AWS Certified Developer – Associate — Question 81

A company has a serverless application that uses AWS Lambda functions and AWS Systems Manager parameters to store configuration data. The company moves the Lambda functions inside the VPC and into private subnets. The Lambda functions are now producing errors in their attempts to access Systems Manager parameters.

Which solution will allow the Lambda functions to access Systems Manager parameters inside the VPC?

Answer options

• A. Configure security groups to allow access to Systems Manager.
• B. Create an interface VPC endpoint for Systems Manager.
• C. Use an Internet gateway from inside the VPC.
• D. Create a gateway VPC endpoint for Systems Manager.

Correct answer: B

Explanation

The correct answer is B because creating an interface VPC endpoint for Systems Manager allows the Lambda functions to connect to the service securely without needing an Internet connection. Option A does not resolve the issue as security groups alone do not provide the necessary endpoint access. Option C is incorrect because an Internet gateway is not applicable for private subnets where Lambda functions reside. Option D is incorrect as a gateway VPC endpoint is not suitable for Systems Manager, which requires an interface endpoint.