The AWS Certified Developer Associate (DVA-C02) is the certification for developers who build and deploy applications on AWS. It sits in the same associate tier as the SAA-C03 and SOA-C02, but with a narrower, developer-first focus: SDKs, serverless patterns, deployment pipelines, and security at the application layer. If you write code that runs on or integrates with AWS services, this exam tests what you actually do.
This guide covers everything you need to get started: exam structure, the services that matter most, common traps, and a realistic study plan.
Exam Overview
| Detail | Value |
|---|---|
| Exam code | DVA-C02 |
| Questions | 65 (50 scored, 15 unscored) |
| Time | 130 minutes |
| Passing score | 720 / 1000 |
| Format | Multiple choice and multiple response |
| Cost | $150 USD |
The passing score of 720 out of 1000 means you need to get roughly 72% of scored questions correct. The 15 unscored pilot questions are indistinguishable from real ones, so treat every question as if it counts.
Exam Domains
| Domain | Weight |
|---|---|
| Development with AWS Services | 32% |
| Security | 26% |
| Deployment | 24% |
| Troubleshooting and Optimization | 18% |
Development and Security together are 58% of the exam. That's where to focus the bulk of your time.
Core Services to Master
Lambda and Serverless Patterns
Lambda is the backbone of DVA-C02. Questions cover concurrency (reserved vs provisioned), cold starts, execution limits, event source mappings, layers, and destination configurations. Know the 15-minute timeout, 10 GB memory limit, and what triggers synchronous vs asynchronous invocations.
API Gateway integrations with Lambda show up constantly. Understand proxy vs non-proxy integrations, authorizer types (Lambda vs Cognito), throttling, and stage variables. Know the difference between REST API, HTTP API, and WebSocket API and when to choose each.
Step Functions come up when a Lambda task exceeds time limits or when you need to orchestrate multi-step workflows. Know Standard vs Express Workflows and their timeout and execution semantics.
DynamoDB
DynamoDB is the most detail-heavy service on this exam. Topics you must know:
- Partition keys and sort keys: how they affect data distribution and access patterns
- Global Secondary Indexes (GSIs) and Local Secondary Indexes (LSIs): when to use each
- Read/write capacity units: calculating RCUs and WCUs for given access patterns
- On-demand vs provisioned capacity modes
- DynamoDB Streams: what they capture and how to trigger Lambda from them
- Transactions, TTL, and conditional writes
A common exam trap: candidates confuse when to use a GSI (different partition key) versus an LSI (same partition key, different sort key). LSIs must be created with the table; GSIs can be added after.
SQS, SNS, and EventBridge
Messaging and event-driven patterns are a DVA-C02 staple.
SQS: standard vs FIFO queues, visibility timeout, dead-letter queues, long polling vs short polling. Know that FIFO queues guarantee ordering and exactly-once processing at the cost of lower throughput (3,000 messages/second with batching).
SNS: fan-out pattern, filter policies, message attributes. SNS to SQS fan-out is a classic architecture question.
EventBridge: event buses, rules, targets, and how it differs from SNS. EventBridge is the modern event router; SNS is simpler pub/sub.
Cognito
Cognito questions focus on the distinction between User Pools and Identity Pools:
- User Pools: authentication and user directory. Handle sign-up, sign-in, MFA, and tokens (ID token, access token, refresh token).
- Identity Pools: authorization. Exchange tokens (from User Pools or other identity providers) for temporary AWS credentials via STS.
Know the authentication flows: SRP, custom auth, and hosted UI. Understand when a JWT from a User Pool is sufficient versus when you need Identity Pool credentials to call AWS services directly.
IAM and Security
The Security domain is 26% of the exam. Beyond standard IAM (roles, policies, least-privilege), DVA-C02 specifically tests:
- Secrets Manager vs Parameter Store: Secrets Manager rotates secrets automatically; Parameter Store is cheaper and integrated deeply with EC2 and ECS. Know when each is appropriate.
- KMS and envelope encryption: you encrypt a data key with a CMK; your application uses the plaintext data key to encrypt data. The encrypted data key travels with the data.
- S3 pre-signed URLs: grant temporary, scoped access to a specific object without exposing credentials. Common pattern for upload/download flows.
- STS and temporary credentials: how applications assume roles and receive short-lived credentials.
Elastic Beanstalk and CodeDeploy
Deployment policies in Elastic Beanstalk:
| Policy | Behavior |
|---|---|
| All at once | Deploys to all instances simultaneously. Fastest; causes downtime. |
| Rolling | Updates instances in batches. No downtime; reduced capacity during deploy. |
| Rolling with additional batch | Launches new instances first. No capacity reduction. |
| Immutable | Launches a fresh Auto Scaling group. Safest; slowest. |
| Blue/green | Swaps environment URLs. Full rollback capability. |
CodeDeploy deployment types: in-place and blue/green. AppSpec file structure for EC2 vs Lambda vs ECS deployments. The lifecycle event hooks order for EC2 deployments (ApplicationStop, BeforeInstall, AfterInstall, ApplicationStart, ValidateService).
X-Ray
X-Ray is the distributed tracing service. Know how the X-Ray daemon works (installed alongside your application, buffers segments), what annotations vs metadata are used for (annotations are indexed and searchable; metadata is not), and how to enable X-Ray tracing for Lambda and API Gateway.
Common Exam Traps
Credentials in code: any question where an application needs to access an AWS service should use an IAM role, not hardcoded access keys. If the question mentions environment variables for credentials, it's usually the wrong answer.
Throttling and exponential backoff: 429 errors from API Gateway or ProvisionedThroughputExceededException from DynamoDB both call for exponential backoff with jitter. The exam tests that you know to implement this in application code, not just retry immediately.
SQS visibility timeout vs message retention: visibility timeout hides a message from other consumers while it's being processed; message retention is how long SQS keeps an unprocessed message (1 minute to 14 days). Confusing these leads to wrong answers about retry behaviour.
Lambda environment variable encryption: Lambda environment variables are encrypted at rest using KMS by default. If a question asks about securing sensitive values in Lambda configuration, KMS encryption of environment variables is the right answer, not Secrets Manager (unless rotation is required).
Study Plan
| Week | Focus |
|---|---|
| 1–2 | Lambda, API Gateway, DynamoDB fundamentals |
| 3 | SQS, SNS, EventBridge, Step Functions |
| 4 | Cognito, IAM, KMS, Secrets Manager |
| 5 | Elastic Beanstalk, CodePipeline, CodeDeploy, CodeBuild |
| 6 | X-Ray, CloudWatch, CloudFormation, SAM |
| 7–8 | Practice exams, review weak areas |
Build as you go. Set up a Lambda function behind API Gateway connected to DynamoDB. Add Cognito authentication. Deploy it with CodePipeline. Doing this once makes exam questions feel concrete. Reading about these services without building is significantly less effective.
Recommended Resources
- AWS Developer Associate exam guide (AWS)
- AWS Well-Architected Framework
- AWS documentation: Lambda
- DVA-C02 practice exams on this site
Final Thoughts
The DVA-C02 is one of the more rewarding associate exams because the content maps directly to real development work. Developers who actively build on AWS will recognise most of the scenarios. Candidates studying from scratch without building anything will find the serverless, SDK, and deployment sections harder than the material suggests.
Build things in AWS while you study. That single habit makes the difference between memorising facts and understanding why the exam answers are correct.
Start with our DVA-C02 practice questions to check where your gaps are and track your progress as you go.