AWS Certified Data Engineer Associate Quick Facts (2025)

Exam Domain Breakdown

Domain 1: Data Ingestion and Transformation (34% of the exam)

1.1 Perform data ingestion.

• Throughput and latency characteristics for AWS services that ingest data
• Data ingestion patterns (for example, frequency and data history)
• Streaming data ingestion
• Batch data ingestion (for example, scheduled ingestion, event-driven ingestion)
• Replayability of data ingestion pipelines
• Stateful and stateless data transactions
• Reading data from streaming sources (for example, Amazon Kinesis, Amazon MSK, DynamoDB Streams, AWS DMS, AWS Glue, Amazon Redshift)
• Reading data from batch sources (for example, Amazon S3, AWS Glue, Amazon EMR, AWS DMS, Amazon Redshift, AWS Lambda, Amazon AppFlow)
• Implementing appropriate configuration options for batch ingestion
• Consuming data APIs
• Setting up schedulers by using EventBridge, Apache Airflow, or time-based schedules for jobs and crawlers
• Setting up event triggers (for example, Amazon S3 Event Notifications, EventBridge)
• Calling a Lambda function from Amazon Kinesis
• Creating allowlists for IP addresses to allow connections to data sources
• Implementing throttling and overcoming rate limits (for example, DynamoDB, RDS, Kinesis)
• Managing fan-in and fan-out for streaming data distribution

1.1 summary: Building strong ingestion pipelines is essential for ensuring data moves efficiently from diverse sources into AWS. This section helps you understand patterns like batch versus streaming ingestion and how to configure services appropriately depending on latency and throughput requirements. You’ll get to know how tools like S3, DynamoDB Streams, Kinesis, and Amazon MSK integrate with AWS Lambda and EventBridge to create event-driven workflows that move data reliably.

Additionally, this section highlights practical steps like setting up schedulers, implementing throttling, and managing replayability for fault tolerance and resilience. By mastering both fan-in and fan-out strategies, you learn to design pipelines that scale smoothly while ensuring business data is processed accurately and consistently.

1.2 Transform and process data.

• Creation of ETL pipelines based on business requirements
• Volume, velocity, and variety of data (structured, unstructured)
• Cloud and distributed computing
• Using Apache Spark to process data
• Intermediate data staging locations
• Optimizing container usage for performance (EKS, ECS)
• Connecting to different data sources (JDBC, ODBC)
• Integrating data from multiple sources
• Optimizing costs while processing data
• Implementing transformation services (EMR, Glue, Lambda, Redshift)
• Transforming data between formats (CSV to Parquet)
• Troubleshooting and debugging transformation failures and performance
• Creating data APIs to make data available

1.2 summary: Data transformation is where raw inputs turn into actionable insights, and this section emphasizes your ability to design ETL pipelines that handle the wide variety of data formats and velocities. You explore how services like Glue and Redshift handle cross-format transformations and how Apache Spark and EMR accelerate distributed processing. Using the right compute environments such as serverless Glue or containerized Spark optimizes both performance and costs.

The tasks also teach you to debug common ETL challenges and plan for staging strategies that balance efficiency with scalability. By learning to publish APIs that expose transformed data, you make cleaned, standardized datasets easily consumable for downstream applications, analytics, and AI workloads.

1.3 Orchestrate data pipelines.

• Integrating AWS services for ETL pipelines
• Event-driven architecture
• Configuring services for pipelines with schedules or dependencies
• Serverless workflows
• Orchestration with Lambda, EventBridge, MWAA, Step Functions, Glue workflows
• Designing high-performance, available, scalable, resilient, fault-tolerant pipelines
• Implementing and maintaining serverless workflows
• Using notification services like SNS and SQS

1.3 summary: Data pipelines often need to coordinate multiple services, and this section is all about orchestrating those workflows seamlessly. You’ll gain confidence in using orchestration tools such as Step Functions, Glue Workflows, and MWAA to build pipelines that respond to events or schedules. Designing these with resilience ensures they can process data continuously with high availability.

