real learning happens. Don't just check if you got it right — read every explanation.
Hands-on matters for this exam more than for SAA-C03. Questions about Lambda behavior, DynamoDB partition design, and X-Ray tracing are hard to answer correctly without having actually built these things. Use the AWS free tier and build the patterns yourself.
Realistic Timeline
| Background | Study Time | Approach |
|---|---|---|
| Developer, no AWS | 8-10 weeks | Full video course + 3 practice exam rounds |
| AWS user (infrastructure focus) | 6-8 weeks | Skim compute/storage video, deep dive on SDK/Lambda/DynamoDB |
| Already passing SAA-C03 | 4-6 weeks | Focus on developer-specific services and deployment domain |
The exam costs $300 to schedule. Don't book until you're consistently hitting 80%+ on Tutorials Dojo practice exams.
DVA-C02 Domain Breakdown: Where Questions Actually Come From
| Domain | Weight | Key Services | Candidate Gap |
|---|---|---|---|
| Development with AWS Services | 32% | Lambda, DynamoDB, API Gateway, SQS, SNS, Step Functions | Developers know code; they miss AWS-specific execution models |
| Security | 26% | IAM roles, Cognito, Secrets Manager, Parameter Store, KMS | Infrastructure folks miss SDK credential chain |
| Deployment | 24% | CodePipeline, CodeBuild, CodeDeploy, Elastic Beanstalk, SAM, CDK | Both groups underestimate deployment strategy depth |
| Troubleshooting and Optimization | 18% | X-Ray, CloudWatch Logs Insights, CloudWatch Metrics, EMF | Everyone underestimates this domain |
The 32% Development domain is deceptive. It's not "write code" — it's "understand how AWS services behave when your code interacts with them." Lambda's execution model, DynamoDB's partition behavior, and API Gateway's integration types are all technically "development" but feel more like infrastructure knowledge.
Lambda: What the DVA-C02 Specifically Tests
Lambda is the central service on this exam. The coverage goes deeper than most study guides indicate.
Cold starts vs warm invocations: when Lambda initializes a new execution environment, it runs initialization code (your imports, database connections, SDK clients) before calling your handler. This is the cold start. Warm invocations reuse the existing environment, skipping initialization. The exam tests this as a performance and cost consideration: initialize expensive resources (database connections, SDK clients) outside the handler function so they're reused across warm invocations.
Execution context reuse gotcha: state stored outside the handler persists across warm invocations — which creates bugs if that state is mutable. The exam presents scenarios where candidates must identify that a bug is caused by execution context reuse, not a logic error. Classic example: a counter initialized to zero outside the handler that accumulates incorrectly across invocations.
Concurrency limits and throttling: the default regional Lambda concurrency limit is 1,000 concurrent executions. When your functions hit this limit, Lambda throttles new invocations. Reserved concurrency carves out a fixed number of concurrent executions for a specific function, guaranteeing capacity but also capping it — which can protect downstream services from being overwhelmed.
Provisioned concurrency eliminates cold starts: for latency-sensitive functions (user-facing APIs), provisioned concurrency keeps a defined number of execution environments warm and ready. The tradeoff: provisioned concurrency has an additional cost even when not actively processing requests. The exam tests when provisioned concurrency is worth the cost: low-latency customer-facing functions, not batch processing.
Event source mappings and batch behavior: when Lambda processes SQS messages, it reads records in batches. If your function fails partway through a batch, Lambda retries the entire batch — which means some messages may be processed twice. The exam tests the design implications: idempotency requirements, partial batch failure handling (using ReportBatchItemFailures response to avoid re-processing successful messages), and configuring the batch window.
