AWS Certified Developer Study Guide E-Book

Table of Contents

Cover

Table of Contents

Title Page

Copyright

About the Author

Acknowledgments

Introduction

What Does This Book Cover?

Interactive Online Learning Environment and Test Bank

Exam Objectives

Objective Map

How to Contact the Publisher

Assessment Test

Answers to Assessment Test

Chapter 1: Introduction to Amazon Web Services

Introduction to AWS

Calling an AWS Service

Working with Regions

Identity and Access Management

Summary

Exam Essentials

Exercises

Review Questions

Chapter 2: Introduction to Compute and Networking

Amazon Elastic Compute Cloud

Running Applications on Instances

Customizing the Network

Managing Your Resources

Summary

Exam Essentials

Exercises

Review Questions

Chapter 3: AWS Data Storage

Storage Fundamentals

AWS Block Storage Services

AWS Object Storage Services

AWS File Storage Services

Storage Comparisons

Summary

Exam Essentials

Exercises

Review Questions

Chapter 4: AWS Database Services

Relational Databases

Nonrelational Databases

In-Memory Data Stores

Cloud Database Migration

Summary

Exam Essentials

Exercises

Review Questions

Chapter 5: Encryption on AWS

AWS Key Management Service

AWS CloudHSM

Controlling the Access Keys

Summary

Exam Essentials

Exercises

Review Questions

Chapter 6: Deployment Strategies

Deployments on the AWS Cloud

AWS Elastic Beanstalk

Deployment Strategies

Monitoring and Troubleshooting

Summary

Exam Essentials

Exercises

Review Questions

Chapter 7: Deployment as Code

Use AWS CodePipeline to Automate Deployments

Use AWS CodeCommit as a Source Repository

Use AWS CodeBuild to Create Build Artifacts

Use AWS CodeDeploy to Deploy Applications

Summary

Exam Essentials

Exercises

Review Questions

Chapter 8: Infrastructure as Code

Use AWS CloudFormation to Deploy Infrastructure

Summary

Exam Essentials

Exercises

Review Questions

Chapter 9: Secure Configuration and Container Management

Securely Managing Application Configuration and Secrets

Container Deployments on AWS

Amazon Elastic Container Registry

Amazon Elastic Container Service

Amazon Elastic Kubernetes Service

Other Container Deployment Options

Summary

Exam Essentials

Exercises

Review Questions

Chapter 10: Authentication and Authorization

Authentication and Authorization in AWS

User Authentication with Amazon Cognito

Active Directory on AWS

Summary

Exam Essentials

Exercises

Review Questions

Chapter 11: Refactoring to Microservices

Amazon Simple Queue Service

Amazon Simple Notification Service

Amazon Kinesis Data Streams

Amazon Kinesis Data Firehose

Amazon Kinesis Data Analytics

Amazon DynamoDB Streams

Amazon MQ

AWS Step Functions

Summary

Exam Essentials

Exercises

Review Questions

Chapter 12: Serverless Compute

Where Did the Servers Go?

AWS Lambda Functions

Inside the AWS Lambda Function

Configuring an AWS Lambda Function

Lambda Deployment and Testing

Monitoring AWS Lambda Functions

Summary

Exam Essentials

Exercises

Review Questions

Chapter 13: Serverless Applications

Web Server with Amazon S3 (Presentation Layer)

Amazon API Gateway (Logic or App Layer)

GraphQL APIs with AWS AppSync (Logic or App Tier)

Standard Three-Tier vs. the Serverless Stack

Amazon Aurora Serverless

Amazon ElastiCache

Summary

Exam Essentials

Exercises

Review Questions

Chapter 14: Modern AWS Deployment Frameworks

AWS Cloud Development Kit

AWS Serverless Application Model

Amazon Amplify

Summary

Exam Essentials

Exercises

Review Questions

Chapter 15: Monitoring and Troubleshooting

Monitoring Basics

Amazon CloudWatch

Amazon OpenSearch

AWS CloudTrail

Amazon Athena

AWS X-Ray

Summary

Exam Essentials

Exercises

Review Questions

Chapter 16: Optimization

Cost Optimization: Everyone’s Responsibility

Right Sizing

Use Reserved Instances and Savings Plans

Use Spot Instances

Use Auto Scaling

Use Containers

Use Serverless Approaches

Optimize Storage

Optimize Data Transfer

Monitoring Costs

Monitoring Performance

Summary

Exam Essentials

Exercises

Review Questions

Appendix Answers to Review Questions

Chapter 1: Introduction toAmazon Web Services

Chapter 2: Introduction to Compute and Networking

Chapter 3: AWS Data Storage

Chapter 4: AWS Database Services

Chapter 5: Encryption on AWS

Chapter 6: Deployment Strategies

Chapter 7: Deployment as Code

Chapter 8: Infrastructure as Code

Chapter 9: Secure Configuration and Container Management

Chapter 10: Authentication and Authorization

Chapter 11: Refactoring to Microservices

Chapter 12: Serverless Compute

Chapter 13: Serverless Applications

Chapter 14: Modern AWS Deployment Frameworks

Chapter 15: Monitoring and Troubleshooting

Chapter 16: Optimization

Index

End User License Agreement

List of Tables

Chapter 1

TABLE 1.1 Sample of region names and regions

TABLE 1.2 Selecting an AWS region

TABLE 1.3 IAM users and IAM roles usage

Chapter 2

TABLE 2.1 Amazon EC2 instance families

TABLE 2.2 Amazon VPC connection types

TABLE 2.3 Main route table example

TABLE 2.4 Public route table example

TABLE 2.5 Inbound rules for

websg

TABLE 2.6 Outbound rules for

websg

TABLE 2.7 Inbound rules for

databasesg

TABLE 2.8 Outbound rules for

databasesg

TABLE 2.9 Default network ACL inbound rules

TABLE 2.10 Default network ACL outbound rules

TABLE 2.11 Security groups and network ACLs

TABLE 2.12 Private route table example

Chapter 3

TABLE 3.1 SSD volume comparison

TABLE 3.2 HDD volume comparison

TABLE 3.3 EBS volume use cases

TABLE 3.4 Invalid bucket names

TABLE 3.5 Amazon S3 storage class comparison

TABLE 3.6 AWS Cloud storage products

TABLE 3.7 Storage comparison

TABLE 3.8 Storage service comparison (EFS, S3, and EBS)

