The AWS Certified Database - Specialty (DBS-C01) tests deep knowledge of database services on AWS — not just which service to use, but how each database engine works, how to optimize performance, how to ensure high availability, and how to migrate existing databases to AWS. This exam is appropriate for database administrators, architects, and developers who design and operate database solutions.
The exam is less about AWS console skills and more about database engineering fundamentals applied to AWS services.
Exam Overview
The DBS-C01 exam contains 65 questions (50 scored, 15 unscored) with a 180-minute time limit. The passing score is 750 out of 1000.
Domain Weights
| Domain | Weight |
|---|---|
| Domain 1: Workload-Specific Database Design | 26% |
| Domain 2: Deployment and Migration | 20% |
| Domain 3: Management and Operations | 18% |
| Domain 4: Monitoring and Troubleshooting | 18% |
| Domain 5: Database Security | 18% |
Domain 1: Workload-Specific Database Design (26%)
This domain tests your ability to select the correct database service for a given workload and design the schema or data model appropriately.
Database Service Selection Matrix
| Use Case | Service | Reason |
|---|---|---|
| Relational OLTP | Amazon RDS or Aurora | ACID transactions, SQL queries |
| High-performance relational | Amazon Aurora | Up to 5x MySQL, 3x PostgreSQL throughput |
| Serverless relational | Aurora Serverless v2 | Variable or unpredictable workloads |
| Key-value / document | Amazon DynamoDB | Single-digit millisecond latency at any scale |
| In-memory caching | Amazon ElastiCache | Sub-millisecond cache reads |
| In-memory primary database | Amazon MemoryDB for Redis | Redis-compatible, durable, fully managed |
| Time-series | Amazon Timestream | Purpose-built for IoT and operational metrics |
| Ledger / immutable audit | Amazon QLDB | Cryptographically verifiable transaction log |
| Graph | Amazon Neptune | Relationships and graph traversals |
| Analytics / data warehouse | Amazon Redshift | Columnar storage, petabyte-scale OLAP |
| Full-text search | Amazon OpenSearch Service | Search, log analytics |
DynamoDB Data Modeling
DynamoDB is one of the deepest topics on this exam. The exam tests access pattern-driven design.
Single-table design: Minimize the number of tables by storing multiple entity types in one table. Use a composite primary key where PK identifies the entity type and SK identifies a specific record or relationship.
Access pattern example:
An e-commerce system needs to:
- Get order by order ID
- List all orders for a customer
- Get all items in an order
PK SK Attributes
CUSTOMER#C001 CUSTOMER#C001 name, email
CUSTOMER#C001 ORDER#O001 status, total
ORDER#O001 ITEM#P001 quantity, price
ORDER#O001 ITEM#P002 quantity, price
This design supports all three access patterns using the base table and no additional indexes.
GSI overloading: Use the same GSI across multiple entity types by storing different values in the index key attributes depending on the entity type.
DynamoDB Streams with Lambda: For event-driven processing, DynamoDB Streams captures changes and delivers them to Lambda with exactly-once semantics. Use cases: materializing views, replicating to other data stores, audit logging.
Redshift Architecture
Redshift uses massively parallel processing (MPP) across compute nodes:
- Leader node: Receives queries, creates execution plans, coordinates nodes
- Compute nodes: Execute query fragments, return results to leader
- Distribution styles: EVEN (round-robin), KEY (same key values on same node), ALL (replicate small tables to all nodes), AUTO (AWS decides)
- Sort keys: Compound sort keys speed up range queries and joins; interleaved sort keys give equal weight to all columns in the key
Redshift Spectrum: Query data in S3 without loading it into Redshift. Useful for querying historical data while keeping hot data in the cluster.
Domain 2: Deployment and Migration (20%)
AWS Database Migration Service (DMS)
DMS migrates databases with minimal downtime:
Migration types:
| Type | Description |
|---|---|
| Full load | Migrates existing data only; no ongoing replication |
| Full load + CDC | Migrates existing data, then replicates ongoing changes via Change Data Capture |
| CDC only | Replicates ongoing changes from a database already migrated by another method |
Supported sources and targets: DMS supports homogeneous migrations (Oracle to Oracle) and heterogeneous migrations (Oracle to Aurora PostgreSQL). Heterogeneous migrations usually require the Schema Conversion Tool (SCT) first.
