Amazon Web Services DVA-C02 - AWS Certified Developer - Associate

The AWS Serverless Application Model Command Line Interface (AWS SAM CLI) is a command-line tool for local development and testing of Serverless applications2. The sam local start-api subcommand of AWS SAM CLI is used to simulate a REST API by starting a new local endpoint3. Therefore, option D is correct.

This solution will meet the requirements by using AWS Config to monitor and evaluate whether Secrets Manager secrets are unused or have been deleted, based on specified time periods. The secrets manager-secret-unused managed rule is a predefined rule that checks whether Secrets Manager secrets have been rotated within a specified number of days or have been deleted within a specified number of days after last accessed date. The Amazon EventBridge rule will trigger a notification when the AWS Config managed rule is met, alerting the developer about unused secrets that can be removed without causing application downtime. Option A is not optimal because it will use AWS CloudTrail log file delivery to an Amazon S3 bucket, which will incur additional costs and complexity for storing and analyzing log files that may not contain relevant information about secret usage. Option C is not optimal because it will deactivate the application secrets and monitor the application error logs temporarily, which will cause application downtime and potential data loss. Option D is not optimal because it will use AWS X-Ray to trace secret usage, which will introduce additional overhead and latency for instrumenting and sampling requests that may not be related to secret usage.

The solution that will meet the requirements is to use multiple stages in API Gateway. Create a Lambda function for each environment. Configure API Gateway stage variables to route traffic to the Lambda function in different environments. This way, the company can test the code in a dedicated, monitored test environment before releasing it to the production environment. The company can also use stage variables to specify the Lambda function version or alias for each stage, and avoid hard-coding the Lambda function name in the API Gateway integration. The other options either involve using a single stage in API Gateway, which does not allow testing in different environments, or adding different code blocks for different environments in the Lambda function, which increases complexity and maintenance.

To monitor end-to-end requests and debug issues across microservices, you need distributed tracing. Among AWS tools, AWS X-Ray is specifically built for this use case.

Step-by-Step Breakdown:

Step 1: Understand the Requirement

The developer needs:

End-to-end request tracing across microservices

Debugging capability for performance issues or failures

This points directly to a distributed tracing solution rather than just logs or metrics.

Step 2: Evaluate the Options

Option A: Amazon CloudWatch

CloudWatch is powerful for metrics, logs, and alerts.

But it does not provide distributed tracing or request path visualization between microservices.

So, it's not sufficient alone for the requirement.

Option B: AWS CloudTrail

CloudTrail tracks API calls made through the AWS Management Console, CLI, SDKs.

It is meant for auditing and governance, not microservices request tracing.

Not suitable for debugging microservices interactions.

Option C: AWS X-Ray SDK with X-Ray service map

Purpose-built for distributed tracing

Automatically collects data about requests as they travel through your microservices

You can instrument your code with the AWS X-Ray SDK in Java, Node.js, Python, Go, .NET, etc.

Visualizes requests using a service map, showing latency, errors, and time spent in downstream services.

How it works:

Instrument each microservice using the AWS X-Ray SDK.

Use the SDK to trace requests, propagate trace headers across services.

The X-Ray daemon collects and sends trace data to the X-Ray service.

You can view the service map, see bottlenecks, error rates, etc.

Option D: AWS Health

AWS Health provides information on AWS service outages or account-level events.

It does not monitor your application or microservices health or request flows.

Correct Choice: C is the only option that meets the developer's requirement to monitor end-to-end request paths and debug issues in a microservices architecture.

AWS Developer References:

AWS X-Ray Documentation: https://docs.aws.amazon.com/xray/latest/devguide/aws-xray.html

Instrumenting your application: https://docs.aws.amazon.com/xray/latest/devguide/xray-sdk.html

Viewing the Service Map: https://docs.aws.amazon.com/xray/latest/devguide/xray-console-service-map.html

Tracing Microservices with AWS X-Ray: https://aws.amazon.com/blogs/compute/tracing-microservices-aws-x-ray/

Mocking API Responses: API Gateway's Mock integration type enables simulating API behavior without invoking backend services.

Testing with Sample Data: Using captured responses from the real third-party API ensures realistic testing of the integration code.

Focus on Integration Logic: This solution allows the developer to isolate and test the application's interaction with the payment APIs, even without a test environment from the third-party providers.

The Immutable deployment method is the best choice when a company requires minimal downtime and automatic rollback in case of a failure. Here's why:

In Immutable deployments, a new set of instances is launched with the updated version. These instances are tested and validated before they replace the old instances. This ensures zero downtime and immediate rollback if the deployment fails.

All at once (A) causes downtime because the update replaces all instances simultaneously.

Rolling deployments (B) update a few instances at a time, but if a failure occurs midway, downtime or partial unavailability can happen.

Snapshots (C) are not a deployment strategy in Elastic Beanstalk.

Lambda throttling occurs when the number of concurrent executions exceeds the available concurrency. This can happen due to account-level concurrency limits, function-level reserved concurrency limits, or sudden traffic spikes.

The most operationally efficient ways to reduce throttling are to increase available concurrency:

Option C: Increasing the function’s reserved concurrency can reduce throttling when the function is being constrained by a too-low reserved concurrency value. Reserved concurrency guarantees a fixed amount of concurrency for the function (and also caps it). If the cap is currently too low, raising it allows more parallel executions and reduces throttles.

Option E: If throttling is due to the account concurrency quota being reached (or burst scaling limits in some patterns), the correct fix is to request a service quota increase. This increases the total available concurrency capacity for the account (and/or specific dimensions), allowing more simultaneous executions across functions.

Why the others are not correct:

A (migrate to EKS) is high effort and not operationally efficient for solving Lambda throttling.

B (maximum age of events) applies to asynchronous event retries/queues; it does not reduce throttling—it only changes how long events remain eligible for processing.

D is irrelevant: adding lambda:GetFunctionConcurrency to the execution role only allows reading settings and does not change throttling behavior.

Therefore, the best operational fixes are to increase reserved concurrency and request a concurrency quota increase.