How to Pass AWS Certified Developer Associate (DVA-C02) in 2026: Complete Study Guide

# How to Pass AWS Certified Developer Associate (DVA-C02) in 2026: Complete Study Guide If you build applications on AWS and want a certification that actually validates what you do day-to-day, the AWS Certified Developer Associate (DVA-C02) is the one to go for. It covers the services developers touch most — Lambda, DynamoDB, API Gateway, SQS, SNS, CodePipeline — and tests whether you can apply them correctly under real-world constraints. This guide breaks down exactly what is on the exam, which topics carry the most weight, and how to structure your preparation across five weeks. ## Exam Format at a Glance | Detail | Value | |---|---| | Exam code | DVA-C02 | | Cost | $150 USD | | Questions | 65 (multiple choice + multiple response) | | Duration | 130 minutes | | Passing score | 72% | | Valid for | 3 years | | Recommended experience | 1+ year building AWS applications | You have about 2 minutes per question, which is comfortable for most candidates. The tricky parts are the multiple-response questions — you must select all correct answers with no partial credit. ## Domain Breakdown AWS publishes the official domain weights for DVA-C02: | Domain | Topic | Weight | |---|---|---| | 1 | Development with AWS Services | 32% | | 2 | Security | 26% | | 3 | Deployment | 24% | | 4 | Troubleshooting and Optimization | 18% | Domain 1 is the largest chunk, but Security at 26% catches many developers off guard — it is not just IAM basics. Plan study time accordingly. ## Domain 1: Development with AWS Services (32%) This domain covers the core serverless and messaging services you will use to build applications. ### AWS Lambda Lambda is the heart of the DVA-C02 exam. You need to understand: - **Event sources**: S3 (object notifications), DynamoDB Streams, Kinesis, SQS, SNS, API Gateway, EventBridge, Cognito - **Invocation types**: synchronous (API Gateway, SDK direct call), asynchronous (S3, SNS, EventBridge), polling (SQS, Kinesis, DynamoDB Streams) - **Deployment options**: .zip upload, container images (up to 10 GB), Lambda Layers for shared dependencies - **Concurrency**: reserved concurrency (caps a function), provisioned concurrency (pre-warmed instances, eliminates cold starts) - **Execution model**: handler, context object, environment variables, /tmp storage (512 MB default, up to 10 GB) 💡 **Exam Tip:** When a question says "reduce cold start latency," the answer is almost always Provisioned Concurrency, not Reserved Concurrency. Reserved Concurrency limits concurrency — it does not warm anything. ### API Gateway Know the difference between REST API and HTTP API: - **REST API**: more features (usage plans, API keys, request/response transformation, edge-optimized), higher cost - **HTTP API**: lower latency, lower cost, supports JWT authorizers and Lambda proxy integration — the right choice for simple Lambda backends - **WebSocket API**: bidirectional real-time communication, routes based on message attributes ### DynamoDB DynamoDB questions are everywhere on this exam. Focus on: - **Partition key design**: high cardinality keys distribute load evenly; poor design causes hot partitions - **GSI (Global Secondary Index)**: different partition/sort key, eventually consistent reads, separate throughput - **LSI (Local Secondary Index)**: same partition key, different sort key, must be created at table creation, shares table throughput - **DynamoDB Streams**: captures item-level changes (INSERT, MODIFY, REMOVE), can trigger Lambda, 24-hour retention - **Read/write modes**: on-demand vs provisioned; `GetItem`, `Query`, `Scan` differences (Scan reads everything — avoid it at scale) ### Messaging: SQS, SNS, Kinesis **SQS:** - Standard queue: at-least-once delivery, best-effort ordering - FIFO queue: exactly-once processing, strict ordering, up to 3,000 messages/sec with batching - Visibility timeout: how long a message is hidden after a consumer reads it (default 30 seconds) - Dead-letter queue (DLQ): receives messages that fail processing after MaxReceiveCount attempts **SNS + SQS Fan-out pattern:** Publish once to an SNS topic, fan out to multiple SQS queues. This decouples producers from multiple consumers and is a classic exam scenario. **Kinesis Data Streams:** Real-time data streaming, ordered per shard, 24-hour to 365-day retention. Use when you need ordering, replay, or multiple consumers reading the same stream. 