Amazon Web Services DVA-C02 - AWS Certified Developer - Associate

The goal is to reduce a given item’s price by 100 only when the resulting value would not fall below 500 . That means the update should occur only when the current Price is at least 600 (because Price - 100 > = 500 ⇒ Price > = 600). The requirement also says to do this with the least number of calls to DynamoDB. The most efficient approach is to use a single UpdateItem call with a ConditionExpression so DynamoDB enforces the rule atomically.

Option B does exactly that: issue one UpdateItem request that updates Price = Price - :delta (using an update expression) while including a condition like Price > = :minPriceBeforeReduction (where :minPriceBeforeReduction is 600). If the condition is true, DynamoDB performs the update; if it’s false, DynamoDB rejects the write with ConditionalCheckFailedException. This avoids a separate read/query call and prevents race conditions where the price could change between a read and a subsequent write.

Option A requires two calls (Query then UpdateItem) and is vulnerable to time-of-check/time-of-use issues unless additional conditional logic is added to the update anyway. Option C adds an extra condition on category, but the requirement is “reduce all inventory prices” subject to the minimum resulting price; filtering by category is unnecessary and can cause eligible items in other categories to be skipped. Option D expresses the rule in a mathematical form; while conceptually correct, DynamoDB condition expressions do not generally support arbitrary arithmetic in the condition the same way as a simple comparison, so the standard implementation is to compare against 600 directly.

Therefore, B is the correct choice: one UpdateItem call with a condition expression Price > = 600 minimizes DynamoDB calls and enforces the pricing rule safely and atomically.

The correct answer is B because AWS AppConfig is designed specifically for application configuration, feature flags, controlled rollouts, configuration validation, and safe deployment practices . The scenario requires rollout in staging first, then gradual exposure to 10% of production users , audience targeting by user attributes , validation before deployment, and the ability to perform instant rollback without redeploying code . AWS AppConfig feature flags provide all of these capabilities.

AWS documentation describes AppConfig as a service for creating, managing, and deploying dynamic application configurations. With feature flags, a company can separate release from deployment and safely enable or disable features for selected audiences. AppConfig supports environment-scoped configurations , so staging and production can have different flag states. It also supports deployment strategies for gradual rollouts and includes validators to check configuration before deployment. In addition, AppConfig supports immediate rollback if a problem occurs, which is a major advantage over approaches that depend on application redeployment.

Option A is incorrect because environment variables typically require a deployment change and do not provide audience targeting, staged rollout controls, or fast rollback. Option C is better suited for storing configuration values, but it does not provide the same rich feature flag targeting and rollout management capabilities as AppConfig. Option D is possible in theory, but it requires building and maintaining a custom service, which is more complex and less reliable than using the managed AWS service built for this purpose.

Therefore, AWS AppConfig feature flags are the best fit for the stated requirements.

AWS CloudFormation is a service that enables developers to model and provision AWS resources using templates. The developer can use the following steps to avoid accidental database deletion in the future:

Set up AWS CodeDeploy to deploy the most recent version of the application at runtime. This will ensure that the application code is always up to date and does not depend on the AMI.

Remove any commands that perform operating system patching from the UserData script. This will reduce the time that the UserData script takes to run and speed up the instance launch process.

Amazon Simple Notification Service (Amazon SNS) is a fully managed messaging service that enables pub/sub communication between distributed systems. The developer can create an SNS topic and configure the Lambda function to publish messages with specific attributes to the topic. The developer can subscribe each partner to the SNS topic and apply the appropriate filter policy to the topic subscriptions. This way, each partner will receive updates for only their own orders based on the message attributes. This solution will meet the requirements in the most scalable way and allow adding new partners in the future with minimal code changes.

Amazon API Gateway provides tools for creating and documenting web APIs that route HTTP requests to Lambda functions2. You can secure access to your API with authentication and authorization controls. Your APIs can serve traffic over the internet or can be accessible only within your VPC2. You can override the cache method in the selected stage of API Gateway2. Therefore, option B is correct.

AWS Secrets Manager is a service that allows you to store and manage secrets, such as database credentials, API keys, and passwords, in a secure and centralized way. It also provides features such as automatic secret rotation, auditing, and monitoring1. By using AWS Secrets Manager, you can avoid hardcoding credentials in your code, which is a bad security practice and makes it difficult to update them. You can also replicate your secrets to another Region, which is useful for disaster recovery purposes2. To access your secrets from your application, you can use the ARN of the secret, which is a unique identifier that includes the Region name. This way, your application can use the appropriate secret based on the Region where it is deployed3.