This area also shows you how to connect orchestration to messaging systems like SNS and SQS to create alert-driven and responsive workflows. Mastering serverless orchestration equips you to reduce operational overhead while ensuring that complex pipelines handle dependencies in a clean, automated, and scalable way.

1.4 Apply programming concepts.

• CI/CD for data pipelines
• SQL queries for transformations and data sources
• Infrastructure as code (CDK, CloudFormation)
• Distributed computing concepts
• Data structures and algorithms (graphs, trees)
• SQL query optimization
• Optimizing code for ingestion and transformation runtime
• Lambda concurrency configurations
• Using SQL in Redshift stored procedures
• Using Git for repositories and branching
• Using AWS SAM to deploy serverless data pipelines
• Using and mounting storage volumes from Lambda functions

1.4 summary: Engineering practices are at the heart of scalable data systems, and here you combine programming principles with AWS-native services. You will learn to optimize SQL for transformations in Redshift, implement CI/CD workflows, and use IaC tools such as AWS CDK and CloudFormation to make data pipeline deployments consistent and repeatable.

Beyond automation, the tasks encourage you to develop an awareness of runtime tradeoffs, concurrency limits, and strategies for distributed workloads. Incorporating version control systems and serverless frameworks adds structure to how pipelines evolve, ensuring high quality and maintainability for large-scale data operations.

Domain 2: Data Store Management (26% of the exam)

2.1 Choose a data store.

• Storage platforms and characteristics
• Configurations for performance needs
• Data formats (CSV, TXT, Parquet)
• Aligning storage with migration requirements
• Determining solutions for access patterns
• Managing locks in Redshift and RDS
• Implementing services for cost and performance (Redshift, EMR, Lake Formation, RDS, DynamoDB, Kinesis, MSK)
• Configuring services for access requirements
• Applying services to use cases (S3)
• Using tools for migration (AWS Transfer Family)
• Remote access and queries (Spectrum, federated queries, materialized views)

2.1 summary: Choosing the right data store is fundamental to the success of a data engineering project. This section helps you distinguish the performance tradeoffs between solutions like DynamoDB, Redshift, and RDS, depending on workloads. You’ll also learn how data formats impact accessibility and cost efficiency.

The section also covers migration tools and federated query capabilities, which provide flexibility to interact with data across systems. By mastering lock management techniques and performance configurations, you’ll be equipped to design resilient storage layers aligned with both current and future business needs.

2.2 Understand data cataloging systems.

• Creating and using data catalogs
• Data classification and metadata
• Building catalogs with Glue or Hive metastore
• Schema discovery with Glue crawlers
• Updating partitions and synchronizing catalogs
• Creating source or target connections

2.2 summary: Data catalogs are the backbone of discoverability, and this section emphasizes their value for accessing and governing distributed datasets. You’ll dive into how Glue crawlers automate schema population, and how metadata management improves the usability of structured and unstructured data.

With catalogs acting as centralized directories, you unlock better orchestration and visibility across systems. Whether integrating through Hive or AWS Glue, creating connections and partitions ensures that even growing datasets remain organized, accurate, and easily consumable by downstream systems.

2.3 Manage the lifecycle of data.

• Hot vs. cold data requirements
• Cost optimization via data lifecycle
• Legal requirements for deletion
• Retention and archiving strategies
• Protecting data with resiliency and availability
• S3 and Redshift load and unload operations
• Lifecycle policies for S3 tiering
• Setting expiring data with S3 policies
• Versioning in S3 and TTL in DynamoDB

2.3 summary: Managing lifecycle policies is key for balancing cost control with compliance requirements. Here, you’ll learn how to apply lifecycle rules for S3 to archive data easily between tiers while controlling costs. This ensures hot data remains accessible, while cold or dormant data transitions seamlessly into lower-cost tiers.

