AWS Certified Solutions Architect – Associate (SAA-C03) — Question 470

A solutions architect is designing an asynchronous application to process credit card data validation requests for a bank. The application must be secure and be able to process each request at least once.

Which solution will meet these requirements MOST cost-effectively?

Answer options

• A. Use AWS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) standard queues as the event source. Use AWS Key Management Service (SSE-KMS) for encryption. Add the kms:Decrypt permission for the Lambda execution role.
• B. Use AWS Lambda event source mapping. Use Amazon Simple Queue Service (Amazon SQS) FIFO queues as the event source. Use SQS managed encryption keys (SSE-SQS) for encryption. Add the encryption key invocation permission for the Lambda function.
• C. Use the AWS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) FIFO queues as the event source. Use AWS KMS keys (SSE-KMS). Add the kms:Decrypt permission for the Lambda execution role.
• D. Use the AWS Lambda event source mapping. Set Amazon Simple Queue Service (Amazon SQS) standard queues as the event source. Use AWS KMS keys (SSE-KMS) for encryption. Add the encryption key invocation permission for the Lambda function.

Correct answer: A

Explanation

Amazon SQS standard queues are more cost-effective than SQS FIFO queues and natively guarantee at-least-once message delivery, which satisfies the application's requirements. To securely process the messages encrypted with AWS KMS (SSE-KMS), the AWS Lambda execution role must be explicitly granted the kms:Decrypt permission. Options using FIFO queues are less cost-effective, and incorrect permissions would prevent the Lambda function from polling and decrypting messages.