DVA-C02 Flashcards — Free AWS Certified Developer Associate DVA-C02 Study Cards

Increase the batch size to 100.

The Lambda function is throttled because with reserved concurrency of 5, at most 5 concurrent executions can happen. Each invocation processes 10 messages (batch size). To increase throughput without increasing reserved concurrency, the developer can increase the batch size. By increasing the batch size to 100, each invocation will process more messages, thus reducing the number of invocations needed and lowering the chance of throttling. The function's timeout of 5 minutes is sufficient to handle 100 messages. Additionally, increasing the maximum number of batches per invocation (via partial batch response) is not directly applicable here. Increasing the number of concurrent executions is not allowed. Reducing the reserved concurrency would reduce throughput. Therefore, increasing the batch size is the best option.

The Lambda function does not have kms:Decrypt permission on the KMS key used by the bucket.

When SSE-KMS is used, the calling principal must have kms:Decrypt permission on the KMS key. The bucket policy cannot grant KMS permissions; the key policy must allow the Lambda execution role. The IAM policy for the role already allows s3:GetObject, so that is not the issue. Versioning and region are not relevant to access denial in this scenario.

Modify the blue/green deployment configuration to use the same database endpoint for both task sets by updating the environment variables in the task definition before deployment.

The simplest way to ensure both blue and green task sets connect to the same database is to use environment variables or a configuration file to define the database endpoint, and set it to the same value for both deployments. Alternatively, use Amazon DynamoDB or Amazon RDS with a cluster endpoint. Using the same task definition with environment variables pointing to the same database ensures consistency across deployments.

Increase the read and write capacity units on the DynamoDB table

The likely cause is that the function's reserved concurrency allows many concurrent invocations, each trying to read/write to the table, exceeding the low provisioned capacity (5 RCU/WCU). Increasing the read and write capacity of the DynamoDB table (Option B) directly addresses the throttling by allowing more operations per second. Option A (Decrease reserved concurrency) would reduce throughput but may cause request queuing. Option C (Add a DynamoDB Accelerator (DAX) cluster) speeds up reads but does not solve write throttling, and DAX is for caching. Option D (Enable auto scaling) is good but immediate need is to handle the current load; also auto scaling requires a few minutes to adjust, and with only 5 units it may not scale fast enough.

API Gateway caching with TTL set per method.

API Gateway provides built-in caching that can be enabled on a per-method basis. When caching is enabled, API Gateway caches responses from the backend (S3 in this case) for a set Time-to-Live (TTL). This reduces the number of requests to the backend and lowers latency. CloudFront could also be used, but that would be a CDN in front of API Gateway, not a feature of API Gateway itself. Lambda@Edge is for CloudFront. S3 Transfer Acceleration speeds up uploads, not caching.

Store session state in an Amazon ElastiCache cluster

Session state should be stored externally from the EC2 instances to survive failures and be shared across instances. Amazon ElastiCache (Memcached or Redis) is a common solution for distributed session caching. Amazon DynamoDB or S3 can also be used, but ElastiCache offers low latency and is purpose-built for caching.

Increase the reserved concurrency of the Lambda function

Increasing the batch size causes each invocation to process more messages, but if the function's reserved concurrency is too low, many invocations may be throttled. By increasing reserved concurrency, more invocations can run concurrently, allowing the function to consume messages from the queue faster and reduce the backlog. The batch size increase alone may not help if the function cannot run enough concurrent executions. Increasing memory can improve per-message processing speed but is less effective here since the bottleneck is concurrency. Using a FIFO queue does not address standard queue throughput. Decreasing the batch size would reduce throttling but not improve throughput.

Install the CloudWatch agent on the EC2 instances to collect memory metrics and emit them to CloudWatch.

Amazon CloudWatch Agent can be installed on EC2 instances to collect operating system-level metrics, including memory utilization, and send them to CloudWatch. This provides visibility into memory usage over time without requiring code changes. The agent can be configured via Systems Manager or manually, and the metrics can be used to set alarms or analyze trends to detect memory leaks.

DynamoDB Streams with AWS Lambda

Amazon DynamoDB Streams can be used to trigger a Lambda function that maintains aggregated data in a separate table (materialized view). Alternatively, AWS Glue is designed for ETL and analytics, but it is not event-driven. Amazon EMR is for large-scale big data processing. Amazon Redshift is a data warehouse. The most efficient serverless approach is to use DynamoDB Streams with Lambda to aggregate in real-time.

Create a pre-signed URL for each object using the AWS SDK with an appropriate expiration time.

Pre-signed URLs allow temporary access to S3 objects without changing bucket policies or sharing AWS credentials. The URL is signed with the developer's IAM credentials and expires after a specified time. CloudFront signed URLs are for content delivered via CloudFront, not direct S3 access. Bucket policies grant broad access, and IAM user credentials cannot be shared with end users. The correct approach is to generate a pre-signed URL using the AWS SDK.