Beyond lifecycle automation, this domain reinforces data governance practices by focusing on lawful deletion, retention compliance, and resiliency strategies. Leveraging TTL in DynamoDB and versioning in S3 ensures both control and traceability of changing datasets.

2.4 Design data models and schema evolution.

• Modeling for structured, semi-structured, and unstructured data
• Data lineage for trust and accountability
• Best practices in indexing, partitioning, compression
• Schema evolution strategies
• Schema design for Redshift, DynamoDB, Lake Formation
• Performing schema conversion with SCT and DMS
• Tracking lineage with SageMaker ML Lineage

2.4 summary: This section focuses on data architecture decisions that provide both flexibility and reliability over time. You’ll build expertise in schema modeling for relational and NoSQL solutions, as well as techniques such as partitioning and compression that optimize performance and cost efficiency in massive datasets.

At the same time, you’ll prepare for real-world situations involving schema changes and lineage tracking. This knowledge ensures your data models remain adaptable while maintaining integrity, trustworthiness, and traceability throughout their lifecycle.

Domain 3: Data Operations and Support (22% of the exam)

3.1 Automate data processing by using AWS services.

• Repeatable business outcomes through automation
• API calls for data processing
• Services with scripting capabilities (EMR, Redshift, Glue)
• Orchestrating with MWAA and Step Functions
• Troubleshooting managed workflows
• SDK calls to access features
• Automating common data preparation tasks (DataBrew, Athena, Lambda)
• Scheduling and events with EventBridge

3.1 summary: Automation is at the heart of smooth data operations, and this section will show you how to use AWS services to reduce manual intervention. By scripting through EMR or Glue, using SDKs, or orchestrating with Step Functions, you develop repeatable workflows for consistent business outcomes.

The ability to connect automation to schedulers and monitoring frameworks makes these pipelines both proactive and reliable. Through Lambda and EventBridge, you ensure tasks execute seamlessly and are always ready to meet organizational data needs.

3.2 Analyze data by using AWS services.

• Tradeoffs between provisioned and serverless models
• SQL for analytics
• Visualizing data for insights
• Data cleansing and aggregation techniques
• Using Glue DataBrew, QuickSight for visualizations
• Running queries with Athena and Spark-notebooks
• Preparing quality analysis-ready datasets

3.2 summary: This section amplifies the importance of analyzing data in place on AWS without costly movement. You’ll learn to run queries using Athena, optimize joins and aggregations, and create visualizations through QuickSight or notebooks. Each service is shown in context to its best use cases.

Beyond writing queries, emphasis is given on preparing datasets through cleansing and aggregation techniques. Mastering service integrations positions you to create powerful dashboards and fast decision-making pipelines that empower both technical and business stakeholders.

3.3 Maintain and monitor data pipelines.

• Logging application data
• Monitoring access to AWS services
• Tools like Macie, CloudTrail, CloudWatch
• Auditing through logs
• Notifications for monitoring and alarming
• Troubleshooting performance bottlenecks
• Pipeline maintenance in Glue and EMR
• Analyzing logs with Athena, EMR, OpenSearch, Logs Insights

3.3 summary: Monitoring ensures reliability, and this section helps you design instrumentation for AWS data systems. You’ll learn how CloudTrail, CloudWatch, and Macie together form a strong observability layer around your data pipelines. These tools provide both real-time diagnostics and retrospective auditing capabilities.

The focus is also on performance tuning and error recovery, maintaining consistency across Glue, EMR, and Redshift workloads. By analyzing pipeline logs and leveraging services like OpenSearch or Logs Insights, you develop strong operational command to keep systems efficient and compliant.

