Skip to main content

AWS DVA-C02 Drill: Serverless Image Storage - Minimizing Operational Overhead

·1075 words·6 mins·
Certification Drills AWS DVA-C02 API Gateway Amazon Cognito AWS Lambda Amazon S3 DynamoDB
Jeff Taakey
Author
Jeff Taakey
21+ Year Enterprise Architect | AWS SAA/SAP & Multi-Cloud Expert.
Table of Contents

Jeff’s Note
#

Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Lead Developer.

For AWS DVA-C02 candidates, the confusion often lies in how to architect scalable, secure, and cost-effective serverless APIs supporting large user bases with object storage.

In production, this is about knowing exactly when and why to use Cognito for authentication, where to store unstructured objects (S3 vs DynamoDB), and how Lambda functions should orchestrate these services with minimal overhead. Let’s drill down.

The Certification Drill (Simulated Question)
#

Scenario
#

PixliSnap, a growing mobile app startup, is building a cloud-based photo management service. Their app enables users to create accounts and securely upload photos ranging from 300 KB to 5 MB each. PixliSnap expects tens of thousands of active users.

The architecture uses Amazon API Gateway exposing REST APIs backed by AWS Lambda functions. Metadata about photos, such as upload timestamp and user association, must be recorded. Users can retrieve previously uploaded photos on demand.

PixliSnap’s dev team wants a solution that minimizes operational complexity and management overhead while scaling reliably.

The Requirement:
#

Design a solution that supports user authentication for tens of thousands of users, processes photo uploads through API Gateway and Lambda, stores photo metadata efficiently, and stores photos within size constraints. Operational overhead must be kept as low as possible, ideally leveraging fully managed AWS services.

The Options
#

  • A) Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use the Lambda functions to store both photos and metadata directly inside the DynamoDB table. Retrieve photos directly from DynamoDB when requested.

  • B) Use Amazon Cognito user pools to manage user accounts. Create an Amazon Cognito user pool authorizer in API Gateway to control access to the API. Use Lambda functions to store the photos in Amazon S3. Store the photo’s S3 object key and metadata in DynamoDB. Retrieve photos by querying DynamoDB for the S3 key and pulling the photo from S3.

  • C) Create an IAM user for each new user during signup. Use IAM authentication for API Gateway access. Use Lambda functions to store photos in Amazon S3. Store the photo’s S3 object key and metadata in DynamoDB. Retrieve photos by querying DynamoDB for the S3 key and pulling from S3.

  • D) Maintain a users table in DynamoDB to track user accounts. Create a Lambda authorizer validating user credentials against the users table. Secure API Gateway using this Lambda authorizer. Use Lambda functions to store photos in Amazon S3. Store the photo’s S3 object key and metadata in DynamoDB. Retrieve photos using the S3 key stored in DynamoDB.

Google adsense
#

leave a comment:

Correct Answer
#

B

Quick Insight: The AWS Developer Imperative
#

Use Amazon Cognito for scalable, secure user authentication.
Store unstructured photo files in S3 — its design supports objects up to 5 TB efficiently.
DynamoDB is optimal for metadata but unsuitable for storing large binary blobs.
API Gateway integration with Cognito user pool authorizers simplifies authentication.
This combination minimizes custom code and ongoing management, reducing operational overhead.

Content Locked: The Expert Analysis
#

You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?

Unlock Full Access & Start Mastering

The Expert’s Analysis
#

Correct Answer
#

Option B

The Winning Logic
#

  • User Management: Amazon Cognito user pools offer a fully managed solution for user sign-up, sign-in, and authentication workflows, including integration with API Gateway authorizers. This dramatically reduces the burden of managing credentials, password policies, and federation.
  • Photo Storage: Storing photos (300 KB to 5 MB) in DynamoDB is inefficient and costly, as DynamoDB is optimized for low-latency key-value and document data but has item size limits (400 KB max). S3 is purpose-built for unstructured object storage and can handle large files with scalable performance and cost efficiency.
  • Metadata Storage: DynamoDB excels at storing metadata (e.g., user ID, upload timestamp, S3 object key) for fast lookups—keeping structured data separate from large binary objects is best practice.
  • Least Operational Overhead: This architecture leverages fully managed services with minimal need for custom authentication mechanisms (no IAM users per app user), custom authorizers, or complex user tables.
  • Retrieval Process: Querying DynamoDB for an S3 key and retrieving the photo from S3 via a presigned URL or API Gateway/Lambda proxy is standard and scales well.

