AWS Certified Data Engineer – Associate (DEA-C01) — Question 123

A company uses an AWS Lambda function to transfer files from a legacy SFTP environment to Amazon S3 buckets. The Lambda function is VPC enabled to ensure that all communications between the Lambda function and other AVS services that are in the same VPC environment will occur over a secure network.

The Lambda function is able to connect to the SFTP environment successfully. However, when the Lambda function attempts to upload files to the S3 buckets, the Lambda function returns timeout errors. A data engineer must resolve the timeout issues in a secure way.

Which solution will meet these requirements in the MOST cost-effective way?

Answer options

• A. Create a NAT gateway in the public subnet of the VPC. Route network traffic to the NAT gateway.
• B. Create a VPC gateway endpoint for Amazon S3. Route network traffic to the VPC gateway endpoint.
• C. Create a VPC interface endpoint for Amazon S3. Route network traffic to the VPC interface endpoint.
• D. Use a VPC internet gateway to connect to the internet. Route network traffic to the VPC internet gateway.

Correct answer: B

Explanation

The correct answer is B, as creating a VPC gateway endpoint for Amazon S3 allows the Lambda function to access S3 directly without needing to route traffic through the internet, thus avoiding timeout issues. Options A and C involve additional costs and complexity, while option D would require internet access, which is not necessary in this scenario and could expose the data to security risks.