AWS Secrets Manager

Replicating and sharing secrets

Using your own encryption keys

The hourly scheduled batch model is causing timeouts because the function must process an ever-growing backlog in a single invocation, which can exceed AWS Lambda’s maximum 15-minute runtime. A best-practice serverless refactor is to switch from “periodic polling” to an event-driven approach where work is split into smaller, independent units that can scale horizontally.

Configuring Amazon S3 Event Notifications to invoke Lambda on each object upload turns each file into its own discrete event. Instead of one long-running invocation that scans and processes many files, Lambda executes quickly per upload and automatically scales with incoming volume (subject to concurrency and downstream limits). This directly reduces processing time per run and eliminates the backlog buildup that leads to timeouts.

The remaining requirement is preventing duplicate processing. S3 event delivery is designed to be highly reliable, and applications should be built with idempotency in mind. Recording processed identifiers (such as a transaction ID, object key + version ID, or an application-level unique ID) in Amazon DynamoDB allows the function to check whether an item has already been processed before performing writes or downstream actions. Using DynamoDB with a conditional write (for example, “insert only if not exists”) is a common pattern to ensure exactly-once effect even when events are delivered more than once.

The other options do not meet the requirements as well: running more frequently (C) or continuously polling (D) still wastes time scanning and can still create duplicate work; moving to a single EC2 instance (B) reduces elasticity and increases operational overhead, and it doesn’t inherently solve deduplication or scaling.

Therefore, A provides scalable, event-driven processing and a straightforward deduplication mechanism.

Amazon EFS: A network file system (NFS) providing shared, scalable storage across multiple Lambda functions and other AWS resources.

Lambda Mounting: EFS file systems can be mounted within Lambda functions to access a shared storage space.

Log Appending: EFS supports appending data to existing files, making it ideal for the log file scenario.

Why Option C is Correct:Ensuring that pipeline artifacts are encrypted with a customer-managed AWS KMS key involves configuring the S3 bucket policy to require encryption. This policy ensures all objects uploaded to the bucket are encrypted with the specified KMS key.

Why Other Options are Incorrect:

Option A: A gateway endpoint improves S3 access efficiency but does not enforce encryption.

Option B: Encrypting CloudWatch Logs is unrelated to securing pipeline artifacts.

Option D: Configuring SNS for encryption does not affect the artifacts stored in the S3 bucket.

AWS Documentation References:

Using Server-Side Encryption with S3 Bucket Policies

A canary deployment best matches the requirement to test a new feature with a small group of users while the current version remains deployed for everyone else. In a canary approach, a new application revision is released to a limited portion of traffic/users first . This allows the team to collect real user feedback and validate behavior under production-like conditions without exposing the full user base to risk.

AWS deployment guidance for progressive delivery aligns with this concept: you start by directing a small percentage of requests to the new version, monitor results (such as error rates, latency, and business outcomes), and keep the stable version handling the majority of traffic during the evaluation period. This directly satisfies the requirement that the “current software version remains deployed” while testing occurs.

Once the feature is validated, the canary strategy supports promoting the new revision to the remaining population by shifting traffic from the old version to the new version—commonly ending with a transition to 100% of users on the new version. This satisfies the requirement to deploy to “all other users at the same time” after the small-group validation step is complete.

Why the other options are less suitable:

All-at-once exposes all users immediately, so there is no limited-user validation phase.

In-place replaces the existing version on the same infrastructure, typically without maintaining a parallel stable path for a subset of users.

Linear gradually shifts traffic in fixed increments over time, rather than validating with a small group and then moving the remainder in one step.

Amazon DynamoDB throttling during peak periods is commonly caused by hot partitions . In this scenario, using order_date as the partition key results in a large number of writes targeting the same partition during peak ordering times. Even in on-demand mode, DynamoDB enforces per-partition limits, which leads to throttling when traffic is unevenly distributed.

AWS best practices emphasize designing partition keys that provide high cardinality and uniform access patterns . Using customerId as the partition key distributes write traffic across many partitions because customer IDs naturally vary and scale with the number of users.

Switching to provisioned capacity (Option B) does not solve the root cause and can still result in throttling due to uneven access patterns. Sequential partition keys (Option A) worsen the hot partition problem. Migrating to Aurora (Option C) is unnecessary and does not address DynamoDB design issues.

AWS documentation clearly states that access pattern design is critical , and changing the partition key to better distribute workload is the correct solution. Therefore, using customerId as the partition key resolves throttling and aligns with DynamoDB best practices.