AWS Certified Developer – Associate (DVA-C02) — Question 242
A developer is building a new application that will be deployed on AWS. The developer has created an AWS CodeCommit repository for the application. The developer has initialized a new project for the application by invoking the AWS Cloud Development Kit (AWS CDK) cdk init command.
The developer must write unit tests for the infrastructure as code (IaC) templates that the AWS CDK generates. The developer also must run a validation tool across all constructs in the CDK application to ensure that critical security configurations are activated.
Which combination of actions will meet these requirements with the LEAST development overhead? (Choose two.)
Answer options
- A. Use a unit testing framework to write custom unit tests against the cdk.out file that the AWS CDK generates. Run the unit tests in a continuous integration and continuous delivery (CI/CD) pipeline that is invoked after any commit to the repository.
- B. Use the CDK assertions module to integrate unit tests with the application. Run the unit tests in a continuous integration and continuous delivery (CI/CD) pipeline that is invoked after any commit to the repository.
- C. Use the CDK runtime context to set key-value pairs that must be present in the cdk.out file that the AWS CDK generates. Fail the stack synthesis if any violations are present.
- D. Write a script that searches the application for specific key configuration strings. Configure the script to produce a report of any security violations.
- E. Use the CDK Aspects class to create custom rules to apply to the CDK application. Fall the stack synthesis if any violations are present.
Correct answer: B, E
Explanation
Option B is correct because the CDK assertions module is specifically designed for writing unit tests against CDK constructs, making it a straightforward solution. Option E is also correct as the CDK Aspects class allows for applying custom rules to the CDK application, ensuring compliance with security configurations. Options A, C, and D introduce unnecessary complexity or do not directly address the need for unit testing and validation of constructs.