Domain 1: Workload-Specific Database Design

• Select appropriate database services for specific types of data and workloads.
• Differentiate between ACID vs. BASE workloads
• Explain appropriate uses of types of databases (e.g., relational, key-value, document, in-memory, graph, time series, ledger)
• Identify use cases for persisted data vs. ephemeral data
• Determine strategies for disaster recovery and high availability.
• Select Region and Availability Zone placement to optimize database performance
• Determine implications of Regions and Availability Zones on disaster recovery/high availability strategies
• Differentiate use cases for read replicas and Multi-AZ deployments
• Design database solutions for performance, compliance, and scalability.
• Recommend serverless vs. instance-based database architecture
• Evaluate requirements for scaling read replicas
• Define database caching solutions
• Evaluate the implications of partitioning, sharding, and indexing
• Determine appropriate instance types and storage options
• Determine auto-scaling capabilities for relational and NoSQL databases
• Determine the implications of Amazon DynamoDB adaptive capacity
• Determine data locality based on compliance requirements
• Compare the costs of database solutions.
• Determine cost implications of Amazon DynamoDB capacity units, including on-demand vs. provisioned capacity
• Determine costs associated with instance types and automatic scaling
• Design for costs including high availability, backups, multi-Region, Multi-AZ, and storage type options
• Compare data access costs

Domain 2: Deployment and Migration

• Automate database solution deployments.
• Evaluate application requirements to determine components to deploy
• Choose appropriate deployment tools and services (e.g., AWS CloudFormation, AWS CLI)
• Determine data preparation and migration strategies.
• Determine the data migration method (e.g., snapshots, replication, restore)
• Evaluate database migration tools and services (e.g., AWS DMS, native database tools)
• Prepare data sources and targets
• Determine schema conversion methods (e.g., AWS Schema Conversion Tool)
• Determine heterogeneous vs. homogeneous migration strategies
• Execute and validate data migration.
• Design and script data migration
• Run data extraction and migration scripts
• Verify the successful load of data

Domain 3: Management and Operations

• Determine maintenance tasks and processes.
• Account for the AWS shared responsibility model for database services
• Determine appropriate maintenance window strategies
• Differentiate between major and minor engine upgrades
• Determine backup and restore strategies.
• Identify the need for automatic and manual backups/snapshots
• Differentiate backup and restore strategies (e.g., full backup, point-in-time, encrypting backups cross-Region)
• Define retention policies
• Correlate the backup and restore to recovery point objective (RPO) and recovery time objective
• (RTO) requirements
• Manage the operational environment of a database solution.
• Orchestrate the refresh of lower environments
• Implement configuration changes (e.g., in Amazon RDS option/parameter groups or Amazon
• DynamoDB indexing changes)
• Automate operational tasks
• Take action based on AWS Trusted Advisor reports
• Domain 4: Monitoring and Troubleshooting
• Determine monitoring and alerting strategies.
• Evaluate monitoring tools (e.g., Amazon CloudWatch, Amazon RDS Performance Insights, database native)
• Determine appropriate parameters and thresholds for alert conditions
• Use tools to notify users when thresholds are breached (e.g., Amazon SNS, Amazon SQS,
• Amazon CloudWatch dashboards)
• Troubleshoot and resolve common database issues.
• Identify, evaluate, and respond to categories of failures (e.g., troubleshoot connectivity; instance, storage, and partitioning issues)
• Automate responses when possible
• Optimize database performance.
• Troubleshoot database performance issues
• Identify appropriate AWS tools and services for database optimization
• Evaluate the configuration, schema design, queries, and infrastructure to improve performance

Domain 5: Database Security

• Encrypt data at rest and in transit.
• Encrypt data in relational and NoSQL databases
• Apply SSL connectivity to databases
• Implement key management (e.g., AWS KMS, AWS CloudHSM)
• Evaluate auditing solutions.
• Determine auditing strategies for structural/schema changes (e.g., DDL)
• Determine auditing strategies for data changes (e.g., DML)
• Determine auditing strategies for data access (e.g., queries)
• Determine auditing strategies for infrastructure changes (e.g., AWS CloudTrail)
• Enable the export of database logs to Amazon CloudWatch Logs
• Determine access control and authentication mechanisms.
• Recommend authentication controls for users and roles (e.g., IAM, native credentials, Active Directory)
• Recommend authorization controls for users (e.g., policies)
• Recognize potential security vulnerabilities within database solutions.
• Determine security group rules and NACLs for database access
• Identify relevant VPC configurations (e.g., VPC endpoints, public vs. private subnets, demilitarized zone)
• Determine appropriate storage methods for sensitive data