AWS Certified Developer – Associate (DVA-C02) — Question 32

A company has deployed infrastructure on AWS. A development team wants to create an AWS Lambda function that will retrieve data from an Amazon Aurora database. The Amazon Aurora database is in a private subnet in company's VPC. The VPC is named VPC1. The data is relational in nature. The Lambda function needs to access the data securely.
Which solution will meet these requirements?

Answer options

• A. Create the Lambda function. Configure VPC1 access for the function. Attach a security group named SG1 to both the Lambda function and the database. Configure the security group inbound and outbound rules to allow TCP traffic on Port 3306.
• B. Create and launch a Lambda function in a new public subnet that is in a new VPC named VPC2. Create a peering connection between VPC1 and VPC2.
• C. Create the Lambda function. Configure VPC1 access for the function. Assign a security group named SG1 to the Lambda function. Assign a second security group named SG2 to the database. Add an inbound rule to SG1 to allow TCP traffic from Port 3306.
• D. Export the data from the Aurora database to Amazon S3. Create and launch a Lambda function in VPC1. Configure the Lambda function query the data from Amazon S3.

Correct answer: A

Explanation

Option A is correct because it allows the Lambda function to access the Aurora database securely within the same VPC by configuring the correct security group rules. Option B is incorrect as creating a function in a different VPC complicates access and introduces unnecessary latency. Option C fails because it incorrectly sets up two security groups without allowing the necessary traffic from SG1 to SG2. Option D is not suitable since it requires exporting data to S3, which is not necessary for retrieving data directly from the Aurora database.