AWS Certified Developer – Associate (DVA-C02) — Question 39

A developer is migrating some features from a legacy monolithic application to use AWS Lambda functions instead. The application currently stores data in an Amazon Aurora DB cluster that runs in private subnets in a VPC. The AWS account has one VPC deployed. The Lambda functions and the DB cluster are deployed in the same AWS Region in the same AWS account.
The developer needs to ensure that the Lambda functions can securely access the DB cluster without crossing the public internet.
Which solution will meet these requirements?

Answer options

• A. Configure the DB cluster's public access setting to Yes.
• B. Configure an Amazon RDS database proxy for he Lambda functions.
• C. Configure a NAT gateway and a security group for the Lambda functions.
• D. Configure the VPC, subnets, and a security group for the Lambda functions.

Correct answer: D

Explanation

The correct answer is D because configuring the VPC, subnets, and a security group allows the Lambda functions to communicate with the DB cluster securely within the private network. Option A is incorrect because enabling public access would expose the DB cluster to the internet. Option B, while useful for connection pooling, doesn't address the requirement for secure access directly. Option C is also incorrect as a NAT gateway is unnecessary for accessing resources within the same VPC.