AWS Certified Developer – Associate (DVA-C02) — Question 480

A developer has an application that uses AWS Security Token Service (AWS STS). The application calls the STS AssumeRole API operation to provide trusted users with temporary security credentials. The application calls AWS STS at the service's default endpoint: https://sts.amazonaws.com.

The application is deployed in an Asia Pacific AWS Region. The application is experiencing errors that are related to intermittent latency when the application calls AWS STS.

What should the developer do to resolve this issue?

Answer options

• A. Update the application to use the GetSessionToken API operation.
• B. Update the application to use the AssumeRoleWithSAML API operation.
• C. Update the application to use a Regional STS endpoint that is closer to the application deployment.
• D. Update the application to use the AssumeRoleWithWebldentity API operation. Move the STS endpoint to a global endpoint.

Correct answer: C

Explanation

Using the global AWS STS endpoint from an Asia Pacific region can introduce latency because requests are routed to the US East (N. Virginia) region. Switching to a Regional STS endpoint reduces latency and improves reliability by keeping the traffic within the local region. Changing the API operations (such as using GetSessionToken, AssumeRoleWithSAML, or AssumeRoleWithWebldentity) does not address the underlying network latency issues.