Amazon Web Services DVA-C02 - AWS Certified Developer - Associate

The requirement says no application code changes, so the existing SNS topic should remain the publish target. The correct approach is to add a new Lambda subscription to the same topic and apply a subscription filter policy so only matching messages are delivered to the Lambda function. SNS filter policies allow filtering based on message attributes or message body, depending on the configured filter policy scope. A redrive policy is for handling failed message deliveries through a dead-letter queue; it does not filter normal messages by content or attributes. Creating a new SNS topic would require the application to publish to another topic or require extra routing, violating the no-code-change requirement. AWS documentation confirms that SNS subscription filter policies control which messages a subscriber receives. ( AWS Documentation )

===============

https://docs.aws.amazon.com/lambda/latest/dg/nodejs-context.html https://docs.aws.amazon.com/lambda/latest/dg/nodejs-logging.html

There is no explicit information for the runtime, the code is written in Node.js.

AWS Lambda is a service that lets developers run code without provisioning or managing servers. The developer can use the AWS request ID field in the context object to obtain a unique identifier for each function invocation. The developer can configure the application to write logs to standard output, which will be captured by Amazon CloudWatch Logs. This solution will meet the requirement of logging key events with a unique identifier.

The most operationally efficient way to remove time-bound data from a DynamoDB table is to use Time to Live (TTL) . TTL is a DynamoDB feature that lets you define an attribute (typically a Unix epoch timestamp) that represents an item’s expiration time. After the timestamp has passed, DynamoDB automatically marks the item as expired and later deletes it in the background. This directly satisfies the requirement because the telemetry is only valuable for a limited time, yet it is currently stored indefinitely.

Enabling TTL (option C) improves performance and operational efficiency by preventing the table from growing without bounds. As the item count grows, access patterns that rely on scans, large partitions, or indexes can degrade, and storage-related overhead increases. TTL helps keep the dataset “fresh” by automatically removing stale telemetry, reducing the amount of data the application must work around and decreasing overall storage footprint.

Option A is operationally heavier: scanning and deleting items with a scheduled Lambda introduces ongoing maintenance, costs, and risk of throttling (table scans can be expensive and disruptive). It also requires custom logic, error handling, and retries. Option B addresses cost optimization for archived data but does not fix the DynamoDB table size or the performance degradation caused by keeping old data in the table; archiving is useful, but you still need an efficient deletion mechanism from DynamoDB. Option D (on-demand capacity mode) changes how capacity is managed, not how much data is stored; it does not remove stale items and therefore does not address the core problem.

Therefore, the best and most operationally efficient solution is C : add a TTL attribute to each telemetry item and enable TTL on the DynamoDB table so DynamoDB automatically expires and deletes old telemetry.

Requirement Summary:

Deploy serverless application using:

API Gateway

AWS Lambda

Need dev, test, and prod environments

Want least development effort

Evaluate Options:

Option A: API Gateway stage variables + Lambda aliases

Most efficient and scalable

API Gateway supports stage variables (like env)

Lambda supports aliases (e.g., dev, test, prod)

You can configure each stage to point to a different alias of the same function version

Enables versioning, isolation, and low effort management

Option B: Use Amazon ECS

Overkill for a serverless setup

ECS is container-based, not serverless

Introduces unnecessary complexity

Option C: Duplicate code for each environment

High operational overhead and poor maintainability

Option D: Use Elastic Beanstalk

Not applicable: Elastic Beanstalk is for traditional app hosting, not optimal for Lambda + API Gateway

Lambda Aliases: https://docs.aws.amazon.com/lambda/latest/dg/configuration-aliases.html

API Gateway Stage Variables: https://docs.aws.amazon.com/apigateway/latest/developerguide/stage-variables.html

The solution that will solve this problem is to create and inspect the Lambda dead-letter queue. Troubleshoot the failed functions. Reprocess the events. This way, the developer can identify and fix any issues that caused the Lambda function to fail when invoked asynchronously by API Gateway. The developer can also reprocess any orders that were not processed due to failures. The other options either do not address the root cause of the problem, or do not help recover from failures.

