Amazon Web Services DVA-C02 Exam With Confidence Using Practice Dumps

Amazon API Gateway has a hard integration timeout that determines how long it waits for a backend response. If the backend (Lambda) does not respond within this time, API Gateway returns an HTTP 504 error to the client.

In this scenario, the Lambda function timeout is longer (20 seconds) than the API Gateway integration timeout (15 seconds). AWS documentation states that API Gateway will terminate the request once its timeout is exceeded, even if Lambda continues executing successfully. This explains why there are no Lambda errors despite 504 responses.

Increasing the Lambda timeout (Option B) does not help because API Gateway times out first. Reserved concurrency (Option A) and throttling limits (Option D) are unrelated to request duration.

The correct solution is to increase the API Gateway integration timeout so that it exceeds the maximum expected Lambda execution time. This ensures API Gateway waits long enough for the Lambda response.

Therefore, increasing the API Gateway timeout prevents HTTP 504 errors.

Step 1: Understanding the Requirements

Gradual Traffic Shift: Test the new version by routing only 10% of production traffic to it.

Lambda Deployment: Use versioning and aliases to manage Lambda function updates.

Step 2: Solution Analysis

Option A:

Publishing a new version creates an immutable version of the Lambda function with the updated code.

This is a prerequisite for deploying changes using weighted aliases.

Correct option.

Option B:

API Gateway stages are not used for weighted routing; they represent environments like "dev" or "prod."

Weighted routing is implemented using Lambda aliases, not API Gateway stages.

Not suitable.

Option C:

Lambda aliases allow traffic to be split between versions using weighted routing.

Assign a 90% weight to the old version and 10% to the new version to implement the gradual rollout.

Correct option.

Option D:

Network Load Balancers are not suitable for managing Lambda function traffic directly.

Not applicable.

Option E:

Route 53 routing policies apply at the DNS level and are not designed for Lambda version management.

Not suitable.

Step 3: Implementation Steps

Publish a New Version:

Publish the updated Lambda function code as a new version.

Create an Alias and Configure Weighted Routing:

Create an alias (e.g., prod) and associate it with both the old and new versions.

Set weights for traffic distribution:

aws lambda update-alias --function-name my-function \

--name prod --routing-config '{"AdditionalVersionWeights": {"2": 0.1}}'

AWS Developer References:

Lambda Function Aliases

Weighted Traffic Routing with Lambda

This solution meets the requirements because it encrypts data at rest using AWS KMS keys and provides an audit trail of when and by whom they were used. Server-side encryption with AWS KMS managed keys (SSE-KMS) is a feature of Amazon S3 that encrypts data using keys that are managed by AWS KMS. When SSE-KMS is enabled for an S3 bucket or object, S3 requests AWS KMS to generate data keys and encrypts data using these keys. AWS KMS logs every use of its keys in AWS CloudTrail, which records all API calls to AWS KMS as events. These events include information such as who made the request, when it was made, and which key was used. The company policy can use CloudTrail logs to audit critical events related to their data encryption and access. Server-side encryption with Amazon S3 managed keys (SSE-S3) also encrypts data at rest using keys that are managed by S3, but does not provide an audit trail of key usage. Server-side encryption with customer-provided keys (SSE-C) and server-side encryption with self-managed keys also encrypt data at rest using keys that are provided or managed by customers, but do not provide an audit trail of key usage and require additional overhead for key management.