What should the developer do to meet these requirements?

By:
In: DVA-C02
Tagged:
With: 2 Comments
A company is developing a serverless application by using AWS Lambda functions.One of the Lambda functions needs to access an Amazon RDS DB instance.The DB instance is in a private subnet inside a VPC.The company creates a role that includes the necessary permissions to access the DB instance.The company then assigns the role to the Lambda function.A developer must take additional action to give the Lambda function access to the DB instance.

What should the developer do to meet these requirements?

Assign a public IP address to the DB instance. Modify the security group of the DB instance to allow inbound traffic from the IP address of the Lambda function.

Set up an AWS Direct Connect connection between the Lambda function and the DB instance.

Configure an Amazon CloudFront distribution to create a secure connection between the Lambda function and the DB instance.

Configure the Lambda function to connect to the private subnets in the VPC. Add security group rules to allow traffic to the DB instance from the Lambda function.

Explanations:

Assigning a public IP address to the RDS instance would expose it to the internet, which is not a recommended practice for security in AWS. Additionally, simply modifying the security group to allow inbound traffic from the Lambda function’s IP is not feasible since Lambda functions do not have a fixed public IP address.

AWS Direct Connect is a dedicated network connection between your on-premises data center and AWS. It is not relevant for connecting a Lambda function to an RDS instance within the same VPC and does not provide a way to route traffic from Lambda to RDS.

Amazon CloudFront is a content delivery network and is not used for establishing direct connections between Lambda functions and RDS instances. It does not facilitate the required network access for a Lambda function to communicate with a private RDS instance.

Configuring the Lambda function to run within the same VPC as the RDS instance allows it to access resources in the private subnet. Adding security group rules ensures that the Lambda function can communicate with the RDS instance, fulfilling the requirement for access.

2026-03-22

2 Comments

  1. Margaret
    Author

    My best guess is:
    Configure the Lambda function to connect to the private subnets in the VPC. Add security group rules to allow traffic to the DB instance from the Lambda function.

  2. Angela
    Author

    I assess that the answer is:
    Configure the Lambda function to connect to the private subnets in the VPC. Add security group rules to allow traffic to the DB instance from the Lambda function.

Leave a Reply

Your email address will not be published. Required fields are marked *

5 + two =