AWS Certified Solutions Architect – Associate (SAA-C03) — Question 169

A company has an AWS account used for software engineering. The AWS account has access to the company’s on-premises data center through a pair of AWS Direct Connect connections. All non-VPC traffic routes to the virtual private gateway.

A development team recently created an AWS Lambda function through the console. The development team needs to allow the function to access a database that runs in a private subnet in the company’s data center.

Which solution will meet these requirements?

Answer options

• A. Configure the Lambda function to run in the VPC with the appropriate security group.
• B. Set up a VPN connection from AWS to the data center. Route the traffic from the Lambda function through the VPN.
• C. Update the route tables in the VPC to allow the Lambda function to access the on-premises data center through Direct Connect.
• D. Create an Elastic IP address. Configure the Lambda function to send traffic through the Elastic IP address without an elastic network interface.

Correct answer: A

Explanation

The correct answer is A because configuring the Lambda function to run within the VPC with the right security group allows it to access resources in the private subnet. Option B introduces unnecessary complexity by requiring a VPN connection, while C does not address the need to run the function inside the VPC. Option D is incorrect as Elastic IPs cannot be directly assigned to Lambda functions.