Amazon Web Services DVA-C02 Exam With Confidence Using Practice Dumps

The requirements call for (1) standardized templates to define serverless infrastructure, (2) the ability to test locally before deployment, and (3) integrating deployment and infrastructure changes into an existing AWS CodePipeline workflow. AWS Serverless Application Model (AWS SAM) is designed specifically for serverless applications and extends CloudFormation with serverless-specific resources (such as AWS::Serverless::Function, APIs, event sources). SAM also provides the SAM CLI , which includes local testing capabilities (for example, sam local invoke and sam local start-api) that emulate Lambda and API Gateway behavior for rapid iteration before deployment.

Option A fits all requirements: create an AWS SAM template as the infrastructure definition and add pipeline stages that execute the necessary SAM CLI commands (commonly sam build and sam deploy, and optionally test commands) as part of the CI/CD process. This makes deployments repeatable and automated, ensures infrastructure changes are deployed in lockstep with application changes, and keeps everything governed by the existing CodePipeline.

Option D uses SAM but relies on a standalone script outside the pipeline, which conflicts with the requirement to incorporate infrastructure changes into the existing pipeline. Option C (plain CloudFormation) can define infrastructure, but it does not inherently provide the same streamlined local testing workflow that SAM CLI provides for serverless event sources and APIs. Option B is unrelated: Step Functions is an orchestration service and its definition language is not a general infrastructure templating and local-testing solution for serverless deployments.

Therefore, A is the correct strategy: use AWS SAM templates and integrate SAM CLI build/deploy steps into CodePipeline to automate deployments and support local testing while managing infrastructure as code.

The requirement has two parts: (1) authenticate users with a third-party SAML IdP , and (2) after authentication, allow those users to access AWS services like Amazon S3 and DynamoDB. The AWS pattern for this is to federate the external identity into AWS and then exchange that identity for temporary AWS credentials .

Amazon Cognito identity pools are designed to provide AWS credentials to authenticated users (via AWS STS) so the users can call AWS services directly or through an application backend. Identity pools support federation with external identity providers, including SAML 2.0 . When a user authenticates with the third-party SAML IdP, the identity pool can accept the SAML assertion, map the user to an IAM role, and return temporary, scoped credentials (AccessKeyId/SecretAccessKey/SessionToken) associated with that role. Those credentials can be restricted using IAM policies to only the required S3 buckets, DynamoDB tables, and actions, satisfying least privilege.

Option A is incorrect because a Cognito user pool is primarily a user directory and OIDC/OAuth provider for application authentication; while user pools can integrate with SAML IdPs for federation, user pools alone do not directly issue AWS service credentials. The key requirement here is access to S3/DynamoDB, which is the role of an identity pool . Option C is not appropriate because IAM is not intended to provide end-user sign-up/sign-in for external users; it is for AWS identities and permissions. Option D is unrelated: CloudFront signed URLs control access to CloudFront-distributed content and do not authenticate users with SAML or provide AWS credentials.

Therefore, B meets both requirements: federate SAML authentication through a Cognito identity pool and provide temporary AWS credentials for accessing S3 and DynamoDB.