Chapter 4

TABLE 4.1 AWS database service mapping to database type

TABLE 4.2 Application mapping to AWS database service

TABLE 4.3 SQL vs. NoSQL database characteristics

TABLE 4.4 Comparison of local and global secondary indexes

TABLE 4.5 Amazon DynamoDB partition key recommended strategies

Chapter 6

TABLE 6.1 Common AWS Elastic Beanstalk commands

TABLE 6.2 Deployment strategies

Chapter 10

TABLE 10.1 AWS identity

Chapter 11

TABLE 11.1 Amazon SQS message attributes

TABLE 11.2 Dead-letter queue settings

TABLE 11.3 Server-Side Encryption (SSE) settings

TABLE 11.4 CloudWatch dead-letter queue

TABLE 11.5 SNS and SQS feature comparison

TABLE 11.6 Amazon Kinesis Data Firehose buffers

Chapter 12

TABLE 12.1 AWS Lambda CloudWatch metrics

Chapter 13

TABLE 13.1 AWS CloudWatch Metrics

TABLE 13.2 Memcached or Redis

Chapter 15

TABLE 15.1 Elastic load balancing metrics

TABLE 15.2 Amazon EC2 metrics

TABLE 15.3 AWS Auto Scaling Groups

TABLE 15.4 Amazon S3 Metrics

TABLE 15.5 Amazon DynamoDB Metrics

TABLE 15.6 Amazon API Gateway Metrics

TABLE 15.7 AWS Lambda Metrics

TABLE 15.8 Amazon SQS Metrics

TABLE 15.9 Amazon SNS Metrics

TABLE 15.10 Example logs

TABLE 15.11 Example metric filters

TABLE 15.12 Example JSON metric filters

TABLE 15.13 Alarm states

TABLE 15.14 Alarm settings

TABLE 15.15 AWS X-Ray service graph status codes

List of Illustrations

Chapter 1

FIGURE 1.1 AWS Management Console

FIGURE 1.2 Options for managing AWS resources

FIGURE 1.3 Cloud Shell button

FIGURE 1.4 API request and authorization

FIGURE 1.5 AWS regions, availability zones, and planned regions (as of May 2...

FIGURE 1.6 Regions and availability zones

FIGURE 1.7 IAM user long-term credentials

FIGURE 1.8 IAM groups and IAM users

FIGURE 1.9 IAM roles

FIGURE 1.10 IAM roles are distinct from IAM users and groups.

FIGURE 1.11 IAM identities and IAM policies

FIGURE 1.12 IAM policy elements

Chapter 2

FIGURE 2.1 Amazon EC2 storage

FIGURE 2.2 Amazon Machine Images

FIGURE 2.3 Amazon EC2 instance life cycle

FIGURE 2.4 Using SSH with an Amazon EC2 instance

FIGURE 2.5 Decrypting a Windows password

FIGURE 2.6 Viewing a Windows password

FIGURE 2.7 Amazon EC2 metadata attributes

FIGURE 2.8 Querying Amazon EC2 user data

FIGURE 2.9 Instance profile and IAM role credentials

FIGURE 2.10 Amazon VPC overview

FIGURE 2.11 Amazon VPC with gateway connections

FIGURE 2.12 Amazon VPC with public and private subnets

FIGURE 2.13 Amazon VPC with public and private subnets with rules

FIGURE 2.14 Security groups

FIGURE 2.15 Network ACLs and security groups

FIGURE 2.16 Controlling network traffic within an Amazon VPC

FIGURE 2.17 Example of Amazon VPC with NAT

FIGURE 2.18 NAT gateway in Amazon VPC

FIGURE 2.19 Shared responsibility security model

Chapter 3

FIGURE 3.1 The AWS storage portfolio

FIGURE 3.2 A complete set of storage building blocks

FIGURE 3.3 Amazon S3 versioning

FIGURE 3.4 S3 object version IDs

FIGURE 3.5 Defense in depth on S3

FIGURE 3.6 MFA Delete

FIGURE 3.7 Amazon S3 life cycle policies allow you to delete or move objects...

