AWS Certified Developer – Associate — Question 392

A developer is testing an AWS Lambda function by using the AWS Serverless Application Model (AWS SAM) local CLI. The application that is implemented by the
Lambda function makes several AWS API calls by using the AWS software development kit (SDK). The developer wants to allow the function to make AWS API calls in a test AWS account from the developer's laptop.
What should the developer do to meet these requirements?

Answer options

• A. Edit the template.yml file. Add the AWS_ACCESS_KEY_ID property and the AWS_SECRET_ACCESS_KEY property in the Globals section.
• B. Add a test profile by using the aws configure command with the --profile option. Run AWS SAM by using the sam local invoke command with the -profile option.
• C. Edit the template.yml tile. For the AWS::Serverless::Function resource, set the role to an IAM role in the AWS account.
• D. Run the function by using the sam local invoke command. Override the AWS_ACCESS_KEY_ID parameter and the AWS_SECRET_ACCESS_KEY parameter by specifying the --parameter-overrides option.

Correct answer: B

Explanation

When executing a Lambda function locally with the AWS SAM CLI, the AWS SDK retrieves credentials from the local environment using the standard AWS toolchain. By defining a named profile with 'aws configure --profile' and passing it to 'sam local invoke --profile', the local container uses those specific credentials for AWS API calls. Storing credentials directly in template.yml or setting an IAM role in the template does not authenticate local API requests.