AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 14

A Lambda function needs to access the private address of an Amazon ElastiCache cluster in a VPC. The Lambda function also needs to write messages to
Amazon SQS. The Lambda function has been configured to run in a subnet in the VPC.
Which of the following actions meet the requirements? (Choose two.)

Answer options

• A. The Lambda function needs an IAM role to access Amazon SQS
• B. The Lambda function must route through a NAT gateway or NAT instance in another subnet to access the public SQS API.
• C. The Lambda function must be assigned a public IP address to access the public Amazon SQS API.
• D. The ElastiCache server outbound security group rules must be configured to permit the Lambda function's security group.
• E. The Lambda function must consume auto-assigned public IP addresses but not elastic IP addresses.

Correct answer: A, B

Explanation

Option A is correct because the Lambda function must have an IAM role that grants permissions to access Amazon SQS. Option B is also correct since the Lambda function in a VPC needs to use a NAT gateway or NAT instance to reach the public SQS API. Options C and E are incorrect because the Lambda function does not need a public IP address to access SQS, and the requirement does not specify anything about elastic IP addresses. Option D is irrelevant to the question's focus on accessing SQS.