FIGURE 3.8 Mount target

FIGURE 3.9 EFS mounting options

FIGURE 3.10 Using EFS

FIGURE 3.11 Using Direct Connect with EFS

Chapter 4

FIGURE 4.1 Amazon RDS database engines

FIGURE 4.2 Amazon RDS host responsibilities

FIGURE 4.3 RDS Databases console

FIGURE 4.4 Maintenance window

FIGURE 4.5 Taking an RDS snapshot

FIGURE 4.6 RDS with CloudWatch metrics

FIGURE 4.7 RDS with CloudWatch logs

FIGURE 4.8 Amazon Aurora DB cluster

FIGURE 4.9 SQL versus NoSQL format comparison

FIGURE 4.10 Amazon DynamoDB tables and partitions

FIGURE 4.11 DynamoDB table with items and attributes

FIGURE 4.12 DynamoDB primary keys

FIGURE 4.13 Local secondary index

FIGURE 4.14 Global secondary index

FIGURE 4.15 DynamoDB table and secondary index

FIGURE 4.16 Example of DynamoDB Streams and AWS Lambda

FIGURE 4.17 Global tables

FIGURE 4.18 Replication flow in global tables

FIGURE 4.19 Homogenous database migrations using DMS

Chapter 5

FIGURE 5.1 Encryption options in AWS

FIGURE 5.2 Amazon S3 client-side encryption

FIGURE 5.3 Deploying AWS CloudHSM in an Amazon VPC

FIGURE 5.4 Flow of envelope encryption

Chapter 6

FIGURE 6.1 Major phases of the release life cycle

FIGURE 6.2 CI/DI pipeline

FIGURE 6.3 AWS Code services

FIGURE 6.4 Deploying highly available and scalable applications

FIGURE 6.5 Elastic Beanstalk’s underlying technologies

FIGURE 6.6 Responsibilities of AWS Elastic Beanstalk

FIGURE 6.7 Application running on Elastic Beanstalk

FIGURE 6.8 Worker tier on Elastic Beanstalk

FIGURE 6.9 Metrics for monitoring on Elastic Beanstalk

FIGURE 6.10 Events on AWS Elastic Beanstalk

Chapter 7

FIGURE 7.1 Branch view

FIGURE 7.2 AWS CodePipeline workflow

FIGURE 7.3 Pipeline structure

FIGURE 7.4 Source stage

FIGURE 7.5 Artifact transition

FIGURE 7.6 Full pipeline

FIGURE 7.7 SSH Key ID

FIGURE 7.8 Creating a pull request

FIGURE 7.9 Reviewing changes

FIGURE 7.10 Source location

FIGURE 7.11 Using CodeBuild in CodePipeline

FIGURE 7.12 Build provider

FIGURE 7.13 Life cycle hook availability with load balancer

FIGURE 7.14 Life cycle hook availability with blue/green deployments

FIGURE 7.15 Life cycle hook availability for Lambda deployments

FIGURE 7.16 Deployment provider

Chapter 8

FIGURE 8.1 CloudFormation Exports tab

FIGURE 8.2 Nested stack structure

FIGURE 8.3 CloudFormation Stack Policy field

FIGURE 8.4 AWS CloudFormation StackSets structure

FIGURE 8.5 CloudFormation StackSet actions

FIGURE 8.6 CloudFormation StackSets permissions

Chapter 9

FIGURE 9.1 AWS Parameter Store

FIGURE 9.2 Amazon ECS architecture

FIGURE 9.3 AWS Fargate architecture

FIGURE 9.4 Amazon ECS as a deployment provider

FIGURE 9.5 Amazon Copilot for ECS

FIGURE 9.6 Amazon EKS architecture

Chapter 10

FIGURE 10.1 AWS Identity Center use cases model

FIGURE 10.2 Device tracking

FIGURE 10.3 Cognito prebuilt UI

FIGURE 10.4 AWS Directory Service chart

Chapter 11

FIGURE 11.1 Amazon Simple Queue Service flow

FIGURE 11.2 SQS queue

FIGURE 11.3 Amazon Simple Queue Service

FIGURE 11.4 Log server

FIGURE 11.5 Amazon SQS queue

FIGURE 11.6 Amazon SNS

FIGURE 11.7 Combined SQS and SNS workflow

FIGURE 11.8 SNS mobile endpoint subscriber

FIGURE 11.9 Fan-out pattern with SNS and SQS

FIGURE 11.10 Amazon Kinesis Data Streams

FIGURE 11.11 Amazon Kinesis Data Analytics flow

FIGURE 11.12 Amazon DynamoDB Stream

FIGURE 11.13 AWS Step Functions

FIGURE 11.14 State machine code and visual workflow

FIGURE 11.15 Amazon Function State Language

FIGURE 11.16 Parallel state visual workflow

FIGURE 11.17 Input and output processing

Chapter 12

FIGURE 12.1 AWS Lambda execution flow

FIGURE 12.2 AWS Management Console

FIGURE 12.3 Amazon S3 push model

FIGURE 12.4 Kinesis pull model

FIGURE 12.5 Editing Lambda code in the Management Console

FIGURE 12.6 AWS X-Ray service map

Chapter 13

FIGURE 13.1 Amazon CloudFront cache

FIGURE 13.2 API Gateway Authorizer validating a client’s JSON web token with...

FIGURE 13.3 Sample dashboard for Amazon API Gateway using Amazon CloudWatch...

FIGURE 13.4 Swagger (OpenAPI) documentation rendered with a user interface

FIGURE 13.5 Standard three-tier web infrastructure architecture

FIGURE 13.6 Serverless web application architecture

Chapter 14

FIGURE 14.1 Amplify Hosting monitoring dashboard

FIGURE 14.2 Amplify default login/registration UI

FIGURE 14.3 Amplify version control options

Chapter 15

FIGURE 15.1 Various monitoring services on AWS

FIGURE 15.2 Diagram of Amazon CloudWatch

FIGURE 15.3 Alarm evaluation

FIGURE 15.4 Event-driven architecture in EventBridge

FIGURE 15.5 Amazon CloudWatch dashboard

FIGURE 15.6 VPC flow logs analyzed by CloudWatch Insights

FIGURE 15.7 Querying VPC flow logs with CloudWatch Insights

FIGURE 15.8 Microservice example

FIGURE 15.9 Example service graph for an application

Chapter 16

FIGURE 16.1 The Cost and Usage Report showing resource spend as a stacked ba...

Guide

Cover

Table of Contents

Title Page

Copyright

About the Author

Acknowledgments

Introduction

Assessment Test

Begin Reading

Appendix Answers to Review Questions

Index

End User License Agreement

Pages

i

ii

iii

iv

v

vii

xxiii

xxiv

xxv

xxvi

xxvii

xxviii

xxix

xxx

xxxi

xxxii

xxxiii

xxxiv

xxxv

xxxvi

xxxvii

xxxviii

xxxix

xl

xli

xlii

xliii

xliv

xlv

xlvi

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

616

617

618

619

620

621

622

623

624

625

626

627

628

629

630

631

632

633

634

635

636

637

638

639

640

641

642

643

644

645

646

647

648

649

650

651

652

653

654

655

656

657

658

659

660

661

662

663

664

665

666

667

668

669

670

671

672

673

674

675

676

677

678

679

680

681

682

683

684

685

686

687

688

689

690

691

692

693

694

695

697

698

699

700

701

702

703

704

705

706

707

708

709

710

711

712

713

714

715

716

717

718

719

720

721

722

723

724

725

726

727

728

729

730

731

733

734

735

736

737

738

739

740

741

742

743

744

745

746

747

748

749

750

751

752

753

754

755

AWS Certification Books from Sybex

Associate Certifications

AWS Certified SysOps Administrator Study Guide: Associate (SOA-C01) Exam, 2nd Edition

