Serverless Certifications: The AWS Developer Associate

At last, the secret to proving your expertise in Serverless is revealed…

Photo by Roger Hoyles on Unsplash

Ok, I lied. There is no Serverless certification offered by any company. The closest to a purely “serverless” certification might be the “Alexa Skill Builder” certification AWS just released, since Alexa runs on the poster child of serverless services, Lambda.

However, according to the official Exam Guide, this Alexa certification also covers a bit of EC2, the original service for managing servers in the cloud. I only go into detail about the exams I’ve taken myself, so I’ll skip the brand new Alexa one for now.

As I mentioned in my last article in this Serverless Certifications series, serverless stuff usually operates within an ecosystem, so it helps to understand most of the major services, even the ones where you manage servers a bit.

Introducing, the Developer Associate

Out of all tech certifications out there, the one that goes into the most detail on serverless architectures, while still confirming a well-rounded understanding of traditional architectures, might be the “AWS Certified Developer — Associate.”

☠️ Beware. Since its makeover in late 2018, the Developer Associate exam has been the most difficult of the three AWS associate level exams. Besides getting hands-on experience and taking courses on the A Cloud Guru training platform, take the time to read the recommended AWS whitepapers and FAQs.

AWS whitepapers are long. Some are over 100 pages. I first tried reading them on my browser, but I kept losing my spot in the “book.” 📚


Pro Tip: Go on Amazon.com and buy the free AWS whitepapers, so you can read them on your Kindle or on the Kindle mobile app. The app is free.


🤓 Once I started doing this, I read AWS whitepapers from beginning to end. It was encouraging to see my progress in the corner of the Kindle page (30%, 31%, 32%), but more importantly, I always picked up where I had left off.

Being able to save my spot in the book meant I could fit in 5% of a whitepaper many times per day — before the gym, while stretching, after lunch, etc. With this approach, it’s easy to read a couple of whitepapers per week. 🗓️

Many exam questions come from these whitepapers and the FAQs. Let’s look at some examples straight from AWS FAQs.

Let’s start with X-Ray. X-Ray solves several serverless scenarios, so it’s an important topic in the Developer Associate exam.

Q: What code changes do I need to make to my application to use X-Ray?

If you’re using Elastic Beanstalk, you will need to include the language-specific X-Ray libraries in your application code. For applications running on other AWS services, such as EC2 or ECS, you will need to install the X-Ray agent and instrument your application code. — aws.amazon.com/xray/faqs

Amazon’s Elastic Container Service (ECS) might not be the first service that comes to mind when you think “serverless,” but when you choose Fargate, ECS does let you run your Docker containers without managing servers.

Fargate is one of three serverless compute services currently offered by AWS, along with Lambda and Lambda@Edge.

However, unlike AWS Lambda, where you can just check the “Enable active tracing” checkbox, with ECS Fargate, you do need to include the X-Ray agent in your application code.

The xray-ecs branch of the scorekeep sample app by AWS gives you an example of how you can instrument your Docker containers with X-Ray. This Dockerfile is part of the example:

FROM amazonlinux
RUN yum install -y unzip
RUN curl -o daemon.zip https://s3.dualstack.us-east-2.amazonaws.com/aws-xray-assets.us-east-2/xray-daemon/aws-xray-daemon-linux-2.x.zip
RUN unzip daemon.zip && cp xray /usr/bin/xray
ENTRYPOINT [“/usr/bin/xray”, “-b”, “0.0.0.0:2000”]
EXPOSE 2000/udp

Okay, let’s look at another FAQ on the topic of X-Ray…

Q: How do I troubleshoot a serverless application?

You can enable your Lambda function for tracing with AWS X-Ray by adding X-Ray permissions to your Lambda function’s execution role and changing your function’s “tracing mode” to “active.” When X-Ray is enabled for your Lambda function, AWS Lambda will emit tracing information to X-Ray regarding the Lambda service overhead incurred when invoking your function. This will provide you with insights such as Lambda service overhead, function init time, and function execution time. In addition, you can include the X-Ray SDK in your Lambda deployment package to create your own trace segments, annotate your traces, or view trace segments for downstream calls made from your Lambda function. X-Ray SDKs are currently available for Node.js and Java. Visit Troubleshooting Lambda-based applications to learn more. AWS X-Ray rates will apply. — aws.amazon.com/lambda/faqs

Serverless applications are by definition split up into microservices. Compared to monolithic apps, this brings up unique debugging challenges.

The visual insights of X-rays are useful for troubleshooting a complex system.

How do you track down where latency issues occur? Or, if you have tons of microservices, how do you figure out how they all fit together?

X-Ray gives you a visual map of how user requests flow through those services, making the long list of functions more manageable.

X-Ray is useful for all apps, regardless of whether they run on EC2 or Lambda. The same can be said for authentication. So let’s take a look at a question from the Amazon Cognito FAQs…

Q: Does the number of identities in the Cognito Identity console tell me how many users are using my app?

The number of identities in the Cognito Identity console shows you how many identities were created via the Cognito Identity APIs. For Authenticated Identities (those logging in with a login provider such as Facebook or an OpenID Connect provider), each call to Cognito Identity’s GetId API will only ever create a single identity for each user. However, for Unauthenticated identities, each time the client in an app calls the GetId API will generate a new identity. Therefore, if your app calls GetId for unauthenticated identities multiple times for a single user it will appear that a single user has multiple identities. So it is important that you cache the response from GetId when using unauthenticated identities and not call it multiple times per user. — aws.amazon.com/cognito/faqs
The dashboard of Cognito Identity Pools

This screenshot is from Serverless Guru’s Real-Time Weather app using AWS IoT. As you see in this dashboard, federated identities that access your AWS services are broken up by app into identity pools, and those pools can be made up of both unauthenticated and authenticated identities.

Because identity pools and user pools are often used together, it can be hard to remember the difference.

A Cognito user pool, on the one hand, is a directory of only your authenticated identities. Since a user pool is a user directory, it can be used in the same way you would use Google Sign-in or Active Directory.

An identity pool, on the other hand, takes care of granting your users temporary access, regardless of whether they signed in using Facebook or a Cognito user pool.

And finally, familiarize yourself with basic AWS CLI concepts 💻

Read the AWS CLI user guide and try out some commands. aws s3 ls, for example, is a useful command for listing all the S3 buckets in your account. Go through each section in the CLI guide, including the chapter on pagination. Take, for example, this paragraph:

If you see issues when running list commands on a large number of resources, the default page size of 1000 might be too high. This can cause calls to AWS services to exceed the maximum allowed time and generate a “timed out” error. You can use the --page-size option to specify that the AWS CLI request a smaller number of items from each call to the AWS service. The CLI still retrieves the full list, but performs a larger number of service API calls in the background and retrieves a smaller number of items with each call. This gives the individual calls a better chance of succeeding without a timeout. Changing the page size doesn't affect the output; it affects only the number of API calls that need to be made to generate the output.

The list command applies to lots of services, so it’s good to know how to debug a “timed out” error. For example, aws lambda list-functions --region us-west-2 --page-size 1 lists all your lambda functions in the Oregon region.

That’s it for now. Good luck on your exam!

What did we miss?

When you leave your answer make sure to either comment below or tweet your answer to @serverlessgurux on Twitter.

https://serverlessguru.com

Yann Stoneman

Full Stack Developer — Serverless Guru

LinkedIn — @ystoneman

Twitter — @yannstoneman

Thanks for reading 😃

If you would like to learn more about Serverless Guru, please follow us on Medium, Twitter, Instagram, Facebook, or LinkedIn!