Replication instance: A managed EC2 instance that runs the DMS engine. Size it based on migration volume and number of concurrent tasks.
Common DMS issues:
- LOB (Large Object) handling: Configure full LOB mode or limited LOB mode based on object sizes
- Network bandwidth: Ensure adequate bandwidth between source, replication instance, and target
- Source read impact: Full load can impact source database performance; run during off-peak hours
AWS Schema Conversion Tool (SCT)
SCT converts database schemas from one engine to another:
- Converts DDL statements (tables, views, stored procedures, functions, triggers)
- Reports conversion complexity; flags objects requiring manual conversion
- Does not migrate data — only schema; DMS migrates data
Oracle to PostgreSQL migration challenges:
- PL/SQL to PL/pgSQL: Most logic converts with SCT, but complex packages require rewriting
- Oracle sequences → PostgreSQL sequences or SERIAL
- Oracle-specific data types (VARCHAR2, NUMBER) → PostgreSQL equivalents
RDS Snapshot Migration
For smaller databases with acceptable downtime:
- Take an RDS snapshot
- Restore snapshot to new region or engine version
- Test application against new instance
- Update connection string during maintenance window
For cross-account migration: Share the snapshot with the target account, then restore.
Domain 3: Management and Operations (18%)
RDS High Availability and Scaling
Multi-AZ deployment:
- Synchronous replication to a standby in a different AZ
- Automatic failover in 1-2 minutes when primary fails
- Standby is not readable (not a read replica)
- Maintenance and snapshots occur on the standby to minimize primary impact
RDS Read Replicas:
- Asynchronous replication; replica lag varies by write load
- Up to 5 read replicas per primary (Aurora supports 15)
- Can be promoted to standalone primary (breaks replication)
- Cross-region read replicas for DR and geographic distribution
- Read replicas count toward storage costs
Aurora Cluster architecture:
Aurora separates compute (DB instances) from storage (Aurora storage layer):
- Cluster volume: Automatically distributed across 3 AZs, 6 copies of data
- Writer endpoint: Always routes to the primary instance
- Reader endpoint: Load-balances reads across available Aurora Replicas
- Custom endpoints: Point to a subset of instances (e.g., a dedicated analytical replica)
Aurora Global Database:
- Primary region handles writes
- Secondary regions (up to 5) have read-only replicas with replication lag < 1 second
- Managed failover promotes a secondary region to primary within minutes
DynamoDB Operations
Capacity planning:
| Mode | When to Use |
|---|---|
| Provisioned (+ Auto Scaling) | Predictable traffic; lower cost at scale |
| On-demand | Unpredictable or spiky traffic; pay per request |
Global Tables: Multi-region, multi-active tables. All regions can read and write. DynamoDB resolves conflicts using last-write-wins. Global Tables require DynamoDB Streams enabled.
Time To Live (TTL): Automatically delete expired items at no cost. Set an attribute containing a Unix epoch timestamp. Items are deleted within 48 hours of expiration.
Domain 4: Monitoring and Troubleshooting (18%)
RDS Performance Insights
Performance Insights provides a dashboard showing database load by:
- Wait events: What the database is waiting on (CPU, I/O, locks, network)
- SQL statements: Top queries contributing to load
- Hosts and users: Source of load by client host or username
The Database Load (DB Load) metric shows average active sessions. If DB Load exceeds the number of vCPUs, the database is overloaded.
CloudWatch Metrics for Databases
Critical RDS metrics:
| Metric | Meaning |
|---|---|
| CPUUtilization | Engine CPU usage |
| DatabaseConnections | Open connections |
| FreeStorageSpace | Available storage |
| ReadIOPS / WriteIOPS | I/O operations per second |
| ReadLatency / WriteLatency | Average I/O latency |
| ReplicaLag | Replication delay for read replicas |
DynamoDB metrics:
ConsumedReadCapacityUnits/ConsumedWriteCapacityUnitsThrottledRequests: Requests rejected due to capacity limitsSuccessfulRequestLatency: Latency percentiles
Slow Query Troubleshooting
RDS slow query logs (MySQL):
SET GLOBAL slow_query_log = 'ON';
SET GLOBAL long_query_time = 1; -- Log queries > 1 second
Enable via RDS parameter group; publish to CloudWatch Logs for centralized analysis.