— ISBN 978-1-119-56155-2, February 2020Edition with accompanying online labs — ISBN 978-1-119-75669-9, July 2020

AWS Certified SysOps Administrator Practice Tests: Associate (SOA-C01) Exam

— ISBN 978-1-119-62272-7, May 2020SOA-C01

Study Guide

and

Practice Tests

also available as a set — ISBN 978-1-119-66410-9, June 2020

AWS Certified Solutions Architect Study Guide with 900 Practice Test Questions: Associate (SAA-C03) Exam, 4th Edition

— ISBN 978-1-119-98262-3, October 2022Edition with accompanying online labs — ISBN 978-1-394-18557-3, December 2022

Foundational Certification

AWS Certified Cloud Practitioner Study Guide: Foundational (CLF-C02) Exam, Second Edition

— ISBN 978-1-394-23563-6, December 2023

Specialty Certifications

AWS Certified Advanced Networking Study Guide: Specialty (ANS-C01) Exam, 2nd Edition

— ISBN 978-1-394-17185-9, December 2023

AWS Certified Data Analytics Study Guide: Specialty (DAS-C01) Exam

— ISBN 978-1-119-64947-2, December 2020 Edition with accompanying online labs — ISBN 978-1-119-81945-5, April 2021

AWS Certified Security Study Guide: Specialty (SCS-C01) Exam

— ISBN 978-1-119-65881-8, December 2020

AWS Certified Machine Learning Study Guide: Specialty (MLS-C01) Exam

— ISBN 978-1-119-82100-7, November 2021

AWS Certified Database Study Guide: Specialty (DBS-C01) Exam

— ISBN 978-1-119-77895-0, April 2023

AWSCertified DeveloperStudy GuideAssociate (DVA-C02) Exam

Second Edition

Copyright © 2025 by John Wiley & Sons, Inc. All rights, including for text and data mining, AI training, and similar technologies, are reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada and the United Kingdom.

ISBNs: 9781394274802 (Paperback), 9781394274826 (ePDF), 9781394274819 (ePub)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission.

Trademarks: WILEY, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. AWS is a trademark or registered trademark of Amazon Technologies, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993. For product technical support, you can find answers to frequently asked questions or reach us via live chat at https://sybexsupport.wiley.com.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging in Publication data available on request.

Cover image: © Getty Images Inc./Jeremy Woodhouse

Cover design: Wiley

About the Author

Brandon Rich is an IT Architect at the University of Notre Dame with over a decade of hands-on experience in AWS. As a leader in Notre Dame’s “Cloud First” initiative, he helped advance that institution’s mission by automating processes, migrating complex systems, and adopting scalable, managed services. Over his career, Brandon has been responsible for crafting and implementing IT strategy across many areas, including application and integration architecture, cloud strategy, virtual desktop infrastructure, and now, artificial intelligence as Director of AI Enablement. Brandon is also a LinkedIn Learning instructor, focusing on enterprise infrastructure, automation, AI, and AWS technologies. In his spare time, he enjoys traveling, backpacking with his family, and playing music with his Notre Dame bandmates.

Acknowledgments

I’m indebted to many people in the writing of this book. Many thanks to Carole Jelen at Waterside Productions for making connections, finding opportunities, and navigating the details time and time again.

At Wiley, thank you to the team of Kenyon Brown, Krysta Winsheimer, Ashirvad Moses, Magesh Elangovan, and Sara Deichman for shepherding this book through the process and answering many questions along the way.

Thanks to Mike Chapple and Sharif Nijim, who envisioned Notre Dame as a leader in higher education cloud adoption and made it happen. It was your support and encouragement that set me on the path to authorship—first online, and now in print.

To my wife Lauren and our two kids: thank you for your patience, encouragement, and support, and for tolerating a lot of “clicky-clacking.” I could not have done it without you.

Thanks to Beckett for walking across the keyboard so often; at least half of this book is his.

Introduction

Developers bring innovation to life. They transform ideas into reality, imagining, designing, and implementing applications that fulfill a vision, be it for their organizations, their customers, or their own personal projects. For developers, there is no better way to realize those visions in a dynamic, code-forward, flexible, scalable, and automated way than with Amazon Web Services. If you’re a developer eager to launch or accelerate your cloud journey, you’ve come to the right place. From automatic scaling and continuous delivery to event-driven architectures and serverless applications, AWS helps you build amazing things in the cloud, and this book is your guide.

Not only that, but this study guide is also designed to provide you with the knowledge required to obtain the AWS Certified Developer – Associate certification. The guide covers topics relevant to the exam, referencing the exam blueprint throughout each chapter while providing context on how to bring applications to life with the services covered.

Beyond the test, this book can serve as a reference for building highly available applications that run on the AWS Cloud. While we assume you bring prior experience programming in Java, Python, .NET, and other languages, the study guide begins with an introduction to AWS core concepts and provides the knowledge on which the subsequent chapters are built. Because security is a top priority for all applications, the first chapter also describes how to create access keys by using AWS Identity and Access Management (IAM). The rest of the book covers topics ranging from compute services, storage services, databases, encryption, container orchestration, automation pipelines, and serverless-based applications.

The chapters were designed with the understanding that developers learn best by building. To enhance learning through hands-on experience, at the end of each chapter is an “Exercise” section with activities that help reinforce the main topic of the chapter.

Each chapter also contains a “Review Questions” section to assess your understanding of its concepts. Please note that while these review questions focus on chapter-specific content, the actual certification exam will test your ability to synthesize concepts, propose architectures, and evaluate optimal designs from multiple viable options.

To help you determine the level of your AWS knowledge and aptitude before reading the guide, we provide an assessment test with 57 questions at the end of this introduction. Later, you can gauge your readiness to take the certification test with the 91-question practice exam provided online.

By the end of this book, you won’t just be ready for the certification exam—you’ll be equipped to realize your vision for what’s possible in the cloud. Let’s begin.

What Does This Book Cover?

