Amazon Web Services DVA-C02 Exam With Confidence Using Practice Dumps

The command that will meet the requirements is sam sync -watch. This command enables AWS SAM Accelerate mode, which allows the developer to only redeploy the Lambda functions that have changed. The -watch flag enables file watching, which automatically detects changes in the source code and triggers a redeployment. The other commands either do not enable AWS SAM Accelerate mode, or do not redeploy the Lambda functions automatically.

For service-to-service calls inside AWS, the simplest and most secure way to authenticate a caller (Lambda) to an API Gateway HTTP API is to use IAM authorization. When IAM auth is enabled on a route, API Gateway requires requests to be signed with AWS Signature Version 4 (SigV4). The calling Lambda function can sign the request using the AWS SDK (or SigV4 utilities) and its execution role credentials.

With this approach, you grant the Lambda function’s execution role explicit permission to invoke the API by allowing the execute-api:Invoke action on the API’s ARN. API Gateway then evaluates the SigV4-signed request against IAM to decide whether to authorize the call. This creates a clean, auditable permission model and avoids embedding static secrets.

Option A is incorrect and overly complex: JWT authorizers are typically used for end-user or workload identities from an OIDC/JWT provider; creating an IAM IdP is not how you enable JWT authorizers for HTTP APIs, and it does not directly solve Lambda-to-API authentication. Option C (API keys) is not considered an authentication mechanism for HTTP APIs in the same way; API keys are primarily for usage plans/throttling (and are more common with REST APIs). Storing an API key in environment variables is also weaker than IAM-based, short-lived credentials. Option D is backwards: a Lambda resource-based policy controls who can invoke the Lambda function, not who can call an API Gateway endpoint.

Therefore, B is the correct solution: enable IAM authorization on the HTTP API route and grant the Lambda function’s IAM role permission to invoke the API (and sign requests with SigV4).

This solution allows the developer to overcome the limit for the combined maximum of characters for environment variables in AWS CodeBuild. AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. The developer can store large numbers of environment variables as parameters in Parameter Store and reference them in the buildspec file using parameter references. Adding export LC_ALL=“en_US.utf8” command to the pre_build section will not affect the environment variables limit. Using Amazon Cognito or an Amazon S3 bucket to store key-value pairs for environment variables will require additional configuration and integration.