Which solution will give the application the ability to access the new service?
Deploy a NAT gateway. Associate an Elastic IP address with the NAT gateway. Configure the VPC to use the NAT gateway.
Deploy an egress-only internet gateway. Associate an Elastic IP address with the egress-only internet gateway. Configure the elastic network interface on the Lambda function to use the egress-only internet gateway.
Deploy an internet gateway. Associate an Elastic IP address with the internet gateway. Configure the Lambda function to use the internet gateway.
Deploy an internet gateway. Associate an Elastic IP address with the internet gateway. Configure the default route in the public VPC route table to use the internet gateway.
Explanations:
Deploying a NAT gateway with an Elastic IP allows the AWS Lambda function, which runs in a VPC, to initiate outbound requests to the internet while keeping its private IP address hidden. The Elastic IP associated with the NAT gateway serves as the public IP address that can be provided to the external provider for allow-listing.
An egress-only internet gateway is used primarily for IPv6 traffic to allow outbound internet access while preventing inbound traffic. Since the scenario involves requests from public IPv4 addresses, this solution is not appropriate.
An internet gateway cannot be directly associated with an AWS Lambda function that runs in a VPC. While an internet gateway allows public IP access for resources in public subnets, Lambda functions require a NAT gateway for internet access from private subnets. This option would not allow the function to use a public IP address as required.
Similar to option C, while an internet gateway can provide internet access, it does not directly associate with the Lambda function in a VPC. Also, configuring a public route would apply to instances in a public subnet, not to Lambda functions, which require a NAT gateway for outbound internet access.