This book covers topics that you need to know to prepare for the Amazon Web Services (AWS) Certified Developer – Associate exam.

Chapter 1

: Introduction to Amazon Web Services

  This chapter provides an overview of how AWS works, including how resources are deployed across regions and availability zones. The chapter includes an introduction to the AWS command-line interface (CLI) and software development kits (SDKs). A review of AWS access keys and how to manage them using AWS Identity and Access Management (IAM) is also included.

Chapter 2

: Introduction to Compute and Networking

  This chapter reviews compute and networking environments in AWS. It provides an overview of resources such as Amazon EC2, load balancers, security groups, and the network controls exposed through Amazon Virtual Private Cloud (Amazon VPC).

Chapter 3

: AWS Data Storage

  This chapter covers cloud storage with AWS. It provides an overview of storage fundamentals and the AWS storage portfolio of services, including Amazon Simple Storage Service (Amazon S3), Amazon S3 Glacier, Elastic Block Store (EBS), Elastic File System (EFS) and FSx. The chapter also covers how to tune your storage for performance and choose the right type of storage for a workload.

Chapter 4

: AWS Database Services

  This chapter provides an overview of the AWS database services as well as a baseline understanding of SQL versus NoSQL. We explore DynamoDB in detail, then dive into Amazon RDS and Amazon Aurora.

Chapter 5

: Encryption on AWS

  In this chapter, you will explore AWS services that enable you to perform encryption of data at rest using both customer and AWS managed solutions. An overview of each approach and the use case for each is provided. Example architectures are included that show the differences between a customer and an AWS managed infrastructure.

Chapter 6

: Deployment Strategies

  In this chapter, you will learn about automated application deployment, management, and maintenance using AWS Elastic Beanstalk. You will also learn about the various deployment methodologies and options to determine the best approach for individual workloads.

Chapter 7

: Deployment as Code

  This chapter describes the AWS code services used to automate infrastructure and application deployments across AWS and on-premises resources. Topics covered include CodeBuild, CodeDeploy, and CodePipeline. You will learn about the differences among continuous integration, continuous delivery, and continuous deployment, in addition to how AWS enables you to achieve each.

Chapter 8

: Infrastructure as Code

  This chapter focuses on using AWS CloudFormation to create flexible, repeatable templates for a cloud infrastructure. You will learn about the different AWS CloudFormation template components, supported resources, and how to integrate non-AWS resources into your templates using custom resources.

Chapter 9

: Secure Configuration and Container Management

  This chapter covers AWS’s two foundational services for cloud container orchestration: Elastic Container Service (ECS), which is AWS-native and integrates tightly with other services, and Elastic Kubernetes Service (EKS), which lets you launch or migrate Kubernetes workloads to the AWS Cloud with ease. Finally, the chapter delves into two essential services for managing configuration and secret values in Parameter Store and Secrets Manager.

Chapter 10

: Authentication and Authorization

  This chapter explains the differences between authentication and authorization and how these differences apply to infrastructure and applications running on AWS. You will learn about using Cognito as an identity provider and about integrating third-party identity services, in addition to the differences between the control pane and data pane.

Chapter 11

: Refactoring to Microservices

  In this chapter, you will learn about microservices and how to refactor large application stacks into small, portable containers. You will also learn how to implement messaging infrastructure to enable communication between microservices running in your environment.

Chapter 12

: Serverless Compute

  This chapter reviews AWS Lambda as a compute service that you can use to run code without provisioning or managing servers. In this chapter, you will learn about creating, triggering, and securing AWS Lambda functions. You will also learn other features of AWS Lambda, such as versioning and aliases.

Chapter 13

: Serverless Applications

  This chapter expands on the serverless concepts you learned in

Chapter 12

, “Serverless Compute,” and shows you how to architect full-stack serverless web applications using a variety of serverless AWS resources, including S3, AppSync, ElastiCache, and API Gateway.

Chapter 14

: Modern AWS Deployment Frameworks

  This chapter showcases some of the higher-level abstractions that AWS provides to create complex architectures in simple ways. Cloud Developer Kit (CDK) lets developers build infrastructure-as-code using code rather than the declarative templates of CloudFormation, while Serverless Application Model provides shortcuts to extend CloudFormation in ways that make building serverless apps easy. Finally, we look at AWS Amplify, a full-stack developer tool for configuring many AWS backends using TypeScript and using them in a variety of popular front-end frameworks.

Chapter 15

: Monitoring and Troubleshooting

  This chapter discusses how to monitor your applications, alert on changing conditions, and automate your responses. You will learn how to use Amazon CloudWatch to perform log analysis and create custom metrics for ingestion by other tools and for creating visualizations in the dashboard. You’ll use CloudTrail to monitor activity in your account and trace changes to users and applications. You’ll also see how EventBridge enables the creation of event-driven architectures and learn how to use AWS X-Ray to create visual maps of application components for step-by-step analysis.

Chapter 16

: Optimization

  This chapter covers some of the best practices and considerations for designing systems that achieve business outcomes at the optimal price. The chapter explores considerations for efficient data transfer, how to use Auto Scaling, and how to realize deep cost savings safely by using Spot Instances and mixed Spot Fleets. The chapter concludes with key AWS tools for managing and monitoring your account’s cost and performance.

Interactive Online Learning Environment and Test Bank

The author has worked hard to provide you with some great tools to help you with your certification process. The interactive online learning environment that accompanies the AWS Certified Developer – Associate Study Guide, Second Edition, provides a test bank with study tools to help you prepare for the certification exam. This helps you increase your chances of passing it the first time! The test bank includes the following:

Sample Tests

All of the questions in this book, including the 57-question assessment test at the end of this introduction and the review questions that are provided at the end of each chapter. In addition, there is a practice exam available online with 91 questions. Use these questions to test your knowledge of the study guide material. The online test bank runs on multiple devices.

Flashcards

The online test bank includes over a 125 flashcards specifically written to quiz your knowledge of AWS operations. After completing all the exercises, review questions, practice exams, and flashcards, you should be more than ready to take the exam. The flashcard questions are provided in a digital flashcard format (a question followed by a single correct answer). You can use the flashcards to reinforce your learning and provide last-minute test prep before the exam.

