AWS DVA-C02 Glossary: Lambda, Eventing, and Troubleshooting Terms
March 30, 2026
AWS DVA-C02 glossary of Lambda, eventing, troubleshooting terms, traps, and decision cues.
Use this glossary when serverless, IAM, messaging, and deployment terms start to blur together. Keep it beside the cheat sheet and resources instead of turning it into a substitute for real scenario practice.
| Term |
Short meaning |
| Idempotent |
Safe to run repeatedly without causing inconsistent duplicate effects |
| Event source mapping |
Lambda configuration that polls a source such as SQS or Kinesis and invokes a function |
| DLQ |
Dead-letter queue used to hold messages or events that repeatedly fail processing |
| Visibility timeout |
Time period an SQS message stays hidden after a consumer receives it |
| Cold start |
Startup delay when a new Lambda execution environment is created |
| Provisioned concurrency |
Pre-initialized Lambda capacity used to reduce cold-start latency |
| Canary deployment |
Gradual rollout pattern that shifts a small amount of traffic first |
| SigV4 |
AWS request-signing method used to authenticate API requests |
| Throttling |
Service or API limiting request rate or concurrency |
| Least privilege |
Granting only the permissions required for a workload to do its job |
| Secret rotation |
Controlled update of stored credentials over time |
| Trace |
End-to-end visibility record for following a request across components |
| Alias |
Named Lambda pointer to a version, often used for staged rollout control |
| Stage |
Named API or deployment environment used to test behavior before broader exposure |
| EMF |
Embedded Metric Format for emitting CloudWatch metric data through structured logs |
| Reserved concurrency |
Lambda concurrency budget set aside for one function |
| Filter policy |
Rule that reduces unnecessary subscriber work by matching only relevant messages |
| Artifact |
Deployable build package or container image |
| Approved version |
Explicit build or release identity chosen for test or promotion |
| Runtime configuration |
Settings that change by environment without changing the code artifact |
Commonly confused pairs
| Pair |
Keep this distinction clear |
| queue vs topic |
point-to-point work queue versus publish-subscribe fan-out |
| retry vs dead-letter handling |
another delivery attempt versus parking failed events for review |
| function timeout vs visibility timeout |
Lambda execution limit versus SQS message reappearance timing |
| app config vs secret |
non-sensitive runtime setting versus protected credential or key |
| canary vs blue/green |
partial traffic shift versus separate replacement environment cutover |
| IAM permission vs KMS permission |
service access boundary versus key-usage boundary |
| log vs metric vs trace |
event detail versus aggregate signal versus request-flow evidence |
| alias vs version |
named traffic-control handle versus immutable Lambda build target |
| stage vs endpoint |
deployment slice versus reachable interface consumers call |
If three terms blur together
| Blur cluster |
Keep this separation clear |
| SQS / SNS / EventBridge |
queue work / fan out messages / route events |
| role / resource policy / KMS key policy |
identity-side access / resource-side access / key-usage control |
| log / metric / trace |
event record / measurable trend / cross-service request path |
| stage / canary / rollback |
pre-production slice / partial release / safe retreat |
| env var / secret / artifact version |
runtime setting / protected credential / build identity |
If the confusion is really about…
Revised on Sunday, May 10, 2026