3.4 Ensure data quality.

• Data sampling and profiling
• Managing skew and performance considerations
• Completeness, consistency, accuracy, and integrity
• Rules for data quality (Glue DataBrew)
• Data cleansing techniques
• Validating consistency across services

3.4 summary: High-quality data underpins trust in analytics, and this section shows how to apply profiling and sampling to confirm datasets remain clean and reliable. DataBrew, validation rules, and built-in AWS service checks support continuous assurance of accuracy and integrity.

You’ll also learn strategies for managing skew in distributed systems and responding to integrity challenges at scale. A focus on applying cleansing techniques ensures downstream applications receive reliable, structured, and ready-to-use information.

Domain 4: Data Security and Governance (18% of the exam)

4.1 Apply authentication mechanisms.

• VPC networking security
• Managed vs. unmanaged services
• Authentication methods (password, certificate, role-based)
• AWS managed vs. customer managed policies
• Updating VPC security groups
• Creating IAM roles, groups, endpoints
• Credential rotation and management (Secrets Manager)
• Role assignment for Lambda and CLI access
• Applying IAM policies at service and endpoint level

4.1 summary: Authentication lays the foundation for controlled access, and this section covers both networking and identity-based solutions. You’ll explore IAM constructs such as roles, groups, and policies, while also configuring service-specific authentication. Rotating credentials through Secrets Manager ensures long-term security.

Networking security adds an additional perimeter with group and endpoint configurations, establishing holistic safeguards. By applying policies through roles and endpoints, you learn to provide fine-grained yet flexible control across dynamic workloads.

4.2 Apply authorization mechanisms.

• Different authorization models (role, policy, tag, attribute-based)
• Principle of least privilege
• Role-based security for databases
• Custom IAM policy when needed
• Managing credentials in Systems Manager and Secrets Manager
• Permissions management through Lake Formation

4.2 summary: Authorization ensures the right level of access to resources, and this section teaches you how to apply models ranging from role-based access to attribute-based controls. By adhering to least privilege, you secure systems while preserving functionality.

Lake Formation expands these strategies by managing access across analytics services without friction. You’ll also learn credential storage best practices, enabling secure data access for Redshift, RDS, and S3 storage environments.

4.3 Ensure data encryption and masking.

• Encryption options in analytics services
• Client-side vs. server-side encryption
• Protecting sensitive data
• Anonymization, masking, key salting
• Encrypting with KMS
• Cross-account encryption
• Encryption in transit

4.3 summary: Encryption maintains privacy and security, and this section shows you how AWS services apply both client-side and server-side encryption. From KMS key management to cross-account configurations, you’ll learn the range of protections available.

Beyond pure encryption, data privacy strategies such as masking and anonymization ensure compliance with governance requirements. By implementing consistent encryption at rest and in transit, you secure sensitive data without reducing accessibility.

4.4 Prepare logs for audit.

• Centralized and application-level logging
• CloudTrail API tracking
• Using CloudWatch Logs effectively
• AWS CloudTrail Lake queries
• Integrating analytic services like Athena and OpenSearch for log analysis

4.4 summary: Audit readiness depends on reliable logging, and this section emphasizes CloudTrail, CloudWatch, and CloudTrail Lake for comprehensive tracking. Centralized log collections make queries easy so you can review access and activity across accounts.

Analyzing with Athena or OpenSearch ensures that logs become a tool for both compliance verification and troubleshooting. Integrating logging services across architectures creates consistency and dependability when preparing for audits or internal reviews.

4.5 Understand data privacy and governance.

• Protecting PII
• Data sovereignty and compliance
• Redshift data sharing and permissions
• Using tools like Macie for sensitive data detection
• Preventing replication into restricted regions
• Managing configuration drift with AWS Config

4.5 summary: Governance ensures responsible handling of data across organizational and regulatory requirements. With this section, you’ll practice implementing strategies like PII detection, anonymization, and permission management for data sharing.

Data sovereignty rules are addressed by controlling replication locations and applying Config to prevent drift. By combining these governance techniques, you build systems capable of passing compliance checks while prioritizing customer trust and privacy.