In CodePipeline, the service designed to run builds, execute unit/integration tests, and produce build artifacts (including test reports) is AWS CodeBuild. CodeBuild runs commands specified in a buildspec.yml file and supports reporting outputs such as test results (for example, JUnit XML), code coverage, and other build metadata.

Option A is correct because the developer can configure the CodeBuild project to run the test suite during the build phase and configure the buildspec to publish test report files. This integrates naturally into CodePipeline as a build stage, and the reports are generated consistently on each pipeline execution.

Option B is incorrect: CodeDeploy is for deploying applications (in-place/blue-green) and lifecycle hooks, not for standard build/test report generation.

Option C increases operational overhead by managing an EC2 build server, which is unnecessary when CodeBuild provides managed build environments.

Option D is unrelated: CodeArtifact is a package repository, not a test reporting solution.

Therefore, use CodeBuild and configure test reports via the buildspec.

The correct answers are B and E .

The existing platform already runs on Kubernetes , so the fastest and most compatible migration path is to use Amazon EKS , which is AWS’s managed Kubernetes service. This preserves the application’s orchestration model and minimizes refactoring. Because the clusters must be highly available , EKS is a strong fit since it is designed to run Kubernetes workloads across multiple Availability Zones.

For shared storage, the on-premises application currently depends on a common NFS share that all containers can access. On AWS, the service that most closely matches this requirement is Amazon EFS , which provides a managed, elastic, shared file system that supports NFS access and can be mounted concurrently from multiple compute nodes. By contrast, Amazon EBS is block storage that is generally attached to a single instance and is not the right replacement for a shared multi-node NFS workload.

Therefore, B is correct because it moves the shared NFS data to Amazon EFS and stores the container images in Amazon ECR , which is the proper AWS managed registry for container images. E is correct because it runs the applications on Amazon EKS and uses Amazon EFS as the shared mounted file system across the Kubernetes worker nodes.

Option C is wrong because it uses ECS , not Kubernetes. Option D is wrong because EBS does not meet the requirement for a shared NFS-like file system across highly available Kubernetes nodes. Option A is wrong for the same storage reason.

So, the best migration combination is Amazon EFS + Amazon EKS , which makes B and E correct.

Amazon DynamoDB performance depends heavily on partition key design . AWS documentation warns against access patterns that repeatedly target the same partition key, as this causes hot partitions , even in on-demand mode.

In this scenario, most reads focus on the current day’s forecast for a small number of large cities. Using CityId alone as the partition key would cause hot partitions for those cities. Adding a calculated suffix (such as a hash or modulo value) to CityId spreads read requests across multiple partitions while still allowing efficient querying.

Using ForecastDate as the partition key (Options C and D) would concentrate traffic on a single value (today’s date), creating severe hot partition issues. Option B lacks a meaningful access pattern and complicates queries.

AWS documentation explicitly recommends key-suffix techniques for workloads with skewed access patterns to distribute traffic evenly. Therefore, using CityId with a calculated suffix as the partition key is the correct design.

Mocking API Responses: API Gateway ' s Mock integration type enables simulating API behavior without invoking backend services.

Testing with Sample Data: Using captured responses from the real third-party API ensures realistic testing of the integration code.

Focus on Integration Logic: This solution allows the developer to isolate and test the application ' s interaction with the payment APIs, even without a test environment from the third-party providers.

An Inline Policy is a policy that is embedded directly into an IAM user, group, or role. When you use an inline policy, you maintain a strict one-to-one relationship between the policy and the identity. Since the requirement is to grant a specific " permanent " right to only one specific user within a group without changing the shared group policy, an inline policy attached directly to that individual user is the correct approach.

EventBridge (formerly CloudWatch Events) is the ideal service for real-time event monitoring.

CloudTrail logs IAM role creation.

EventBridge rules can filter CloudTrail events and trigger SNS notifications instantly.

This solution allows the developer to overcome the limit for the combined maximum of characters for environment variables in AWS CodeBuild. AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. The developer can store large numbers of environment variables as parameters in Parameter Store and reference them in the buildspec file using parameter references. Adding export LC_ALL=“en_US.utf8” command to the pre_build section will not affect the environment variables limit. Using Amazon Cognito or an Amazon S3 bucket to store key-value pairs for environment variables will require additional configuration and integration.