AWS Cloud Clubs
  • 1. Domain 1: Development with AWS Services
    • 1.1 Develop code for applications hosted on AWS
      • 1.1.1 Architectural Patterns
      • 1.1.2 Stateful vs Stateless
      • 1.1.3 Tightly vs Loosely Coupled
      • 1.1.4 Synchronous vs Asynchronous
      • 1.1.5 Fault-Tolerant & Resilient Applications
      • 1.1.6 Create, Extend, and Maintain APIs
      • 1.1.7 Write and Run Unit Tests
      • 1.1.8 Messaging Services
      • 1.1.9 AWS SDKs & APIs
      • 1.1.10 Streaming Data
      • 1.1.11 Amazon Q Developer
      • 1.1.12 Amazon EventBridge
      • 1.1.13 Resilient Third-Party Integrations
      • 1.1.14 AWS AppSync
    • 1.2 Develop code for AWS Lambda
      • 1.2.1 Lambda trong VPC
      • 1.2.2 Lambda Configuration
      • 1.2.3 Event Lifecycle & Error Handling
      • 1.2.4 Write and Run Test Code
      • 1.2.5 Integrate Lambda with AWS Services
      • 1.2.6 Lambda Performance Tuning
      • 1.2.7 Real-Time Data Processing
    • 1.3 Use data stores in application development
      • 1.3.1 High-Cardinality Partition Keys
      • 1.3.2 Database Consistency Models
      • 1.3.3 Query vs Scan
      • 1.3.4 DynamoDB Keys & Indexing
      • 1.3.5 Serialize & Deserialize Data
      • 1.3.6 Use, Manage, and Maintain Data Stores
      • 1.3.7 Manage Data Lifecycles
      • 1.3.8 Data Caching Services
      • 1.3.9 Specialized Data Stores
      • 1.3.10 Storage Services (S3, EBS, EFS)
    • 1.4 Hands-on Labs
      • Lab 1.1: API Gateway + Lambda REST API
      • Lab 1.2: Lambda trong VPC + DynamoDB
      • Lab 1.3: SQS + SNS Fan-out Pattern
      • Lab 1.4: EventBridge Event-Driven Architecture
      • Lab 1.5: DynamoDB GSI/LSI + Query vs Scan
      • Lab 1.6: ElastiCache Redis Session Store
      • Lab 1.7: Kinesis Data Streams + Lambda
    • 1.5 Practice Questions
  • 2. Domain 2: Security
    • 2.1 Authentication & Authorization
      • 2.1.1 Federated Access (Cognito)
      • 2.1.2 Bearer Tokens
      • 2.1.3 Programmatic Access to AWS
      • 2.1.4 Authenticated Calls to AWS Services
      • 2.1.5 Assume an IAM Role
      • 2.1.6 Define Permissions for IAM Principals
      • 2.1.7 Application-Level Authorization
      • 2.1.8 Cross-Service Authentication in Microservices
    • 2.2 Encryption
      • 2.2.1 Encryption at Rest and in Transit
      • 2.2.2 Certificate Management
      • 2.2.3 Client-side vs Server-side Encryption
      • 2.2.4 KMS Encryption Keys
      • 2.2.5 Generate Certificates and SSH Keys
      • 2.2.6 Encryption Across Account Boundaries
      • 2.2.7 Key Rotation
    • 2.3 Sensitive Data Management
      • 2.3.1 Data Classification
      • 2.3.2 Encrypt Environment Variables
      • 2.3.3 Secret Management Services
      • 2.3.4 Sanitize Sensitive Data
      • 2.3.5 Data Masking and Sanitization
      • 2.3.6 Multi-Tenant Data Access Patterns
    • 2.4 Hands-on Labs
      • Lab 2.1: Cognito User Pool
      • Lab 2.2: IAM Roles + STS AssumeRole
      • Lab 2.3: KMS Encryption
      • Lab 2.4: Secrets Manager
      • Lab 2.5: API Gateway Authorizers
    • 2.5 Practice Questions
  • 3. Domain 3: Deployment
    • 3.1 Prepare Application Artifacts
      • 3.1.1 Dependencies & Packaging
      • 3.1.2 Directory Structure
      • 3.1.3 Repositories
      • 3.1.4 Resource Requirements
      • 3.1.5 AWS AppConfig
      • 3.1.6 AWS CodeArtifact
      • 3.1.6 SAM Commands & Deployment
      • 3.1.7 Container Services (ECS, EKS, ECR)
    • 3.2 Test Applications in Development Environments
      • 3.2.1 Test Deployed Code
      • 3.2.2 Integration Tests & Mock APIs
      • 3.2.3 Test with Development Endpoints
      • 3.2.4 Deploy Stack Updates to Environments
      • 3.2.5 Test Event-Driven Applications
      • 3.2.6 Deployment Strategies & Testing
    • 3.3 Automate Deployment Testing
      • 3.3.1 Create Application Test Events
      • 3.3.2 Deploy API Resources to Environments
      • 3.3.3 Approved Versions for Integration Testing
      • 3.3.4 Implement and Deploy IaC Templates
      • 3.3.5 Manage Environments in AWS Services
      • 3.3.6 Amazon Q Developer for Automated Tests
    • 3.4 CI/CD Deployment
      • 3.4.1 Lambda Deployment Packaging Options
      • 3.4.2 API Gateway Stages and Custom Domains
      • 3.4.3 Update Existing IaC Templates
      • 3.4.4 Manage Application Environments
      • 3.4.5 Deploy Application Versions
      • 3.4.6 Commit Code to Invoke Build/Test/Deploy
      • 3.4.7 Orchestrated Workflows for Deployment
      • 3.4.8 Application Rollbacks
      • 3.4.9 Labels and Branches for Version Management
      • 3.4.10 Runtime Configurations for Dynamic Deployments
      • 3.4.11 Configure Deployment Strategies
      • 3.4.12 CI/CD Automation & CodeDeploy
    • 3.5 Hands-on Labs
      • Lab 3.1: SAM Deploy Lambda + API Gateway
      • Lab 3.2: CodePipeline CI/CD
      • Lab 3.3: CloudFormation Stack
      • Lab 3.4: ECS Fargate Deployment
      • Lab 3.5: Blue/Green with CodeDeploy
      • Lab 3.6: API Gateway Stages + Variables
    • 3.6 Practice Questions
  • 4. Domain 4: Troubleshooting and Optimization
    • 4.1 Root Cause Analysis
      • 4.1.1 Debug Code to Identify Defects
      • 4.1.2 Interpret Metrics, Logs, and Traces
      • 4.1.3 Query Logs to Find Relevant Data
      • 4.1.4 Implement Custom Metrics (EMF)
      • 4.1.5 Review Health with Dashboards & Insights
      • 4.1.6 Troubleshoot Deployment Failures
      • 4.1.7 Debug Service Integration Issues
    • 4.2 Observability
      • 4.2.1 Logging vs Monitoring vs Observability
      • 4.2.2 Effective Logging Strategy
      • 4.2.3 Implement Code that Emits Custom Metrics
      • 4.2.4 Add Annotations for Tracing
      • 4.2.5 Implement Notification Alerts
      • 4.2.6 Implement Tracing
      • 4.2.7 Implement Structured Logging
      • 4.2.8 Health Checks and Readiness Probes
    • 4.3 Optimization
      • 4.3.1 Define Concurrency
      • 4.3.2 Profile Application Performance
      • 4.3.3 Determine Minimum Memory and Compute
      • 4.3.4 Subscription Filter Policies
      • 4.3.5 Cache Content Based on Request Headers
      • 4.3.6 Application-Level Caching
      • 4.3.7 Optimize Application Resource Usage
      • 4.3.8 Analyze Application Performance Issues
      • 4.3.9 Use Logs to Identify Bottlenecks
      • 4.3.10 Real-World Optimization Scenarios
    • 4.4 Hands-on Labs
      • Lab 4.1: CloudWatch Logs + Metrics + Insights
      • Lab 4.2: X-Ray Tracing
      • Lab 4.3: CloudWatch Alarms + SNS
      • Lab 4.4: Lambda Performance Tuning
      • Lab 4.5: CloudFront Caching
      • Lab 4.6: X-Ray + ServiceLens + Synthetics (Deep Dive)
    • 4.5 Practice Questions
  • 5. AWS Services Reference
  • 6. Lộ trình ôn tập
AWS DVA-C02 Study Guide
First Cloud Journey

