Which solution will meet these requirements?
Create the Lambda function. Configure VPC1 access for the function. Attach a security group named SG1 to both the Lambda function and the database. Configure the security group inbound and outbound rules to allow TCP traffic on Port 3306.
Create and launch a Lambda function in a new public subnet that is in a new VPC named VPC2. Create a peering connection between VPC1 and VPC2.
Create the Lambda function. Configure VPC1 access for the function. Assign a security group named SG1 to the Lambda function. Assign a second security group named SG2 to the database. Add an inbound rule to SG1 to allow TCP traffic from Port 3306.
Export the data from the Aurora database to Amazon S3. Create and launch a Lambda function in VPC1. Configure the Lambda function query the data from Amazon S3.
Explanations:
This solution enables the Lambda function to access the private Aurora database by configuring it to access VPC1 and using a security group with rules for secure connectivity.
Launching the Lambda function in a new VPC with a public subnet and creating a peering connection would add unnecessary complexity and expose the Lambda function to the internet.
Only configuring SG1 for the Lambda function without a matching rule in SG2 for the database does not allow proper traffic flow to the Aurora database on Port 3306.
Exporting data to S3 does not meet the requirement to access data directly from the Aurora database, as it only provides access to a data snapshot.
As I understand it, the answer is:
Create the Lambda function. Configure VPC1 access for the function. Attach a security group named SG1 to both the Lambda function and the database. Configure the security group inbound and outbound rules to allow TCP traffic on Port 3306.
If I had to guess, I’d say the answer is:
Create the Lambda function. Configure VPC1 access for the function. Attach a security group named SG1 to both the Lambda function and the database. Configure the security group inbound and outbound rules to allow TCP traffic on Port 3306.