AWS AIP-C01 cheat sheet for Bedrock, RAG, GenAI patterns, traps, and final review.
Use this cheat sheet for AWS Certified Generative AI Developer - Professional (AIP-C01) when you already understand the basic vocabulary and need faster scenario decisions. The exam lane is not about naming every AI service. It is about building production generative AI systems that are grounded, secure, observable, cost-aware, and recoverable.
Use this compact flow when the stem mixes model choice, grounding, safety, and operational controls.
flowchart TD
S["Scenario"] --> W["Workload: prompt, RAG, agent, extraction, eval, or ops?"]
W --> R["Risk: hallucination, unsafe output, stale facts, exposure, cost, or latency?"]
R --> P["Pattern: prompt, RAG, agent, guardrail, eval, or workflow?"]
P --> C["Control: IAM, KMS, logging, review, retry, or rollback"]
C --> E["Evidence: citations, telemetry, approval, or audit trail"]
Rule: if the answer choice names a real AWS GenAI feature but misses the named risk, it is the wrong answer.
Use this when the stem mixes app integration, grounding, tools, governance, and evaluation.
flowchart TD
S["Scenario"] --> W["Work out the task"]
W --> G["Need grounding, tools, or both?"]
G --> P["Choose RAG, agent, prompt, or workflow"]
P --> C["Add controls: IAM, KMS, logging, guardrails"]
C --> V["Validate with citations, tests, and monitoring"]
| Requirement in the stem | Start with | Reject answers that… |
|---|---|---|
| Answer questions from enterprise documents | RAG with governed source data, embeddings, retrieval, and citations where required | only tune the prompt or choose a larger model |
| Execute multi-step business tasks | Agent pattern with explicit tools, permissions, state, and failure handling | let the agent call broad tools without audit or constraints |
| Generate controlled marketing, support, or code output | Prompt template, guardrails, evaluation set, and human approval where impact is high | rely on one manual prompt test |
| Extract structured fields from text or documents | Purpose-built extraction pipeline, validation, and schema checks | ask a chat model to infer structure without verification |
| Improve answer quality over time | Evaluation dataset, groundedness checks, regression tests, and telemetry | change prompts randomly after user complaints |
| Reduce latency or cost | Model fit, prompt length, retrieval size, caching, batching, and token control | scale capacity before measuring the bottleneck |
| Area | What to remember |
|---|---|
| Model access | Pick a model for task fit, latency, cost, context length, safety needs, and supported features. |
| Knowledge base | Use for managed retrieval when enterprise content must ground model output. Secure the source and the retrieval path. |
| Agent | Use when the model must decide between tools or steps. Tool contracts and permissions are part of the answer. |
| Guardrail | Use to enforce safety, denied topics, sensitive information handling, or output constraints. |
| Embeddings | Use for semantic retrieval and similarity, not as a substitute for authorization or data quality. |
| Application path | Treat GenAI calls like any production dependency: retries, timeouts, idempotency, logs, metrics, and alarms. |
| If the problem is… | Better fix |
|---|---|
| unsupported or invented answer | improve retrieval source, chunking, metadata, grounding, and evaluation before changing model size |
| stale answer | refresh ingestion, indexing, source synchronization, and cache behavior |
| answer from data the user should not see | enforce source permissions, retrieval filtering, and app-level authorization |
| too much irrelevant context | improve chunking, ranking, metadata filters, and prompt context budget |
| poor citations or traceability | preserve document IDs, source metadata, and response attribution |
| inconsistent quality after updates | run regression evaluations before promoting the new prompt, index, model, or pipeline |
| Agent design question | Strong answer pattern |
|---|---|
| What tools can the agent use? | Only the tools required by the task, with scoped IAM and input validation. |
| What if a tool call fails? | Return a controlled failure, retry safely when idempotent, log the event, and avoid hidden partial state. |
| What if a tool changes data? | Require explicit authorization, validation, audit logging, and rollback or compensation where possible. |
| What if the agent sees sensitive input? | Keep secrets out of prompts, restrict logs, apply data classification, and use approved storage paths. |
| What if output has business impact? | Add human review, policy checks, confidence thresholds, or workflow approval. |
| Control | Exam instinct |
|---|---|
| IAM | Scope model, data, tool, logging, and deployment access separately. Avoid broad application roles. |
| KMS | Check both encryption setting and key policy, especially cross-account or regulated data scenarios. |
| Network path | Prefer private access patterns when the requirement says private, internal, or no internet exposure. |
| Data retention | Know where prompts, retrieved chunks, embeddings, logs, and generated outputs are stored. |
| Guardrails | Use for policy enforcement, but do not confuse them with authorization, retrieval filtering, or audit. |
| Audit evidence | Logs, traces, evaluation reports, approval records, and model/version history matter in production scenarios. |
| Symptom | First things to check |
|---|---|
| hallucinations | retrieval quality, grounding instructions, evaluation set, source freshness, and citation behavior |
| slow responses | model choice, token volume, retrieval latency, tool latency, network path, and concurrency |
| high cost | model tier, prompt length, response length, retrieval size, retries, cache misses, and unused steps |
| unsafe output | guardrails, content policy, prompt injection defenses, human review, and red-team tests |
| access denied | application IAM role, resource policy, KMS key policy, VPC endpoint policy, and service permissions |
| inconsistent agent behavior | tool schema, tool errors, state handling, prompt instructions, and evaluation coverage |
| Trap | Better instinct |
|---|---|
| Bigger model equals better production answer | Use model fit plus grounding, evaluation, latency, and cost evidence. |
| RAG means secure by default | RAG can leak data if retrieval ignores source permissions or metadata filters. |
| Guardrails solve all safety problems | Guardrails help output policy; they do not replace IAM, data classification, or review workflow. |
| Prompt tests are enough | Use repeatable evaluation sets and regression checks. |
| Agents are just smarter prompts | Agents are app workflows with tools, permissions, errors, state, and audit requirements. |
| Optimization starts with capacity | Optimization starts with measurements: latency, tokens, retrieval time, tool time, and model behavior. |
| If the stem says… | Start here |
|---|---|
| enterprise knowledge, citations, or source documents | RAG, source governance, retrieval filtering, evaluation, and metadata |
| autonomous task, tool use, or multi-step workflow | agent tools, IAM scope, validation, audit, and failure handling |
| regulated, private, or sensitive data | data boundary, encryption, KMS policy, private access, retention, and logs |
| unsafe, biased, or prohibited output | guardrails, responsible AI policy, human review, and safety tests |
| poor answer quality | retrieval, prompt, model fit, evaluation set, and regression test order |
| production deployment | observability, rollback, alarms, retries, cost controls, and ownership |
Use IT Mastery for the exact product route, practice status, spaced review when available, and close-answer explanation practice as coverage expands.
Open the exact IT Mastery route here: AIP-C01 on MasteryExamPrep.
AIP-C01 answers should be production-grade: ground the output, secure every data path, constrain unsafe behavior, evaluate quality repeatedly, observe runtime behavior, and optimize from evidence.