💡 **Exam Tip:** SQS is for work queues (task distribution). Kinesis is for data streams (analytics, logging). If the question mentions "multiple independent consumers reading the same data," Kinesis is the answer. ### Elastic Beanstalk Deployment Strategies | Strategy | Downtime | Extra capacity | Speed | |---|---|---|---| | All at once | Yes | No | Fastest | | Rolling | No | No | Moderate | | Rolling with additional batch | No | Yes (temporary) | Moderate | | Immutable | No | Yes (full) | Slow | | Blue/Green | No | Yes (full) | Controlled | ## Domain 2: Security (26%) ### IAM Roles vs Resource Policies - **IAM roles**: attached to compute resources (Lambda, EC2, ECS tasks); define what AWS services the resource can call - **Resource policies**: attached to the resource being accessed (S3 bucket policy, KMS key policy, Lambda resource policy); define who can access the resource For cross-account access, you typically need both: an IAM role in the target account AND a trust policy allowing the source account. ### Cognito - **User Pools**: user directory, handles sign-up/sign-in, returns JWT tokens (ID token, access token, refresh token). Use for authentication. - **Identity Pools**: exchanges tokens (from User Pool, Google, Facebook, SAML) for temporary AWS credentials via STS. Use for authorizing AWS API calls directly from client apps. 💡 **Exam Tip:** "User Pool = who you are (authentication). Identity Pool = what you can do on AWS (authorization)." ### SSM Parameter Store vs Secrets Manager | Feature | Parameter Store | Secrets Manager | |---|---|---| | Cost | Free (standard) / low cost | ~$0.40/secret/month | | Automatic rotation | No | Yes (built-in for RDS, Redshift, DocumentDB) | | Cross-account access | With IAM | With IAM | | Best for | Config values, non-secret params | Passwords, API keys, RDS credentials | ## Domain 3: Deployment (24%) ### AWS CodeBuild, CodeDeploy, CodePipeline - **CodeBuild**: managed CI service, runs buildspec.yml, produces artifacts stored in S3 - **CodeDeploy**: deploys to EC2, on-premises servers, Lambda, or ECS; uses appspec.yml to define lifecycle hooks - **CodePipeline**: orchestrates the full CI/CD pipeline; source → build → test → deploy stages ### X-Ray Tracing X-Ray provides distributed tracing across services. Key concepts: - **Trace**: end-to-end request journey - **Segment**: work done by a single service - **Subsegment**: breakdown within a segment (a DB call, external HTTP request) - **Annotation**: indexed key-value pairs (searchable in X-Ray console) - **Metadata**: non-indexed key-value pairs (not searchable) - **Sampling**: X-Ray does not record every request by default; default rule is 1 request/second + 5% of remaining To instrument Lambda, enable active tracing in the function configuration or via `--tracing-mode Active` in the CLI. The X-Ray SDK is needed to trace downstream calls. ## Domain 4: Troubleshooting and Optimization (18%) This domain tests whether you can read error codes, interpret CloudWatch metrics, and fix common application issues. Key areas: - Lambda throttling (429): increase reserved concurrency or request a limit increase - DynamoDB `ProvisionedThroughputExceededException`: add exponential backoff, increase RCU/WCU, or switch to on-demand - SQS message stuck in flight: visibility timeout is too short; consumer is not deleting messages after processing - API Gateway 502 Bad Gateway: Lambda function returned a malformed response - CloudWatch Logs Insights: query log groups with SQL-like syntax for troubleshooting ## 5-Week Study Plan ### Week 1: Lambda and API Gateway - Read AWS Lambda developer guide (event sources, deployment, concurrency) - Practice: build a simple Lambda + API Gateway CRUD API - Study X-Ray integration ### Week 2: DynamoDB and Messaging - Deep dive DynamoDB: indexes, streams, expressions - Study SQS (Standard vs FIFO), SNS fan-out, Kinesis basics - Practice: design a partition key for a multi-tenant application ### Week 3: Security Domain - IAM roles, resource policies, policy evaluation logic - Cognito User Pools vs Identity Pools end-to-end flows - SSM Parameter Store and Secrets Manager hands-on ### Week 4: Deployment and CI/CD - Elastic Beanstalk deployment strategies — know each one - CodeBuild buildspec.yml, CodeDeploy appspec.yml hooks - CodePipeline multi-stage pipeline setup ### Week 5: Review and Practice Exams - Take 2-3 full practice exams under timed conditions - Review all questions you got wrong; trace back to official documentation - Focus on tricky SQS/Cognito/X-Ray distinctions (the most common traps) ## Resources - AWS Developer Associate exam guide (official): lists exact domains and sample questions - AWS Skill Builder: free and paid courses, official practice exam - AWS Documentation: Lambda, DynamoDB, SQS developer guides are all excellent ## Ready to Test Your Knowledge? The best way to confirm you are ready is to work through realistic practice questions under exam conditions. Our [AWS Certified Developer Associate practice exam](/exams/aws-certified-developer-associate-dva-c02-340-questions) contains 340 questions covering all four domains with detailed explanations for every answer — including why each wrong answer is wrong. Good luck with your preparation. With consistent daily study over five weeks, DVA-C02 is very achievable for developers who are already working with AWS.