Glossary

A glossary of key terms from this book is available as a fully searchable PDF.

Go to www.wiley.com/go/sybextestprep to register and gain access to this interactive online learning environment and test bank with study tools.

Like all exams, the Certified Developer – Associate certification from AWS is updated periodically and may eventually be retired or replaced. At some point after AWS is no longer offering this exam, the old editions of our books and online tools will be retired. If you have purchased this book after the exam was retired, or are attempting to register in the Sybex online learning environment after the exam was retired, please know that we make no guarantees that this exam’s online Sybex tools will be available once the exam is no longer available.

Exam Objectives

The AWS Certified Developer – Associate Exam is intended for individuals who perform in a developer role. This exam validates your proficiency in developing, testing, deploying, and debugging AWS-based applications. Exam concepts that you should understand for this exam include the following:

Core AWS services, uses, and basic AWS architecture best practices

Developing, deploying, and debugging cloud-based applications using AWS

In general, certification candidates should understand the following:

Using APIs, the CLI, and AWS SDKs to write applications and manipulate AWS resources

Key features of AWS services

AWS shared responsibility model

Application lifecycle management

CI/CD pipeline to deploy applications on AWS

Using or interacting with AWS services

Using cloud-native applications to write code

Writing code using AWS security best practices (for example, not using secret and access keys in the code, and instead using IAM roles)

Storing data in the best service for the job

How to manage data over its life cycle using AWS storage resources

Writing code for serverless applications

Using containers in the development process

Building serverless architectures using AWS-native tools

Managing configuration values and secrets securely

The exam covers four different domains, with each domain broken down into individual task statements.

Objective Map

The following table lists each domain and its weighting in the exam, along with the chapters in the book where that domain’s objectives and subobjectives are covered.

Domain

Percentage of exam

Chapter(s)

Domain 1: Development with AWS Services

32%

1

,

2

,

3

,

4

,

6

,

7

,

8

,

9

,

11

,

12

,

13

,

14

,

15

,

16

Task Statement 1: Develop code for applications hosted on AWS

1

,

2

,

3

,

4

,

6

,

7

,

8

,

9

,

13

,

14

,

15

,

16

Task Statement 2: Develop code for AWS Lambda

12

,

13

,

14

Task Statement 3: Use data stores in application development

3

,

4

,

8

,

9

,

11

,

13

Domain 2: Security

26%

1

,

2

,

3

,

4

,

5

,

9

,

10

,

12

,

13

,

14

Task Statement 1: Implement authN and/or AuthZ for apps and AWS services

1

,

2

,

3

,

4

,

5

,

10

,

13

,

14

Task Statement 2: Implement encryption by using AWS services

3

,

4

,

5

Task Statement 3: Manage sensitive data in application code

3

,

4

,

5

,

9

,

12

Domain 3: Deployment

24%

6

,

7

,

8

,

9

,

12

,

14

Task Statement 1: Prepare application artifacts to be deployed to AWS

6

,

7

,

8

,

9

,

12

,

14

Task Statement 2: Test applications in development environments

6

,

12

Task Statement 3: Automate deployment testing

7

,

12

Task Statement 4: Deploy code by using AWS CI/CD services

6

,

7

,

9

,

12

,

14

Domain 4: Troubleshooting and Optimization

18%

2

,

3

,

4

,

6

,

8

,

9

,

11

,

12

,

13

,

15

,

16

Task Statement 1: Assist in a root cause analysis

8

,

12

,

15

,

16

Task Statement 2: Instrument code for observability

6

,

11

,

12

,

13

,

15

,

16

Task Statement 3: Optimize applications by using AWS services and features

2

,

3

,

4

,

8

,

9

,

11

,

12

,

13

,

15

,

16

How to Contact the Publisher

If you believe you have found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

To submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.”

Assessment Test

You have an application running on an Amazon Elastic Compute Cloud (Amazon EC2) instance that needs read-only access to several AWS services. What is the best way to grant that application permissions only to a specific set of resources within your account?

Configure Security Groups to allow the instance to work with the resources it should be able to access.

Launch the EC2 instance, log in, and use

aws configure

to authenticate as an IAM user with appropriate permissions.

Declare the necessary permissions as statements in the AWS SDK configuration file on the EC2 instance.

Launch the EC2 instance with an attached IAM role with custom IAM policies for the permissions.

You have identified two Amazon Elastic Compute Cloud (EC2) instances in your account that appear to have the same private IP address. What could be the cause?

These instances are in different Amazon Virtual Private Clouds (VPCs).

The instances are in different subnets.

The instances have different network ACLs.

The instances have different security groups.

Your company stores critical documents in Amazon Simple Storage Service (S3), but it wants to minimize cost. Most documents are used actively for only about one month and then used much less frequently after that. However, all data needs to be available within minutes when requested. How can you meet these requirements?

Migrate the data to S3 Reduced Redundancy Storage (RRS) after 30 days.

Migrate the data to S3 Glacier after 30 days.

Migrate the data to S3 Standard – Infrequent Access (IA) after 30 days.

Turn on versioning and then migrate the older version to S3 Glacier.

You are changing your application to take advantage of the elasticity and cost benefits provided by AWS Auto Scaling. To horizontally scale, you must no longer store users’ session state on your EC2 instances. Which of the following AWS Cloud services is best suited as an alternative for storing session state information?

Amazon DynamoDB

Amazon Redshift

AWS Storage Gateway

Amazon Kinesis

Your e-commerce application provides daily and ad hoc reporting to various business units on customer purchases. These operations result in a high level of read traffic to your MySQL Amazon Relational Database Service (RDS) instance. What can you do to scale up read traffic without impacting your database’s performance?

Increase the allocated storage for the RDS instance.

Modify the RDS instance to be a multi-AZ deployment.

Create a read replica for an RDS instance.

Change the RDS instance to the DB engine version.

Your company has refactored their application to use NoSQL instead of SQL. They would like to use a managed service for running the new NoSQL database. Which AWS service should you recommend?

