A developer is working on an application that is deployed on an Amazon EC2 instance. The application needs to transfer a file to an Amazon S3 bucket.
What should the developer do to authenticate the application's access to the S3 bucket in the MOST secure way?

A. Create an access key for an IAM user. Store the access key in the application's environment variables.
B. Create an IAM role. Create an access key for the role. Store the access key in the application's environment variables.
C. Associate an IAM role with the EC2 instance. Use the instance metadata service to retrieve the credentials.
D. Configure a bucket policy for the S3 bucket. Allow access from the EC2 instance ID in the bucket policy.

A developer is building a serverless application that uses the AWS Cloud Development Kit (AWS CDK) to deploy application infrastructure. The developer is creating an AWS Lambda function that queries an HTTP API. The API needs all requests to include an access token for authentication and authorization. The developer needs to store the access token securely and to give the Lambda function access to the token.
Which solution will meet these requirements?

A. Update the deployment environment to inject the access token as an environment variable. Update the AWS CDK stack to capture the access token. Set the access token as an environment variable of the Lambda function. Update the Lambda function's code to reference the environment variable.
B. Update the deployment environment to inject the access token as an environment variable. Update the AWS CDK stack to create an AWS Systems Manager Parameter Store String parameter. Set the value of the parameter from the environment variable. Update the Lambda function's execution role to allow the GetParameter action on the parameter. Update the Lambda function's code to use the AWS SDK to retrieve the access token from Parameter Store.
C. Update the AWS CDK stack to create an AWS Systems Manager Parameter Store String parameter. Update the Lambda function's execution role to allow the GetParameter action on the parameter. Manually set the access token in Parameter Store. Update the Lambda function's code to use the AWS SDK to retrieve the access token from Parameter Store.
D. Update the AWS CDK stack to create an AWS Secrets Manager secret. Configure the permissions for the secret and the Lambda function to allow the function to access the secret. Update the CloudFormation stack policy inside the AWS CDK stack to prevent updates to the secret. Manually set the access token in Secrets Manager. Update the Lambda function's code to use the AWS SDK to retrieve the access token from Secrets Manager.

A developer is using AWS Amplify Hosting to build and deploy an application. The developer is receiving an increased number of bug reports from users. The developer wants to add end-to-end testing to the application to eliminate as many bugs as possible before the bugs roach production.
Which solution should the developer implement to meet these requirements?

A. Run the amplify add test command in the Amplify CLI.
B. Create unit tests in the application. Deploy the unit tests by using the amplify push command in the Amplify CLI.
C. Add a test phase to the amplify.yml build settings for the application.
D. Add a test phase to the aws-exports.js file for the application.

A developer is writing a new web application that will be deployed and managed with AWS Elastic Beanstalk.
The application will include an Amazon RDS DB instance.
What steps should the developer take to access the RDS DB instance from the code? (Choose two.)

A. Modify the endpoint name using either the AWS Management Console or AWS CLI.
B. Upload the driver to Amazon S3 and reference it in the code.
C. Download the appropriate database driver and include it with the application.
D. Construct a connection string using the Elastic Beanstalk environment variables.
E. Create a CNAME record referencing database instances ALIAS.

A developer has an application that pushes files from an on-premises local server to an Amazon S3 bucket.
The application uses an AWS access key and a secret key that are stored on the server for authentication. The application calls AWS Security Token Service (AWS STS) to assume a role with access to perform the S3 PUT operation to upload the file.
The developer is migrating the server to an Amazon EC2 instance. The EC2 instance is configured with an IAM instance profile in the same AWS account that owns the S3 bucket.
What is the MOST secure solution for the developer to use to migrate the automation code?

A. Remove the code that calls the STS AssumeRole operation. Use the same access key and secret key from the server to access the S3 bucket.
B. Remove the access key and the secret key. Use the STS AssumeRole operation to add permissions to access the S3 bucket.
C. Remove the access key, the secret key, and the code that calls the STS AssumeRole operation. Use an IAM instance profile role that grants access to the S3 bucket.
D. Remove the access key, the secret key, and the code that calls the STS AssumeRole operation. Create a new access key and secret key. Use the new keys to access the S3 bucket.

