AWS Developer Associate (DVA-C02) – General & Best Practices Essentials

These are the bare minimum concepts needed to answer the quiz correctly.

Source: Quiz provided by the user. fileciteturn0file0


1. ElastiCache (Redis) – Cache-Aside (Lazy Loading)

What is it?

Store frequently read data in Redis instead of repeatedly querying the database.

How it works

  1. Application checks Redis.
  2. If found → return immediately.
  3. If not found → read from database.
  4. Store result in Redis.
  5. Return data.

Best for

Benefits

Remember

Read-heavy + rarely changing data = Redis Cache-Aside


2. Cache TTL (Time To Live)

What is TTL?

How long an item stays in cache before expiring.

Why use TTL?

Remember

Short TTL = Good balance between performance and freshness


3. S3 CORS (Cross-Origin Resource Sharing)

Problem

A website loads files from another domain.

Example

Website:
www.example.com

Assets:
assets.example.com

Browser blocks requests unless CORS allows them.

Fix

Configure CORS on the S3 bucket.

Allow:

Remember

Cross-domain browser request → Configure S3 CORS


4. STS AssumeRole (Cross-Account Access)

Purpose

Access another AWS account securely.

How?

Account A
      |
AssumeRole
      |
Account B

STS returns

Never use

Remember

Cross-account access = STS AssumeRole


5. KMS Imported Key Material

Situation

Company wants AWS KMS but wants to provide its own encryption key.

Use

Customer Managed KMS Key (CMK)

with

Imported Key Material

Benefits

Remember

Requirement Solution
Your own encryption key KMS CMK + Imported Key Material

6. S3 Pre-Signed URLs

Purpose

Allow someone to download/upload a specific object temporarily.

No AWS account required.

Good for

Features

Remember

Temporary S3 access → Pre-Signed URL


7. AWS X-Ray Service Map

Purpose

Trace requests across microservices.

Shows

Very useful for

Remember

Microservice performance visualization = X-Ray Service Map


8. Decode Authorization Message

Sometimes AWS CLI returns

Encoded authorization failure

Decode using

aws sts decode-authorization-message

Shows

Remember

Encoded permission error → decode-authorization-message


9. CloudTrail for Resource Deletion

If something suddenly disappears

Example

First check

CloudTrail

It records

Remember

Who deleted something? → CloudTrail


10. AWS CLI Configuration

Instead of typing

--region
--output

every time,

Run

aws configure

Stores

Location

~/.aws/config

~/.aws/credentials

Remember

CLI defaults → aws configure


11. Cognito Federation with Azure AD

Users already have Azure AD accounts.

Do NOT create IAM users.

Instead

Azure AD
     ↓
Cognito User Pool
     ↓
JWT Token
     ↓
API Gateway / Lambda

Supports

Remember

Enterprise login → Cognito Federation


12. CloudTrail Log File Integrity Validation

Purpose

Prove CloudTrail logs were not modified.

Enable

Log File Integrity Validation

CloudTrail creates

Can later verify

Remember

Tamper-proof CloudTrail logs → Log File Integrity Validation


Quick Exam Cheat Sheet

Scenario AWS Service/Feature
Read-heavy database ElastiCache Redis
Cache strategy Cache-Aside (Lazy Loading)
Cache freshness TTL
Cross-domain S3 access S3 CORS
Cross-account access STS AssumeRole
Your own encryption key KMS CMK + Imported Key Material
Temporary S3 download Pre-Signed URL
Microservice tracing X-Ray Service Map
Decode IAM error aws sts decode-authorization-message
Who deleted a resource CloudTrail
Configure AWS CLI defaults aws configure
Azure AD login Cognito User Pool Federation
Verify CloudTrail logs not altered CloudTrail Log File Integrity Validation