Amazon Relational Database Service (Amazon RDS)

Amazon Elastic Compute Cloud (Amazon EC2)

Amazon DynamoDB

Amazon AppSync

A company is currently using Amazon Relational Database Service (RDS); however, they are retiring a database that is currently running. They have automatic backups enabled on the database. They want to make sure that they retain the last backup before deleting the RDS database. As the lead developer on the project, what should you do?

Delete the database. RDS automatic backups are already enabled.

Create a manual snapshot before deleting the database.

Use the AWS Database Migration Service (DMS) to back up the database.

SSH into the RDS database and perform a SQL dump.

You have an Amazon DynamoDB table that has a partition key and a sort key. However, a business analyst on your team wants to be able to query the DynamoDB table with a different partition key. What should you do?

Create a local secondary index.

Create a global secondary index.

Create a new DynamoDB table.

Advise the business analyst that this is not possible.

An application is using Amazon DynamoDB. Recently, a developer on your team has noticed that occasionally the application does not return the most up-to-date data after a read from the database. How can you solve this issue?

Increase the number of read capacity units (RCUs) for the table.

Increase the number of write capacity units (WCUs) for the table.

Refactor the application to use a SQL database.

Configure the application to perform a strongly consistent read.

A developer on your team would like to test a new idea and requires a NoSQL database. Your current applications are using Amazon DynamoDB. What should you recommend?

Create a new table inside DynamoDB.

Use DynamoDB Local.

Use another NoSQL database on-premises.

Create an Amazon Elastic Compute Cloud (EC2) instance, and install a NoSQL database.

Amazon Elastic Block Store (EBS) volumes are encrypted by default.

True

False

Which of the following is not part of the AWS Elastic Beanstalk functionality?

Notify the account user of language runtime platform changes

Display events per environment

Show instance statuses per environment

Perform automatic changes to AWS Identity and Access Management (IAM) policies

What happens to AWS CodePipeline revisions that, upon reaching a manual approval gate, are rejected?

The pipeline continues.

A notification is sent to the account administrator.

The revision is treated as failed.

The pipeline creates a revision clone and continues.

You have an AWS CodeBuild task in your pipeline that requires large binary files that do not frequently change. What would be the best way to include these files in your build?

Store the files in your source code repository. They will be passed in as part of the revision.

Store the files in an Amazon Simple Storage Service (S3) bucket and copy them during the build.

Create a custom build container that includes the files.

It is not possible to include files above a certain size.

When you update an

AWS::S3::Bucket

resource, what is the expected behavior if the

Name

property is updated?

The resource is updated with no interruption.

The resource is updated with some interruption.

The resource is replaced.

The resource is deleted.

What is the preferred method for updating resources created by AWS CloudFormation?

Updating the resource directly in the AWS Management Console

Submitting an updated template to AWS CloudFormation to modify the stack

Updating the resource using the AWS Command Line Interface (CLI)

Updating the resource using an AWS Software Development Kit (SDK)

You manage a sales tracking system in which point-of-sale devices send transactions of this form:

{"date":"2017-01-30", "amount":100.20, "product_id": "1012", "region":

"WA", "customer_id": "3382"}

You need to generate two real-time reports. The first reports on the total sales per day for each customer. The second reports on the total sales per day for each product. Which AWS offerings and services can you use to generate these real-time reports?

Ingest the data through Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to query for sales per day for each product and sales per day for each customer using SQL queries. Feed the result into two new streams in Amazon Kinesis Data Firehose.

Ingest the data through Kinesis Data Streams. Use Kinesis Data Firehose to query for sales per day for each product and sales per day for each customer with SQL queries. Feed the result into two new streams in Kinesis Data Firehose.

Ingest the data through Kinesis Data Analytics. Use Kinesis Data Streams to query for sales per day for each product and sales per day for each customer with SQL queries. Feed the result into two new streams in Kinesis Data Firehose.

Ingest the data in Amazon Simple Queue Service (SQS). Use Kinesis Data Firehose to query for sales per day for each product and sales per day for each customer with SQL queries. Feed the result into two new streams in Kinesis Data Firehose.

You design an application for selling toys online. Every time a customer orders a toy, you want to add an item to the

orders

table in Amazon DynamoDB and send an email to the customer acknowledging their order. The solution should be performant and cost-effective. How can you trigger this email?

Use an Amazon Simple Queue Service (SQS) queue.

Schedule an AWS Lambda function to check for changes to the

orders

table every minute.

Schedule a Lambda function to check for changes to the

orders

table every second.

Use Amazon DynamoDB Streams.

A company would like to use Amazon DynamoDB. They want to set up a NoSQL-style trigger. Is this something that can be accomplished? If so, how?

No. This cannot be done with DynamoDB and NoSQL.

Yes, but not with AWS Lambda.

No. DynamoDB is not a supported event source for Lambda.

Yes. You can use Amazon DynamoDB Streams and poll them with Lambda.

Which of the following methods does Amazon API Gateway support?

GET

POST

OPTIONS

All of the above

A company wants to access the infrastructure on which AWS Lambda runs. Is this possible?

No. Lambda is a managed service and runs the necessary infrastructure on your behalf.

Yes. They can access the infrastructure and make changes to the underlying OS.

Yes. They need to open a support ticket.

Yes, but they need to contact their Solutions Architect to provide access to the environment.

Which Amazon services can you use for caching? (Choose two.)

AWS CloudFormation

Amazon Simple Storage Service (S3)

Amazon CloudFront

Amazon ElastiCache

Which Amazon API Gateway feature enables you to create a separate path that can be helpful in creating a development endpoint and a production endpoint?

Authorizers

API keys

Stages

Cross-origin resource sharing (CORS)

Which authorization mechanisms does Amazon API Gateway support?

AWS Identity and Access Management (IAM) policies

AWS Lambda custom authorizers

Amazon Cognito user pools

All of the above

Which tool can you use to develop and test AWS Lambda functions locally?

