## Notes - I passed this back in [[2021-07-02]] and it will expire in a month - I signed up for [[2024-06-10]] test date - When I passed it in [[2021]], I didn't study at all. Overall I felt confident about answering the knowledge question because a lot of the technologies and questions were self-explanatory ## Exam Contents - Develop and secure applications using AWS service APIs, AWS CLI, and SDKs - Use a CI/CD pipeline to deploy to AWS - Questions might have *distractors*, are plausible responses - No penalty for guessing - 15 questions do not affect score - Result is pass-fail - Score scale is 100 to 1000 ### Outline - 32% [[#Developing with AWS services]] - 26% [[#Security]] - 24% [[#Deployment]] - 18% [[#Troubleshooting and optimization]] #### Developing with AWS Services ##### Develop Code for Applications Hosted on AWS - Knowledge - Architectural patterns - event-driven - microservices - monolithic - [[choreography pattern]] - orchestration - [[fanout pattern]] - Idempotency - Stateful vs stateless - Tightly-coupled vs loosely-coupled - Fault-tolerant design patterns - retries with exponential backoff - jitter - dead-letter queues - Synchronous vs asynchronous patterns - Skills in - Creating fault-tolerant and resilient applications - Creating, extending, and maintaining APIs - response/request transformations - enforcing validation rules - overriding status codes - Writing and running unit tests in dev environments - [[AWS SAM]] - Code for messaging services - Code that interacts with AWS services using APIs and SDKs - Streaming data ##### Develop AWS Lambda - Knowledge of - Event source mapping - Stateless applications - Unit testing - Event-driven architecture - Scalability - Accessing private resources in VPC - Skills in - Configuring [[AWS Lambdas]] with environment variables and parameters - memory - concurrency - timeout - runtime - handler - layers - extensions - triggers - destinations - Handling event lifecycle and errors by using code - [[Lambda Destinations]] - [[Dead-letter Queues]] - Writing and running test code using AWS services and tools - Integrating lambda functions with AWS services - Tuning Lambdas for optimal performance ##### Use Data Stores in Application Development - Knowledge - Relational and non-relational databases - CRUD operations - High-cardinality partition keys for balanced partition access - Cloud storage options - file - object - database - Database consistency models - [[strongly consistent]] - [[eventually consistent]] - Query vs scan - DynamoDB keys and indexing - Caching strategies - [[write-through]] - [[read-through]] - [[lazy loading (cache strategy)]] - [[TTL]] - S3 tiers and lifecycle management - Ephemeral vs persistent patterns - Skills - Serializing and deserializing data for persistence in data store - Using, managing, maintaining data stores - Managing data lifecycles - Using data caching services #### Security ##### Authentication/Authorization - Knowledge - [[Identity federation]] - [[Security Assertion Markup Language (SAML)]] - [[OpenID Connect (OIDC)]] - [[Amazon Cognito]] - Bearer tokens - [[JWT]] - [[OAuth]] - [[AWS Security Token Service]] - User pools vs identity pools in *Amazon Cognito* - Resource-based policies, service policies, principal policies - [[RBAC]] - [[ACLs]] - Principle of least privilege - AWS-managed policies vs customer-managed policies - Identity and access management - Skills - Using an identity provider - *Amazon Cognito* - AWS IAM - Securing applications using bearer tokens - Configuring programatic access to AWS - Making authenticated calls to AWS - Assuming an IAM role - Defining permissions for principals ##### Encryption - Knowledge - Encryption at rest and in transit - Certificate management - [[AWS Private Certificate Authority]] - Key protection - Key rotation - client-side encryption vs server-side encryption - AWS-managed and customer-managed [[AWS Key Management Service]] keys - Skills - Using encryption keys to encrypt or decrypt data - Generating certificates and SSH keys for development purposes - Using encryption across account boundaries - Enable/disable key rotation ##### Manage Sensitive Data - Knowledge - Data classification - PII - PHI - Environment variables - Secrets management - [[AWS Secrets Manager]] - [[AWS Systems Manager Parameter Store]] - Secure credential handling - Skills - Encrypting environment variables - Using secret management services - Sanitizing sensitive data #### Deployment - Knowledge - Ways to access application configuration - [[AWS AppConfig]] - [[AWS Secrets Manager]] - [[AWS Systems Manager Parameter Store]] - Lambda deployment packaging, layers, and configuration options - Git-based version control - [[AWS CodeCommit]] - Container images - Skills - Managing dependencies of code module - environment variables - configuration files - container images - Organizing files and directory structure - Code repositories - Manage resources ##### Test Applications in Development Environments - Knowledge - AWS features that perform application deployment - Integration testing that uses mock endpoints - Lambda versions and aliases - Skills - Testing deployed code by using AWS services and code - Performing mock integration for APIs and resolving integration dependencies - Testing applications by using deployment endpoints - configuring stages in [[AWS API Gateway]] - Deploying application stack updates to existing environments - deploying *AWS SAM* to a different staging environment ##### Automate Deployment Testing - Knowledge - [[AWS API Gateway stages]] - Branches and actions in CI/CD - Automated software testing - unit testing - mock testing - Skills - Creating application testing events - JSON payloads for testing Lambda - API Gateway - AWS SAM resources - Deploying API resources to various environments - Creating application environments that use approved versions for integration testing - [[AWS Lambda aliases]] - container image tags - [[AWS Amplify]] branches - [[AWS Copilot]] environments - Deploying IaC - AWS SAM templates - AWS CloudFormation templates - Managing environments in individual AWS services - dev, test, prod in *API Gateway* ##### Deploy Code Using AWS CI/CD - Knowledge - Git-based version control - Manual and automated approvals in [[AWS CodePipeline]] - Access application config from *AWS AppConfig* and *Secrets Manager* - CI/CD workflows that use AWS services - Application deployment that uses AWS services - *CloudFormation* - [[AWS Cloud Development Kit]] (CDK) - AWS SAM - AWS CodeArtifact - AWS Copilot - Amplify - Lambda - Lambda deployment packaging options - API Gateway stages and custom domains - Deployment strategies - canary - green/blue - rolling - Skills - Updating IaC templates - SAM templates - CloudFormation templates - Managing application environments - Deploying an application version - Committing code to invoke build, test, deploy - Using orchestrated workflows to deploy code to different environments - Performing application rollbacks by using existing deployment strategies - Using labels and branches for version release management - Using existing runtime configurations to create dynamic endpoints - using staging variables from API Gateway in Lambda #### Troubleshooting and Optimization ##### Root Cause Analysis - Knowledge - Logging and monitoring systems - Languages for log queries - Amazon CloudWatch Logs Insights - Data visualizations - Code analysis tools - Common HTTP error codes - Common exceptions generated by SDKs - Service Maps in AWS X-Ray - Skills - Debugging code to find defects - Interpreting application metrics, logs, and traces - Querying logs to find relevant data - Custom metrics - CloudWatch embedded metric format - Reviewing application health using dashboards and insights - Troubleshooting deployment failures by using service logs ##### Instrument Code for Observability - Knowledge - Distributed tracing - Logging vs monitoring vs observability - Structured logging - Application metrics (custom, embedded, built-in) - Skills - Effective logging strategies - Emitting custom metrics - Annotations for tracing services - Notification alerts - quota limits - deployment completions - Implement tracing ##### Optimize Applications - Knowledge - Caching - Concurrency - Messaging services - [[AWS SQS]] - [[AWS SNS]] - Skills - Profiling performance - Minimum memory and compute power - Subscription filter policies to optimize messaging - Caching content based on request headers ### Out of Scope - Design architectures - distributed systems - microservices - database schemas - modeling - Design and create CI/CD pipelines - Administer IAM groups and users - Administer servers and operating systems - Design AWS network infrastructure - VPC - Direct Connect ## Appendix ### Might Be on the Exam - Analytics - [[Amazon Athena]] - [[Amazon Kinesis]] - [[Amazon OpenSearch Service]] - Application Integration - [[AWS AppSync]] - [[Amazon EventBridge]] - *SNS* - *SQS* - AWS Step Functions - Compute - EC2 - Elastic Beanstalk - Lambda - SAM - Containers - AWS Copilot - ECR - ECS - EKS - Database - Aurora - DynamoDB - ElastiCache - MemoryDB for Redis - RDS - Developer Tools - Amplify - [[Cloud9]] - [[CloudShell]] - [[CodeArtifact]] - CodeBuild - CodeCommit - CodeDeploy - CodeGuru - CodePipeline - CodeStar - CodeWhisperer - X-Ray - Management and Governance - AppConfig - CLI - Cloud Development Kit - CloudFormation - CloudTrail - CloudWatch - CloudWatch Logs - Systems Manager - Networking and Content Delivery - API Gateway - CloudFront - ELB - [[Route 53]] - VPC - Security, Identity, and Compliance - AWS Certificate Manager - Cognito - Key Management Service - Private Certificate Authority - Secrets Manager - Security Token Service - WAF - Storage - EBS - EFS - S3 - S3 Glacier ### Out-of-scope - Analytics - QuickSight - Business applications - Chime - Connect - WorkMail - End-user computing - App Stream 2.0 - WorkSpaces - Web and Mobile - Device Farm - Game Tech - GameLift - Machine Learning - Lex - ML - Polly - Rekognition - Management and Governance - ... - TBD ## References - [AWS Certified Developer Associate Exam Guide - AWS](https://d1.awsstatic.com/training-and-certification/docs-dev-associate/AWS-Certified-Developer-Associate_Exam-Guide.pdf)