Which solution meets these requirements?

By:
In: SOA-C02
Tagged:
With: 1 Comment
A company has an application that uses a scheduled AWS Lambda function to retrieve datasets from external sources over the internet.The function is not associated with a VPC.The company is modifying the application to store the information that the Lambda function retrieves on an Amazon RDS DB instance in a private subnet.The VPC has two public subnets and two private subnets.A SysOps administrator must deploy a solution that allows the Lambda function to access the new database and continue to access the internet.

Which solution meets these requirements?

Create a new Lambda function with VPC access and an Elastic IP address. Attach the function to public subnets in two Availability Zones. Associate a security group with the Elastic IP address. Configure the security group outbound rules to allow Lambda to access the required resources.

Create a new Lambda function with VPC access and two public IP addresses. Attach the function to public subnets in the same Availability Zones that the database uses. Associate a security group with the function. Configure the security group inbound rules to allow Lambda to access the required resources.

Reconfigure the Lambda function for VPC access. Add NAT gateways to the public subnets in the VPAdd route table entries in the private subnets to route through the NAT gateways to the internet. Attach the function to the private subnets that support the database. Associate a security group with the function. Configure the security group outbound rules to allow Lambda to access the internet.

Reconfigure the Lambda function for VPC access. Attach the function to the private subnets. Add route table entries in the private subnets to route through the internet gateway to the internet. Associate a security group with the subnets. Configure the security group inbound rules to allow Lambda to access the required resources through the internet gateway.

Explanations:

Lambda functions cannot be directly associated with an Elastic IP address. The use of an Elastic IP is not applicable for a Lambda function within a VPC. Also, attaching Lambda to public subnets for VPC access is not recommended for security reasons, as it requires exposing the Lambda to the internet.

Public IP addresses are not used for Lambda functions within a VPC. Additionally, Lambda should not be placed in public subnets; it should reside in private subnets for accessing a database in a private subnet.

This option correctly configures Lambda within a VPC, attaches it to private subnets, and allows internet access through NAT gateways. Lambda needs a route through NAT gateways in private subnets for internet access, which is correctly configured here.

Private subnets do not have direct access to the internet through an internet gateway. The Lambda function needs to route traffic to the internet via a NAT gateway, not through an internet gateway, which is only used for public subnets.

2025-10-15

1 Comment

  1. Ronald
    Author

    I infer that the answer is:
    Reconfigure the Lambda function for VPC access. Add NAT gateways to the public subnets in the VPAdd route table entries in the private subnets to route through the NAT gateways to the internet. Attach the function to the private subnets that support the database. Associate a security group with the function. Configure the security group outbound rules to allow Lambda to access the internet.

Leave a Reply

Your email address will not be published. Required fields are marked *

three × three =