Which solution will meet these requirements?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A company runs an AWS Lambda function in private subnets in a VPC.The subnets have a default route to the internet through an Amazon EC2 NAT instance.The Lambda function processes input data and saves its output as an object to Amazon S3.Intermittently, the Lambda function times out while trying to upload the object because of saturated traffic on the NAT instance’s network.The company wants to access Amazon S3 without traversing the internet.

Which solution will meet these requirements?

Replace the EC2 NAT instance with an AWS managed NAT gateway.

Increase the size of the EC2 NAT instance in the VPC to a network optimized instance type.

Provision a gateway endpoint for Amazon S3 in the VPUpdate the route tables of the subnets accordingly.

Provision a transit gateway. Place transit gateway attachments in the private subnets where the Lambda function is running.

Explanations:

Replacing the EC2 NAT instance with a NAT gateway would improve availability and scalability, but it still routes traffic through the internet for S3 access. The goal is to avoid using the internet.

Increasing the size of the EC2 NAT instance would help with network performance, but it doesn’t eliminate the need for internet traffic. S3 access would still go through the internet.

Provisioning a gateway endpoint for Amazon S3 allows the Lambda function to access S3 directly from the VPC without using the internet. This meets the requirement to avoid internet traffic.

A transit gateway is not needed for accessing Amazon S3 directly. It is designed for complex network architectures involving multiple VPCs or hybrid networks, which is not necessary in this case.

Leave a Reply

Your email address will not be published. Required fields are marked *

9 − 7 =