AWS Serverless Application Model (SAM)

AWS SAM CLI

AWS CloudFormation

None of the above

Which AWS service can you use to store user profile information?

Amazon CloudFront

Amazon Cognito

Amazon Kinesis

AWS Lambda

Which of the following cache engines does Amazon ElastiCache support? (Choose two.)

Redis

MySQL

Couchbase

Memcached

Why would an Amazon CloudWatch alarm report as

INSUFFICIENT_DATA

instead of

OK

or

ALARM

? (Choose two.)

The alarm was just created.

There is an AWS Identity and Access Management (IAM) permission preventing the metric from receiving data.

The alarm’s trigger threshold, such as high CPU usage, has not been met.

The alarm has not reached the requisite number of periods to have data.

You were asked to develop an administrative web application that consumes low throughput and rarely receives high traffic. Which of the following instance type families will be the most optimized choice?

Memory optimized

Compute optimized

General purpose

Accelerated computing

Because your applications are showing a consistent steady-state compute usage, you have decided to purchase an AWS Savings Plan to gain significant pricing discounts. Which of the following is

not

the best purchase option?

All Up-front

Partial Up-front

No Up-front

Pay-as-you-go

What is the maximum size of an AWS Lambda deployment package (as a compressed zip or JAR file)?

25 MB

50 MB

100 MB

250 MB

Your application processes transaction-heavy and IOPS-intensive database workloads, often needing over 20,000 IOPS. You need to choose the right Amazon Elastic Block Store (EBS) volume so that application performance is not affected. Which of the following options would you suggest?

HDD-backed storage (st1)

SSD-backed storage (io1)

Amazon Simple Storage Service (S3) Intelligent Tier class storage

SSD-backed storage (gp3)

A legacy financial institution is planning for a huge technical upgrade and planning to go global. The architecture depends heavily on using caching solutions. Which one of the following services does

not

fit into the caching solutions?

Amazon ElastiCache for Redis

Amazon ElastiCache for Memcached

Amazon DynamoDB Accelerator

Amazon Elastic Compute Cloud (EC2) memory-optimized

Which of the following partition key choices is an inefficient design that leads to poor distribution of the data in an Amazon DynamoDB table?

User ID, where the application has many users

Device ID, where each device accesses data at relatively similar intervals

Status code, where there are only a few possible status codes

Session ID, where the user session remains distinct

You are planning to build serverless backends by using AWS Lambda to handle web, mobile, Internet of Things (IoT), and third-party API requests. Which of the following are the main benefits in opting for a serverless architecture in this scenario? (Choose three.)

No need to manage servers

No need to ensure application fault tolerance and fleet management

No charge for idle capacity

Flexible maintenance schedules

Powered for high complex processing

A company would like to migrate their existing application to a serverless-based application. They are already using Amazon Simple Storage Service (S3) for their static website, and they have implemented API Gateway and Lambda for their business logic. They would like to be able to set up a serverless database. They are currently running a MySQL database. Which AWS service, which is serverless, could help them?

Amazon Aurora

Amazon Neptune

Amazon DynamoDB

Amazon ElastiCache

Which AWS service can be used to develop an application sign-in flow automatically, which you can customize if necessary?

Amazon Simple Storage Service (S3)

Amazon Cognito

Amazon Aurora

AWS Lambda

A company is migrating their web application to a serverless architecture. They are ready to take their static web files and move them to AWS. Which serverless service allows them to host a website?

Amazon Simple Storage Service (S3)

Amazon DynamoDB

Amazon Elastic Compute Cloud (EC2)

AWS Elastic Beanstalk

What is the minimum amount of memory that you can allocate to an AWS Lambda function?

6 MB

32 MB

64 MB

128 MB

What is the maximum size of all the code and dependencies for an AWS Lambda function before compression?

50 MB

100 MB

250 MB

500 MB

What is the default setting for Amazon Simple Queue Service (SQS) visibility timeout?

30 seconds

1 minute

1 day

1 week

What are the keys that can be used in an Amazon DynamoDB table? (Choose two.)

Partition key

Sort key

Unique key

Cache key

Master key

What feature does Amazon ElastiCache provide?

A highly available and fast indexing service for querying

An Amazon Elastic Compute Cloud (EC2) instance with a large amount of memory and CPU

A managed in-memory caching service

An Amazon EC2 instance with Redis and Memcached already installed

Which AWS service can you use to monitor an AWS Lambda function performance?

Lambda is serverless and therefore you cannot monitor its performance.

AWS CloudTrail has metrics about the performance of the Lambda function.

AWS Config stores all configuration details and performance of Lambda functions.

Amazon CloudWatch monitors the performance of Lambda functions.

Which launch type in Amazon ECS allows you to run containers without managing EC2 instances?

EC2

On-Premises

Fargate

Lambda

AWS Secrets Manager can automatically rotate secrets according to a schedule you define.

True

False

What is Amazon Athena primarily used for?

Performing real-time analytics on streaming data

Running SQL queries directly on data stored in Amazon S3

Building machine learning models

Managing relational databases

Which of the following scenarios is most appropriate for using Amazon EFS?

Running a high-performance computing (HPC) application that requires low-latency storage

Storing frequently changing website content that needs to be served across multiple EC2 instances

Storing large, infrequently accessed data sets

Backing up data from an RDS instance

What is the primary purpose of AWS AppSync?

To host static websites

To deploy and scale container-based applications

To create and manage GraphQL APIs

To keep application configuration consistent between servers

AWS API Gateway only supports REST APIs.

True

False

Security groups act as a virtual firewall that controls both inbound and outbound traffic for Amazon EC2 instances.

True

False

What is the primary purpose of an IAM role?

Associating users with fixed permissions according to their role in the organization

Applying temporary credentials for accessing AWS services

Restricting access to S3 buckets

Managing billing and cost

Amazon Aurora is compatible with which two database engines?

Microsoft SQL Server

PostgreSQL

Oracle

MySQL

What do EC2 instance types govern?

The operating system of the instance

Hardware characteristics such as CPU, RAM, and Network

The underlying architecture of the virtual machine (e.g., x86 vs. ARM)