What should the developer do to meet these requirements?
Edit the template.yml file. Add the AWS_ACCESS_KEY_ID property and the AWS_SECRET_ACCESS_KEY property in the Globals section.
Add a test profile by using the aws configure command with the –profile option. Run AWS SAM by using the sam local invoke command with the -profile option.
Edit the template.yml tile. For the AWS::Serverless::Function resource, set the role to an IAM role in the AWS account.
Run the function by using the sam local invoke command. Override the AWS_ACCESS_KEY_ID parameter and the AWS_SECRET_ACCESS_KEY parameter by specifying the –parameter-overrides option.
Explanations:
The AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are environment variables, but adding them to the template.yml file in the Globals section is not the correct way to set these values for local testing. The template.yml is primarily used to define the application structure and resources, not for passing credentials.
This option is correct. By using theaws configurecommand with the–profileoption, the developer can set up a specific AWS profile for use with AWS CLI. When running thesam local invokecommand with the-profileoption, it will ensure that the Lambda function makes AWS SDK calls using the specified AWS credentials from the test account.
This option is incorrect. While the IAM role specified in the AWS::Serverless::Function resource is used to define permissions for the Lambda function, it does not address local testing or allow the function to make AWS API calls from the developer’s laptop. IAM roles are used for deployed Lambda functions in AWS, not local invocations.
This option is incorrect. The–parameter-overridesoption is used to override parameters defined in the template.yml file for local invocation, but it is not used for overriding AWS credentials such as AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. These credentials are managed through environment variables or AWS profiles, not through parameter overrides in the SAM template.