Amazon Web Services DVA-C02 - AWS Certified Developer - Associate

Why Option C is Correct:SQL Server Always On availability groups require a shared storage solution. Amazon FSx for Windows File Server provides the shared storage necessary to implement Always On availability groups in a highly available configuration.

Why Other Options are Incorrect:

Option A:A single EBS volume cannot provide shared storage for Always On availability groups.

Option B:RDS does not support SQL Server Always On availability groups.

Option D:S3 is not a suitable storage tier for SQL Server database operations.

AWS Documentation References:

Amazon FSx for Windows File Server

The type of keys that the developer should use to meet the requirements is symmetric customer managed keys with key material that is generated by AWS. This way, the developer can use AWS Key Management Service (AWS KMS) to encrypt the data with a symmetric key that is managed by the developer. The developer can also enable automatic annual rotation for the key, which creates new key material for the key every year. The other options either involve using Amazon S3 managed keys, which do not support automatic annual rotation, or using asymmetric keys or imported key material, which are not supported by S3 encryption.

Requirement Summary:

Preventunauthorized code changesin AWS Lambda

Ensureonly trusted codeis deployed

✅AWS Lambda supports Code Signing:

You can configurecode signingin Lambda usingAWS Signer

Packages must bedigitally signedandverified against the signing profile

Rejects unauthorized/modified packages automatically

Evaluate Options:

A. Trusted code option in CodeDeploy

❌No such feature exists for Lambda

CodeDeploy is more forEC2/On-Prem/Containers, not Lambda code signing

✅B. Define code signing config + use AWS Signer

✅This isexactly how AWS enforces trusted code deployment

Attach acode signing configurationto the Lambda function

UseAWS Signerto digitally sign deployment packages

C. Link to KMS to sign code

❌KMS is not used tosign Lambda packages

KMS is fordata encryption, not application code integrity

D. Set KmsKeyArn

❌This configuresdata encryption, not code signing

Lambda code signing:https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html

AWS Signer overview:https://docs.aws.amazon.com/signer/latest/developerguide/what-is-signer.html

This solution will meet the requirements by using Amazon RDS Proxy, which is a fully managed, highly available database proxy for Amazon RDS that makes applications more scalable, more resilient to database failures, and more secure. The developer can create a proxy in Amazon RDS Proxy, which sits between the applicationand the DB instance and handles connection management, pooling, and routing. The developer can query the proxy instead of the DB instance, which reduces the number of open connections to the DB instance and avoids errors for too many connections. Option A is not optimal because it will create a read replica for the DB instance, which may not solve the problem of too many connections as read replicas also have connection limits and may incur additional costs. Option B is not optimal because it will migrate the data to an Amazon DynamoDB database, which may introduce additional complexity and overhead for migrating and accessing data from a different database service. Option C is not optimal because it will configure the Amazon Aurora MySQL DB instance for Multi-AZ deployment, which may improve availability and durability of the DB instance but not reduce the number of connections.

The HTTP header that the developer should use for this analysis is the X-Forwarded-For header. This header contains the IP address of the client that made the request to the Application Load Balancer. The developer can use this header to analyze patterns for the client IP addresses that use the application. The other headers either contain information about the protocol, host, or port of the request, which are not relevant for the analysis.

These solutions will mitigate the error most cost-effectively because they do not require increasing the provisioned throughput of the DynamoDB table or creating additional resources. Exponential backoff is a retry strategy that increases the waiting time between retries to reduce the number of requests sent to DynamoDB. The AWS SDKs for DynamoDB implement exponential backoff by default and also provide other features such as automatic pagination and encryption. Increasing the read and write throughput of the DynamoDB table, creating a DynamoDB Accelerator (DAX) cluster, or creating a second DynamoDB table will incur additional costs and complexity.

Requirement Summary:

Simple REST endpointforweather data

Light backend usage (POC, testing)

Wantscachingsupport to reduce backend calls

Must becost-effective

Evaluate Options:

✅B: Lambda + API Gateway + SAM

✅Serverless = No idle costs

✅API Gateway canenable caching(response caching at endpoint level)

✅SAM makes deployment simple and repeatable

✅Perfect for low-traffic testing

A: EKS + API Gateway

❌High overhead

Not cost-effective for POC/testing

C: ECS + API Gateway

❌Similar to A: Container orchestration not needed for light REST endpoint

D: Elastic Beanstalk + ALB + Lambda

❌Overly complex and does not directly expose Lambda

Beanstalk better suited for full apps, not small REST functions

ï‚·AWS SAM:https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-sam.html

ï‚·API Gateway caching:https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html

ï‚·Serverless Best Practices:https://docs.aws.amazon.com/lambda/latest/dg/best-practices.html

Amazon API Gateway is a service that enables developers to create, publish, maintain, monitor, and secure APIs at any scale. The developer can enable API caching in API Gateway to cache responses from the backend integration point for a specified time-to-live (TTL) period. This can improve the responsiveness of the APIs by reducing the number of calls made to the backend service.

The solution that will meet the requirements most efficiently is to create a Lambda environment variable to store the table name. Use the standard method for the programming language to retrieve the variable. This way, the developer can avoid hard-coding the table name in the Lambda function code and easily change the table name by updating the environment variable. The other options either involve storing the table name in a file, which is less efficient and secure than using an environment variable, or creating a global variable, which is not recommended as it can cause concurrency issues.