Last Updated
2026

Author
Danh Hoang Hieu Nghi
AWS Certified Developer Associate (DVA-C02) > Domain 2: Security

Domain 2

Security (26%)

Domain chiếm tỷ trọng lớn thứ hai — bảo mật là trọng tâm của DVA-C02.

Nội dung

  • Authentication & Authorization
    • 2.1.1 Federated Access (Cognito)
    • 2.1.2 Bearer Tokens
    • 2.1.3 Programmatic Access to AWS
    • 2.1.4 Authenticated Calls to AWS Services
    • 2.1.5 Assume an IAM Role
    • 2.1.6 Define Permissions for IAM Principals
    • 2.1.7 Application-Level Authorization
    • 2.1.8 Cross-Service Authentication in Microservices
  • Encryption
    • 2.2.1 Encryption at Rest and in Transit
    • 2.2.2 Certificate Management
    • 2.2.3 Client-side vs Server-side Encryption
    • 2.2.4 KMS Encryption Keys
    • 2.2.5 Generate Certificates and SSH Keys
    • 2.2.6 Encryption Across Account Boundaries
    • 2.2.7 Key Rotation
  • Sensitive Data Management
    • 2.3.1 Data Classification
    • 2.3.2 Encrypt Environment Variables
    • 2.3.3 Secret Management Services
    • 2.3.4 Sanitize Sensitive Data
    • 2.3.5 Data Masking and Sanitization
    • 2.3.6 Multi-Tenant Data Access Patterns
  • Hands-on Labs
    • Lab 2.1: Cognito User Pool
    • Lab 2.2: IAM Roles + STS AssumeRole
    • Lab 2.3: KMS Encryption
    • Lab 2.4: Secrets Manager
    • Lab 2.5: API Gateway Authorizers
  • Practice Questions