AWS Certified Developer – Associate (DVA-C02) — Question 135

A developer creates an AWS Lambda function that retrieves and groups data from several public API endpoints. The Lambda function has been updated and configured to connect to the private subnet of a VPC. An internet gateway is attached to the VPC. The VPC uses the default network ACL and security group configurations.

The developer finds that the Lambda function can no longer access the public API. The developer has ensured that the public API is accessible, but the Lambda function cannot connect to the API

How should the developer fix the connection issue?

Answer options

• A. Ensure that the network ACL allows outbound traffic to the public internet.
• B. Ensure that the security group allows outbound traffic to the public internet.
• C. Ensure that outbound traffic from the private subnet is routed to a public NAT gateway.
• D. Ensure that outbound traffic from the private subnet is routed to a new internet gateway.

Correct answer: C

Explanation

The correct answer is C because a NAT gateway is necessary for instances in a private subnet to connect to the internet, enabling outbound traffic to the public API. Option A is incorrect as the default network ACL allows outbound traffic, and option B is not applicable since the default security group also allows outbound traffic. Option D is incorrect because a direct internet gateway cannot be used from a private subnet without a NAT gateway.