AWS · DVA-C02

Multi-Service Tradeoff — AWS Developer (DVA-C02)

18%of exam questions (36 of 200)

Lambda vs Fargate vs EKS for SQS-Driven Async Work

Lambda and Fargate both process SQS messages, but only one of them stops spending when the queue drains. Lambda with an SQS event-source mapping scales to zero between bursts and charges only for active invocation duration. Fargate requires queue-depth-based scaling policies to reach zero, and scaling lag means idle task charges accumulate while the autoscaler catches up. EKS adds cluster management the scenario never justifies when the workload is a queue consumer. For spiky, unpredictable queue volumes, Lambda removes both the idle spend and the scaling policy Fargate would otherwise need.

What This Pattern Tests

The exam gives you a decoupling requirement and tests whether you pick the right messaging service. SQS is point-to-point with at-least-once delivery (Standard) or exactly-once (FIFO, 3,000 msg/s with batching). SNS is pub/sub fan-out to multiple subscribers. EventBridge is content-based routing with schema registry and 35+ AWS service sources. The trap is choosing SQS for fan-out (use SNS) or SNS for ordered processing (use SQS FIFO). DynamoDB vs. Aurora vs. ElastiCache follows the same pattern: key-value at any scale vs. relational joins vs. microsecond reads from memory.

Decision Axis

Communication pattern (point-to-point vs. fan-out vs. content routing) and data access pattern (key-value vs. relational vs. cache) determine the service.

Associated Traps

Near-Right Architecture (20)CloudFront + ALB or Global Accelerator + NLB? Both cut latency — only one preserves client IPs over TCP.Over-Provisioning (8)Multi-AZ RDS with provisioned IOPS for a new microservice doing 100 reads per second. DynamoDB on-demand costs 90% less.Operational Complexity Underestimation (8)Self-managed Kubernetes on EC2 — a full-time job disguised as a deployment strategy.

Decision Rules

When exactly one consumer exists and messages must survive consumer downtime without loss, choose SQS over SNS because SNS provides no message retention and cannot retry delivery to an offline endpoint.

Amazon Simple Queue ServiceAmazon Simple Notification Service

Whether to pair strongly consistent reads with on-demand capacity mode in DynamoDB (satisfies both zero-staleness and cost-efficiency for unpredictable traffic) versus using provisioned capacity with strongly consistent reads (satisfies correctness but over-provisions idle throughput) or using eventually consistent reads (fails correctness) or using an Aurora reader endpoint (introduces replication lag and always-on compute cost).

Amazon DynamoDBAmazon Aurora

When fan-out to multiple independent consumers is required AND each consumer must receive durable, retryable messages even if temporarily offline, SNS alone is insufficient — the correct architecture is SNS fan-out to per-consumer SQS queues, because SNS has no message retention and drops events for unavailable endpoints.

Amazon Simple Notification ServiceAmazon Simple Queue ServiceAWS Lambda

Whether the application's read cadence (fixed polling interval of tens of seconds) tolerates DynamoDB's eventual consistency convergence window (milliseconds to low single-digit seconds), making eventually consistent reads sufficient and strongly consistent reads an over-provisioned default.

Amazon DynamoDBAmazon Aurora

When the token source is Cognito User Pools and operational overhead must be minimized, choose the native Cognito User Pool authorizer over a Lambda authorizer because it validates JWTs natively with zero custom code, no deployment pipeline, and no custom failure surface.

Amazon API GatewayAmazon CognitoAWS Lambda

When the token source is Cognito User Pools and the dominant constraint is least operational overhead, the Cognito User Pool authorizer is correct because it validates JWTs natively with zero custom code, eliminating the authoring, deployment, and failure-surface burden carried by a Lambda authorizer.

Amazon API GatewayAmazon CognitoAWS Lambda

When the JWT source is a third-party IdP or requires custom claim evaluation, only a Lambda authorizer can perform the validation; the Cognito User Pool authorizer is hard-scoped to tokens it issued and cannot process externally issued JWTs.

Amazon API GatewayAWS LambdaAmazon Cognito

Whether to tune the local DynamoDB emulator to better approximate Streams behavior, or promote DynamoDB Streams integration tests to a live AWS isolated test account — where the governing constraint is that stream ordering and shard delivery semantics are AWS-managed service internals no third-party emulator can guarantee.

AWS LambdaAmazon DynamoDBAWS CloudFormation

Whether to promote integration tests that depend on AWS-managed SQS semantics — partial-batch-failure handling, visibility timeout, and DLQ routing — from a local emulator to a live isolated AWS account, versus investing further in emulator configuration tuning.

AWS LambdaAmazon Simple Queue ServiceAWS CloudFormation

Domain Coverage

Development with AWS ServicesSecurityDeployment

Difficulty Breakdown

Easy: 8Medium: 24Hard: 4

Build recognition speed →

See all DVA-C02 patterns →