Destination configurations: Lambda destinations route the output of asynchronous invocations. On success, send the result to SQS or EventBridge. On failure, send to a DLQ or another Lambda. This is cleaner than writing retry logic in your handler and appears on the exam as the preferred pattern for handling async Lambda failures.
| Lambda Feature | Exam Question Pattern |
|---|---|
| Cold start | "Function has intermittent latency on first request — cause and fix?" |
| Execution context reuse | "Function produces incorrect results on concurrent invocations" |
| Reserved concurrency | "Protect downstream DynamoDB from Lambda spike" |
| Provisioned concurrency | "Customer-facing function cannot tolerate cold start latency" |
| DLQ/Destination | "Failed async invocations must be retained for debugging" |
| Event source mapping | "Lambda reading SQS must handle partial batch failures" |
DynamoDB: The Developer Perspective the Exam Tests
Partition Key Design in Practice
The DVA-C02 goes deeper on DynamoDB than the Solutions Architect exam. The focus is on developer-level decisions that affect application behavior.
Hot partition problem and how to avoid it: if your partition key has low cardinality (few distinct values), most requests hit the same partition. Solutions the exam tests:
- Write sharding: append a random suffix (1-10) to the partition key, distribute writes across 10 virtual partitions, query all 10 in parallel and merge results
- Better key design: use a naturally high-cardinality attribute (user ID, UUID) as the partition key
- Adaptive capacity: DynamoDB automatically shifts capacity to hot partitions within a table — but this is a workaround, not a design fix
GSI vs LSI — the decision the exam tests:
| Feature | Local Secondary Index (LSI) | Global Secondary Index (GSI) |
|---|---|---|
| Partition key | Same as base table | Can be different attribute |
| When created | Only at table creation | Can add/remove any time |
| Projection | Item collection bounded by 10 GB | No size limit |
| Read consistency | Strong or eventual | Eventual only |
| Capacity | Shares with base table | Separate provisioned capacity |
The exam question: "A table partitioned by user_id needs queries by email address. The table already exists and has data." Answer: GSI on email (LSI cannot be added after creation).
DynamoDB Streams for event-driven patterns: Streams captures item-level changes in order, per partition. Lambda triggers on DynamoDB Streams to react to inserts, updates, and deletes without polling. The stream record includes both old and new images — useful for auditing or downstream synchronization. The exam tests this integration pattern and the ShardIterator types (TRIM_HORIZON for all records, LATEST for new records only).
API Gateway: The Depth DVA-C02 Requires
Three API types, specific use cases:
| Type | Protocol | Use Case | When Exam Picks It |
|---|---|---|---|
| REST API | HTTP/HTTPS | Full feature set, API keys, usage plans, caching | When question mentions throttling, caching, or API key management |
| HTTP API | HTTP/HTTPS | Lower cost, lower latency, JWT/OAuth authorizers | When question emphasizes cost or JWT authorization |
| WebSocket API | WebSocket | Real-time bidirectional communication | Chat apps, live dashboards, streaming |
Lambda proxy integration vs custom integration: proxy integration passes the entire HTTP request to Lambda as the event object (headers, body, query strings, path parameters all in one JSON payload). Lambda must return a properly formatted response object (statusCode, headers, body). Custom integration requires you to define request/response mapping templates in Velocity Template Language (VTL) — more flexible but more complex. The exam tests when each is appropriate.
Throttling and usage plans: API Gateway enforces two types of throttling. Account-level throttle (default 10,000 requests/second, 5,000 burst) and stage/method-level throttle (configurable per route). Usage plans connect API keys to throttle and quota limits — the mechanism for metering external API consumers. The exam tests how to prevent a single client from overwhelming the backend.
