Jeff’s Note #
Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Lead Developer.
For DVA-C02 candidates, the confusion often lies in how to properly implement Lambda authorizer caching to optimize API Gateway WebSocket performance without compromising security. In production, this is about knowing exactly which authorization token types support caching and how to reference the authorizer context properly to avoid repeated secret handling on every connection request. Let’s drill down.
The Certification Drill (Simulated Question) #
Scenario #
A software development company, CloudApps Inc., has built a real-time chat application using WebSocket APIs on Amazon API Gateway. To secure access, they use a Lambda authorizer that validates user credentials. The development team notices that the authorizer function is invoked on every WebSocket message, causing latency and repeated usage of sensitive secret keys and authorization tokens. They want to implement credential caching and reduce the invocation frequency of the authorizer without compromising security.
The Requirement: #
Determine the combination of approaches that CloudApps Inc.’s developers should apply to enable caching of authorization credentials and minimize repeated Lambda authorizer executions and secret key usage.
The Options: #
- A) Use a token-based Lambda authorizer.
- B) Use a request parameter-based Lambda authorizer.
- C) Configure an integration request mapping template to reference the
contextmap from the API Gateway Lambda authorizer. - D) Configure an integration request mapping template to reference the identity API key value from the API Gateway Lambda authorizer.
- E) Use VPC endpoint policies for the WebSocket APIs.
Google adsense #
leave a comment:
Correct Answer #
A) Use a token-based Lambda authorizer.
C) Configure an integration request mapping template to reference the context map from the API Gateway Lambda Authorizer.
Quick Insight: The Developer Focus Imperative #
- For DVA-C02, understanding the difference between token-based and request parameter-based Lambda authorizers and how API Gateway caches tokens to reduce Lambda invocation is critical.
- Also, using the
contextobject in mapping templates enables passing authorization data downstream efficiently without exposing sensitive keys on every request.
Content Locked: The Expert Analysis #
You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?
The Expert’s Analysis #
Correct Answer #
Options A and C
The Winning Logic #
- Token-based Lambda authorizers allow API Gateway to cache authorization results based on the token provided (e.g., JWT or custom token), reducing repeated Lambda invocations on every WebSocket message. This caching significantly decreases latency and reduces the secret key usage frequency.
- Configuring an integration request mapping template to reference the
contextmap from the Lambda authorizer enables downstream integration (like a backend Lambda) to access user identity and authorization info without passing secrets directly on every request.
The Trap (Distractor Analysis): #
- Option B (Request parameter-based authorizer) is not optimal for caching because the cache key is based on parameters that typically change every request, causing more frequent Lambda invocations.
- Option D (Referencing identity API key) is irrelevant here because API keys are not the primary authentication method in this scenario and are less secure for WebSocket APIs.
- Option E (VPC endpoint policies) control network access and do not address authorization token caching or Lambda authorizer invocation frequency—thus unrelated.
The Technical Blueprint #
# Example snippet to enable token caching for a Lambda authorizer in API Gateway (CLI)
aws apigateway update-authorizer \
--rest-api-id {api_id} \
--authorizer-id {authorizer_id} \
--patch-operations op=replace,path=/authorizerResultTtlInSeconds,value=300
# This sets a 5-minute cache for the token, reducing Lambda calls.
The Comparative Analysis #
| Option | API Complexity | Performance Impact | Use Case |
|---|---|---|---|
| A | Medium | High (reduces Lambda calls via token caching) | Recommended for token-based auth with caching |
| B | Medium | Low (poor caching due to request parameters) | Less suitable when caching needed |
| C | Low | High (efficient context propagation) | Enhances integration by passing authorizer context |
| D | Low | Low (API Key less relevant here) | Not applicable for this token-based scenario |
| E | Low | None (security boundary control only) | No effect on authorization caching |
Real-World Application (Practitioner Insight) #
Exam Rule #
For the exam, always pick token-based Lambda authorizers when you see credential caching as a requirement.
Real World #
In production, teams often pair token caching with downstream context mapping to securely pass user claims without revalidating secrets on every WebSocket frame, improving efficiency and reducing service costs.
(CTA) Stop Guessing, Start Mastering #
Disclaimer
This is a study note based on simulated scenarios for the DVA-C02 exam.