A company has hundreds of AWS Lambda functions that the company's QA team needs to test by using the Lambda function URLs. A developer needs to configure the authentication of the Lambda functions to allow access so that the QA IAM group can invoke the Lambda functions by using the public URLs.
Which solution will meet these requirements?

A. Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the AWS_IAM auth type. Run another script to create an IAM identity-based policy that allows the lambda:InvokeFunctionUrl action to all the Lambda function Amazon Resource Names (ARNs). Attach the policy to the QA IAM group.
B. Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the NONE auth type. Run another script to create an IAM resource-based policy that allows the lambdainvokeFunctionUrl action to all the Lambda function Amazon Resource Names (ARNs). Attach the policy to the QA IAM group.
C. Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the AWS_IAM auth type. Run another script to loop on the Lambda functions to create an IAM identity-based policy that allows the lambdainvokeFunctionUrl action from the QA IAM group's Amazon Resource Name (ARN).
D. Create a CLI script that loops on the Lambda functions to add a Lambda function URL with the NONE auth type. Run another script to loop on the Lambda functions to create an IAM resource-based policy that allows the lambdainvokeFunctionUrl action from the QA IAM group's Amazon Resource Name (ARN).

A developer wants to reduce risk when deploying a new version of an existing AWS Lambda function. To test the Lambda function, the developer needs to split the traffic between the existing version and the new version of the Lambda function.
Which solution will meet these requirements?

A. Configure a weighted routing policy in Amazon Route 53. Associate the versions of the Lambda function with the weighted routing policy.
B. Create a function alias. Configure the alias to split the traffic between the two versions of the Lambda function.
C. Create an Application Load Balancer (ALB) that uses the Lambda function as a target. Configure the ALB to split the traffic between the two versions of the Lambda function.
D. Create the new version of the Lambda function as a Lambda layer on the existing version. Configure the function to split the traffic between the two layers.

A developer is creating a serverless orchestrator that performs a series of steps to processes incoming IoT data. The orchestrator transforms the data, performs a series of calculations, and stores the results in Amazon DynamoDB. The entire process is completed in less than a minute.
The orchestrator must process tens of thousands of transactions each second. The orchestrator must not miss a transaction and must process each transaction at least once.
Which solution will meet these requirements MOST cost-effectively?

A. Use Amazon Simple Notification Service (Amazon SNS) to process the data through an HTTP or HTTPS endpoint.
B. Use AWS Step Functions to process the data as Standard Workflows.
C. Use AWS Step Functions to process the data as Synchronous Express Workflows.
D. Use AWS Step Functions to process the data as Asynchronous Express Workflows.

A developer is creating a new batch application that will run on an Amazon EC2 instance. The application requires read access to an Amazon S3 bucket. The developer needs to follow security best practices to grant S3 read access to the application.
Which solution meets these requirements?

A. Add the permissions to an IAM policy. Attach the policy to a role. Attach the role to the EC2 instance profile.
B. Add the permissions inline to an IAM group. Attach the group to the EC2 instance profile.
C. Add the permissions to an IAM policy. Attach the policy to a user. Attach the user to the EC2 instance profile.
D. Add the permissions to an IAM policy. Use IAM web identity federation to access the S3 bucket with the policy.

A developer is creating an AWS Lambda function in VPC mode. An Amazon S3 event will invoke the Lambda function when an object is uploaded into an S3 bucket. The Lambda function will process the object and produce some analytic results that will be recorded into a file. Each processed object will also generate a log entry that will be recorded into a file.
Other Lambda functions, AWS services, and on-premises resources must have access to the result files and log file. Each log entry must also be appended to the same shared log file. The developer needs a solution that can share files and append results into an existing file.
Which solution should the developer use to meet these requirements?

A. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system in Lambda. Store the result files and log file in the mount point. Append the log entries to the log file.
B. Create an Amazon Elastic Block Store (Amazon EBS) Multi-Attach enabled volume. Attach the EBS volume to all Lambda functions. Update the Lambda function code to download the log file, append the log entries, and upload the modified log file to Amazon EBS.
C. Create a reference to the /tmp local directory. Store the result files and log file by using the directory reference. Append the log entry to the log file.
D. Create a reference to the /opt storage directory. Store the result files and log file by using the directory reference. Append the log entry to the log file.