Study Schedule by Background
| Week | Developer Background (8-10 weeks) | Infrastructure Background (6-8 weeks) |
|---|---|---|
| 1 | Lambda execution model + DynamoDB data modeling | Lambda + DynamoDB (full depth, both are likely new) |
| 2 | API Gateway integration types + Cognito flows | API Gateway + Cognito (focus on SDK auth patterns) |
| 3 | CodePipeline + CodeBuild + deployment strategies | CodePipeline + CodeBuild (likely already familiar) |
| 4 | CodeDeploy + Elastic Beanstalk deployment policies | CodeDeploy + SAM (focus on appspec/SAM templates) |
| 5 | IAM credential chain + Secrets Manager + KMS | IAM credential chain + SDK credential provider |
| 6 | X-Ray + CloudWatch Logs Insights + practice exam | X-Ray + CloudWatch practice exam (take first one cold) |
| 7 | Review wrong answers — identify knowledge vs judgment gaps | Review wrong answers + Lambda deep dive |
| 8 | Practice exam round 2, target 75%+ | Practice exam round 2, book if 75%+ |
| 9-10 | (if needed) Weak domain re-study + final practice exam | — |
Developers: spend extra time on the Deployment domain (CodeDeploy lifecycle hooks, Beanstalk deployment policies). These are infrastructure concepts that developers often underestimate.
Infrastructure engineers: spend extra time on the Security domain (Cognito User Pool vs Identity Pool, MSAL token patterns, when to use Secrets Manager vs Parameter Store). These feel like application concerns but appear heavily on this exam.
"The DVA-C02 frustrates developers because it tests their services from an operational angle they don't think about day-to-day. Lambda cold starts, SQS partial batch failure handling, DynamoDB partition design — these are things developers should know but often learn by debugging production issues rather than studying for an exam. The exam forces that knowledge before you hit production." — Stephane Maarek, AWS Certified Developer course instructor, 200,000+ enrolled students
References
- AWS. AWS Certified Developer – Associate (DVA-C02) Exam Guide. Amazon Web Services, 2023. https://d1.awsstatic.com/training-and-certification/docs-dev-associate/AWS-Certified-Developer-Associate_Exam-Guide.pdf
- Maarek, Stephane. Ultimate AWS Certified Developer Associate 2024 DVA-C02. Udemy, 2024. (46-hour course, 200,000+ enrolled students, consistently top-rated)
- Bonso, Jon (Tutorials Dojo). AWS Certified Developer Associate Practice Exams DVA-C02. Tutorials Dojo, 2024. https://tutorialsdojo.com
- Amazon Web Services. AWS Lambda Developer Guide. AWS Documentation, 2024. https://docs.aws.amazon.com/lambda/latest/dg/welcome.html
- Amazon Web Services. Amazon DynamoDB Developer Guide. AWS Documentation, 2024. https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html
- Amazon Web Services. AWS X-Ray Developer Guide. AWS Documentation, 2024. https://docs.aws.amazon.com/xray/latest/devguide/aws-xray.html
Frequently Asked Questions
What does the AWS Developer Associate exam focus on?
DVA-C02 focuses on serverless development (Lambda, API Gateway, DynamoDB), deployment pipelines (CodeBuild, CodeDeploy, CodePipeline), security (IAM roles, KMS, Cognito), and development with AWS SDKs. It emphasizes developer-perspective service knowledge over infrastructure architecture.
Is DVA-C02 harder than SAA-C03?
They test different things. DVA-C02 goes deeper on developer services and deployment tooling. SAA-C03 tests broader architectural knowledge. Candidates with software development backgrounds often find DVA-C02 easier; those with infrastructure backgrounds may find SAA-C03 more natural.
Do I need to know DynamoDB well for DVA-C02?
Yes. DynamoDB is heavily tested on DVA-C02 from a developer perspective — partition keys, sort keys, GSIs, LSIs, read/write capacity modes, DynamoDB Streams, and DynamoDB Accelerator (DAX). It's one of the most tested services on the exam.
What deployment strategies appear on DVA-C02?
The exam tests all major deployment strategies: All-at-once, Rolling, Rolling with additional batch, Immutable, Blue/Green, and Canary. You need to know which strategy minimizes downtime, which is fastest, and which allows rollback for each deployment scenario.
Should I take SAA-C03 before DVA-C02?
Not required. DVA-C02 is an independent certification. However, SAA-C03 provides useful architectural context. If you're pursuing multiple AWS certifications, SAA-C03 first provides a stronger foundation since DVA-C02 assumes general AWS service knowledge.