The Trap (Distractor Analysis)
#

  • Why not A? DynamoDB item size maxes out at 400 KB, so storing photos up to 5 MB directly in DynamoDB is not feasible. Even if chunked, it complicates retrieval and incurs higher read/write costs. Also, this ignores best practices for separating metadata and large objects.
  • Why not C? Creating IAM users for each application user is a poor practice for large user bases. IAM is designed for managing AWS users and roles, not application-level identities. It increases operational complexity and risks security misconfigurations.
  • Why not D? Maintaining a custom users table and implementing a Lambda authorizer adds unnecessary complexity and operational burden compared to using Cognito, which offers a purpose-built, scalable user identity management service fully integrated with API Gateway.

The Technical Blueprint
# 

# Example CLI snippet: create API Gateway REST API with Cognito User Pool authorizer

aws apigateway create-authorizer \
  --rest-api-id <api-id> \
  --name CognitoAuthorizer \
  --type COGNITO_USER_POOLS \
  --provider-arns arn:aws:cognito-idp:<region>:<account-id>:userpool/<user-pool-id>

# Lambda function stores photo metadata in DynamoDB
aws dynamodb put-item --table-name PhotoMetadataTable --item file://metadata.json

# Lambda uploads photo binary to S3
aws s3 cp localphoto.jpg s3://pixlisnap-photos/<user-id>/<photo-id>.jpg

The Comparative Analysis
#

Option API Complexity Performance Use Case
A Low Poor Stores photos in DynamoDB—limited by size, costly, inefficient
B Moderate High Best practice: Cognito auth, photos in S3, metadata in DynamoDB
C High High IAM users per app user adds complexity; not scalable
D High High Custom user management with Lambda authorizer increases overhead

Real-World Application (Practitioner Insight)
#

Exam Rule
#

“For the exam, always pick Amazon Cognito when you see user authentication combined with API Gateway and plan to manage thousands of app users.”

Real World
#

“In reality, a startup like PixliSnap would use Cognito also for social identity federation (Google, Facebook) to further reduce friction and infra management. S3 would be the clear choice for handling any size of multimedia content.”

(CTA) Stop Guessing, Start Mastering
#

Unlock The Full Analysis Now

Disclaimer

This is a study note based on simulated scenarios for the AWS DVA-C02 exam.

The DevPro Network: Mission and Founder

A 21-Year Tech Leadership Journey

Jeff Taakey has driven complex systems for over two decades, serving in pivotal roles as an Architect, Technical Director, and startup Co-founder/CTO.

He holds both an MBA degree and a Computer Science Master's degree from an English-speaking university in Hong Kong. His expertise is further backed by multiple international certifications including TOGAF, PMP, ITIL, and AWS SAA.

His experience spans diverse sectors and includes leading large, multidisciplinary teams (up to 86 people). He has also served as a Development Team Lead while cooperating with global teams spanning North America, Europe, and Asia-Pacific. He has spearheaded the design of an industry cloud platform. This work was often conducted within global Fortune 500 environments like IBM, Citi and Panasonic.

Following a recent Master’s degree from an English-speaking university in Hong Kong, he launched this platform to share advanced, practical technical knowledge with the global developer community.


About This Site: AWS.CertDevPro.com


AWS.CertDevPro.com focuses exclusively on mastering the Amazon Web Services ecosystem. We transform raw practice questions into strategic Decision Matrices. Led by Jeff Taakey (MBA & 21-year veteran of IBM/Citi), we provide the exclusive SAA and SAP Master Packs designed to move your cloud expertise from certification-ready to project-ready.