AWS Certified Developer – Associate (DVA-C02) — Question 67

A developer creates a VPC named VPC-A that has public and private subnets. The developer also creates an Amazon RDS database inside the private subnet of VPC-A. To perform some queries, the developer creates an AWS Lambda function in the default VPC. The Lambda function has code to access the RDS database. When the Lambda function runs, an error message indicates that the function cannot connect to the RDS database.

How can the developer solve this problem?

Answer options

• A. Modify the RDS security group. Add a rule to allow traffic from all the ports from the VPC CIDR block.
• B. Redeploy the Lambda function in the same subnet as the RDS instance. Ensure that the RDS security group allows traffic from the Lambda function.
• C. Create a security group for the Lambda function. Add a new rule in the RDS security group to allow traffic from the new Lambda security group.
• D. Create an IAM role. Attach a policy that allows access to the RDS database. Attach the role to the Lambda function.

Correct answer: B

Explanation

The correct answer is B because placing the Lambda function in the same subnet as the RDS instance allows it to access the database directly, provided that the RDS security group is configured to allow traffic from the Lambda function. Option A does not resolve the connectivity issue, option C adds unnecessary complexity without addressing the core problem, and option D relates to permissions rather than network connectivity.