Amazon Q Developer is much more than code completion for AWS. Most developers scratch the surface — here are the capabilities that make it genuinely valuable for cloud-native work.
1. Use Q Developer for IAM Policy Generation
Writing IAM policies by hand is painful and error-prone. Q Developer handles it naturally:
Create a least-privilege IAM policy for a Lambda function that:
- Reads from DynamoDB table 'orders' (only GetItem and Query)
- Writes to S3 bucket 'invoices' (only PutObject, prefix: generated/*)
- Publishes to SNS topic 'order-notifications'
- Reads from Secrets Manager secret 'prod/stripe-key'
Include resource ARNs with account ID placeholder.
Q Developer generates policies with correct action names, resource ARN formats, and condition keys. It understands the difference between s3:PutObject and s3:PutObjectAcl and won’t accidentally grant broader permissions than requested.
2. Security Scanning Is Worth Running Weekly
Don’t just run security scans when you remember. Set up a habit:
- Monday: full project scan
- Before every PR: scan changed files
Q Developer catches things other tools miss because it understands AWS-specific vulnerabilities: overly permissive S3 bucket policies, hardcoded credentials in Lambda environment variables, unencrypted DynamoDB tables, and insecure API Gateway configurations.
The scan is free (50/month on the free tier). Use them all.
3. Generate CloudFormation and CDK from Descriptions
Instead of looking up documentation for every resource property:
Write a CDK stack in TypeScript that creates:
- API Gateway with CORS enabled for https://myapp.com
- Lambda behind the API with 256MB memory and 30s timeout
- DynamoDB table with partition key 'userId' and sort key 'timestamp'
- On-demand billing for DynamoDB
- API Gateway stage with access logging to CloudWatch
Include all IAM roles with least-privilege permissions.
Q Developer generates CDK code that actually deploys. It handles the interconnections between resources (IAM roles, permissions, environment variables) that are the most tedious part of IaC.
4. Troubleshoot AWS Errors with Context
When you hit an AWS error, give Q Developer the full context:
I'm getting "AccessDeniedException" when my Lambda function
tries to call DynamoDB. Here's the Lambda's execution role ARN:
arn:aws:iam::123456:role/my-lambda-role
The DynamoDB table is in us-east-1, the Lambda is in us-west-2.
The table name is 'user-sessions'.
What's likely wrong and how do I fix it?
Q Developer understands cross-region access patterns, resource-based vs. identity-based policies, and common permission gotchas that take hours to debug manually.
5. Use Q Developer for Cost Optimization Queries
Review this CloudFormation template and suggest cost optimizations.
We're a startup with:
- ~5000 daily active users
- 500 API requests/minute at peak
- 50GB of S3 storage growing 5GB/month
- PostgreSQL RDS currently on db.r5.large
Q Developer understands AWS pricing models and can recommend: switching to Graviton instances, using reserved capacity, moving to Aurora Serverless, implementing S3 lifecycle policies, and rightsizing compute resources.
6. Code Transformation for Java Upgrades
If you maintain Java applications (common in LatAm enterprise), this feature alone justifies using Q Developer:
- Open your Java 8 or 11 project
- Command Palette → “Amazon Q: Transform”
- Select target version (Java 17 recommended)
Q Developer handles:
- Deprecated API replacements
- New language features (records, sealed classes, pattern matching)
- Spring Boot 2 → 3 migration
- javax → jakarta namespace change
- Dependency version upgrades
- Test updates
Review carefully — it won’t get every edge case right — but it eliminates 80% of the manual migration work.
7. Generate Unit Tests with AWS Context
Generate unit tests for this Lambda handler using Jest.
Mock the AWS SDK v3 calls (DynamoDB and S3).
Test: successful execution, DynamoDB not found, S3 upload failure,
invalid input, and timeout scenarios.
Use aws-sdk-client-mock for the mocks.
Q Developer generates tests that correctly mock AWS SDK v3 clients, which has a different mocking pattern than SDK v2. This is a common pain point that general-purpose AI tools often get wrong.
8. Use the CLI for Quick AWS Operations
The q chat terminal command is useful for quick operational questions:
q chat "Show me the command to list all Lambda functions
in us-east-1 that haven't been invoked in the last 30 days"
q chat "How do I set up CloudWatch alarms for API Gateway
5xx errors exceeding 1% of requests?"
It generates the correct AWS CLI commands with proper parameter formats, which saves constant trips to documentation.
9. Combine with Your Existing AI Editor
Q Developer doesn’t need to be your only tool. A practical setup:
- Q Developer → all AWS-specific code (Lambda, CDK, IAM, CloudFormation, troubleshooting)
- Cursor or Copilot → general application code (React, business logic, algorithms)
- Q Security Scanning → run on every PR regardless of which tool wrote the code
Install Q Developer alongside your primary editor’s AI tool. They don’t conflict.
10. Learn AWS Services Through Q Developer Chat
Q Developer’s chat is one of the best ways to learn AWS because it explains services in the context of your actual code:
I need to add real-time updates to my app. Compare:
- AppSync with GraphQL subscriptions
- API Gateway WebSocket API
- IoT Core MQTT
My app has ~1000 concurrent users, updates every 5 seconds,
and I'm already using API Gateway REST for other endpoints.
Which approach fits best and why?
The responses are grounded in actual AWS capabilities, pricing, and integration patterns — more practical than reading generic documentation.
What AWS workflows are you using Q Developer for? Share your experience below. 