Use the Amazon States Language (ASL) Retry field in the Task state definition.

Step Functions uses the Amazon States Language (ASL) to define state machines. The Retry field in a Task state allows specifying error handling, including maximum retries and backoff rules. The Lambda function itself cannot configure retries; retry logic must be in the state machine. The Catch field handles errors after retries are exhausted or if not specified.

Enable API Gateway caching

API Gateway caching allows you to cache responses from the backend for a specified time-to-live (TTL). This reduces calls to the backend for identical requests and improves latency. Lambda response caching would require custom code and is not built-in. ElastiCache is an external cache. CloudFront caching is at the CDN level, not specifically for API Gateway.

Increase the memory allocation of the Lambda function to the maximum available (10,240 MB)

Lambda's performance scales with memory allocation: more memory also provides proportional CPU power. For CPU-bound tasks like pandas processing, increasing memory reduces execution time significantly. The function is not memory-constrained (only 80% used), but by increasing memory, the function gets more CPU, which speeds up the processing. The timeout is already at the maximum (15 minutes), so increasing it further is not possible. Using S3 Select would reduce the data read, but that requires code changes to use S3 Select API. Increasing the batch size of the S3 event notification is irrelevant; the function processes one file per invocation.

The bucket is encrypted with SSE-KMS and the user does not have kms:Decrypt permission

When a bucket uses SSE-KMS encryption, the requesting user must have both s3:GetObject and kms:Decrypt permissions on the KMS key. Even if the bucket policy and IAM policy grant S3 access, the missing KMS permission will result in Access Denied. The other options are less likely: the bucket policy specifying the account root is sufficient for cross-account; object ACLs are irrelevant when bucket policies are used; and ListBucket is not required for GetObject.

Increase the Lambda function's batch size

Throttles occur when more concurrent Lambda invocations are attempted than the reserved concurrency allows. Increasing the batch size allows the function to process more messages per invocation, thus reducing the number of concurrent executions required to process the same backlog. This directly reduces the likelihood of hitting the reserved concurrency limit. Increasing reserved concurrency might help but does not reduce the number of invocations; it only raises the limit. Visibility timeout and message retention do not affect throttles. Therefore, increasing the batch size is the most effective action.

Rolling with additional batch

The 'Rolling with additional batch' policy launches a new batch of instances before taking any old instances out of service. This temporarily increases capacity during deployment but avoids downtime. Rolling policy replaces instances in batches without adding extra capacity, which can reduce capacity temporarily. Immutable creates a new environment, but it doubles the number of instances initially.

Enable provisioned concurrency on the function.

Lambda cold starts occur when the function is invoked after being idle, requiring initialization of the runtime and dependencies. Provisioned concurrency keeps a specified number of execution environments initialized and ready to respond immediately, eliminating cold start latency for those environments. Increasing memory can improve CPU performance but does not eliminate the initialization overhead. Lambda layers and moving to DynamoDB do not directly address cold starts.

Increase the function's memory

Increasing the memory allocation for a Lambda function also increases its CPU allocation, which can significantly speed up processing. This may allow the function to complete within the existing timeout. While increasing the timeout may also help, adjusting memory first is more effective because it directly addresses the root cause (slow processing). Increasing concurrency does not affect a single invocation, and batch size is not applicable to S3 event triggers.

The security group of the RDS database does not allow inbound traffic from the Lambda function's security group.

Lambda functions in a VPC require security group rules to allow outbound traffic to the RDS database and inbound traffic from the Lambda function. If the security group of the RDS database does not allow inbound connections from the Lambda function's security group, the connection will time out. Since the database is in the same VPC, a NAT gateway is not needed for connectivity. DNS resolution works within the VPC.

Use AWS SAM parameters with a condition to set CacheClusterEnabled based on the stage parameter.

SAM allows you to use parameters and conditions to conditionally enable or disable resources at deployment time. By defining a stage parameter and a condition that checks its value, you can set the CacheClusterEnabled property on the API Gateway resource accordingly. This approach keeps a single template and avoids duplication.

Store the object key and event ID in a DynamoDB table and check for duplicates before processing

S3 event notifications are delivered on an at-least-once basis, meaning duplicate events can occur. To achieve idempotent processing, the Lambda function should track which objects have already been processed, typically by storing the object key or a unique event identifier in a DynamoDB table. On each invocation, the function can check the table and skip processing if the record exists. Setting concurrency to 1 does not prevent duplicate events, S3 cannot send notifications to FIFO queues, and filtering on object size does not eliminate duplicates.

Use RDS with IAM database authentication and create database users with limited privileges for each microservice.

Using IAM database authentication in conjunction with database users and granting table-level privileges to those users provides fine-grained access control. This ensures each microservice can only access the tables it is authorized for, without sharing credentials.