Which solution will meet these requirements?
Configure the DB cluster’s public access setting to Yes.
Configure an Amazon RDS database proxy for he Lambda functions.
Configure a NAT gateway and a security group for the Lambda functions.
Configure the VPC, subnets, and a security group for the Lambda functions.
Explanations:
Configuring the DB cluster’s public access setting to Yes would expose the database to the public internet, which contradicts the requirement for secure access without crossing the public internet.
While an Amazon RDS database proxy can help with connection management and pooling, it does not inherently provide a secure method for Lambda functions to access the DB cluster if they are not properly configured to operate within the same VPC. The solution does not guarantee isolation from the public internet.
Configuring a NAT gateway allows resources in a private subnet to access the internet, but it does not help the Lambda functions securely connect to the DB cluster within the same VPC. This setup is not necessary since the Lambda functions need to access the database internally, not externally.
Configuring the VPC, subnets, and a security group for the Lambda functions ensures that the functions are deployed in the same VPC as the DB cluster, allowing them to securely access the database without crossing the public internet. Proper security group settings can also restrict access to only the necessary resources.
I sort that the answer is:
Configure the VPC, subnets, and a security group for the Lambda functions.