PostgreSQL auto_explain: Automatically logs execution plans for slow queries. Configure via the auto_explain extension in the parameter group.
Domain 5: Database Security (18%)
Encryption at Rest and in Transit
RDS encryption:
- Enable at creation time; cannot enable encryption on an existing unencrypted instance
- Workaround for encrypting an existing instance: snapshot, copy with encryption, restore
- Read replicas inherit the encryption status of the primary; cross-region replicas can use a different CMK in the target region
DynamoDB encryption:
- Enabled by default using an AWS-owned key
- Can specify an AWS-managed key or a customer-managed key
- No performance impact
In transit: Enable require_ssl or ssl parameter in the RDS parameter group. Force SSL with an IAM policy condition:
{
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Effect": "Deny"
}
Database Authentication
IAM database authentication (RDS):
- Generate a 15-minute authentication token using IAM credentials
- Token replaces the database password
- Supported for MySQL and PostgreSQL on RDS and Aurora
- Useful for applications using IAM roles; eliminates static password management
Secrets Manager automatic rotation:
- Rotation Lambda function updates the database password and the secret value atomically
- Built-in Lambda templates for RDS MySQL, PostgreSQL, Oracle, SQL Server, and Aurora
- Configure rotation interval (e.g., 30 days)
"The DBS-C01 exam is fundamentally about knowing the access patterns before you choose a database engine. Candidates who try to memorize service features without understanding when each database shines will struggle with the scenario-based questions." — Gilad Bihary, co-author of the AWS Certified Database Study Guide (Sybex, 2022)
Study Timeline
Recommended: 10-12 weeks. Requires SQL fundamentals and database administration experience.
| Week | Focus |
|---|---|
| 1-2 | DynamoDB data modeling, access patterns, GSI design |
| 3-4 | RDS multi-AZ, read replicas, Aurora architecture |
| 5-6 | DMS, SCT, migration strategies |
| 7-8 | Redshift architecture, Timestream, Neptune overview |
| 9-10 | Monitoring, Performance Insights, slow query analysis |
| 11-12 | Security, encryption, IAM auth, practice exams |
See also: AWS Solutions Architect Associate (SAA-C03) Study Guide: Domains, Services, and Scenarios
References
- AWS. "AWS Certified Database - Specialty Exam Guide (DBS-C01)." https://d1.awsstatic.com/training-and-certification/docs-database-specialty/AWS-Certified-Database-Specialty_Exam-Guide.pdf
- AWS. "Amazon RDS User Guide." https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html
- AWS. "Amazon DynamoDB Developer Guide." https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html
- AWS. "Best Practices for DynamoDB." https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/best-practices.html
- AWS. "AWS Database Migration Service User Guide." https://docs.aws.amazon.com/dms/latest/userguide/Welcome.html
- AWS. "Amazon Aurora User Guide." https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html
- Bihary, Gilad and Skobriev, Slava. "AWS Certified Database Study Guide." Sybex, 2022.
- AWS. "Amazon Redshift Database Developer Guide." https://docs.aws.amazon.com/redshift/latest/dg/welcome.html
Frequently Asked Questions
What is the AWS Database Specialty exam number?
The AWS Certified Database - Specialty exam code is DBS-C01. It covers relational and non-relational databases including RDS, Aurora, DynamoDB, Redshift, ElastiCache, Neptune, and database migration services.
What is DynamoDB single-table design?
Single-table design stores multiple entity types in one DynamoDB table, using composite primary keys where PK identifies the entity type and SK identifies the specific record or relationship. This approach pre-joins data and supports all access patterns without expensive Scan operations.
What is the difference between RDS Multi-AZ and Read Replicas?
Multi-AZ uses synchronous replication to a standby for high availability and automatic failover; the standby is not readable. Read Replicas use asynchronous replication for read scaling; they can be promoted to standalone but are not automatic failover targets (except in Aurora).
How do you encrypt an existing unencrypted RDS instance?
You cannot enable encryption on an existing unencrypted instance directly. The workaround is to take a snapshot of the instance, copy the snapshot with encryption enabled, then restore the encrypted snapshot as a new database instance.
What is the difference between DMS Full Load and Full Load + CDC?
Full Load migrates existing data only and does not capture ongoing changes. Full Load + CDC migrates existing data and then continuously replicates new changes using Change Data Capture, allowing near-zero-downtime migrations.