AWS Certified Developer – Associate (DVA-C02) — Question 520

A developer is creating an AWS Lambda function that needs network access to private resources in a VPC.

Which solution will provide this access with the LEAST operational overhead?

Answer options

• A. Attach the Lambda function to the VPC through private subnets. Create a security group that allows network access to the private resources. Associate the security group with the Lambda function.
• B. Configure the Lambda function to route traffic through a VPN connection. Create a security group that allows network access to the private resources. Associate the security group with the Lambda function.
• C. Configure a VPC endpoint connection for the Lambda function. Set up the VPC endpoint to route traffic through a NAT gateway.
• D. Configure an AWS PrivateLink endpoint for the private resources. Configure the Lambda function to reference the PrivateLink endpoint.

Correct answer: A

Explanation

Connecting an AWS Lambda function to private subnets in a VPC and utilizing security groups is the standard, native method to access internal VPC resources with the least administrative effort. Other options, such as setting up a VPN connection or configuring unnecessary AWS PrivateLink endpoints, add significant architectural complexity, cost, and operational overhead. This native integration securely manages the network interfaces required for the Lambda function to communicate within the private subnets.