AWS Certified Solutions Architect – Associate (SAA-C03) — Question 761

A company needs to create an AWS Lambda function that will run in a VPC in the company's primary AWS account. The Lambda function needs to access files that the company stores in an Amazon Elastic File System (Amazon EFS) file system. The EFS file system is located in a secondary AWS account. As the company adds files to the file system, the solution must scale to meet the demand.

Which solution will meet these requirements MOST cost-effectively?

Answer options

• A. Create a new EFS file system in the primary account. Use AWS DataSync to copy the contents of the original EFS file system to the new EFS file system.
• B. Create a VPC peering connection between the VPCs that are in the primary account and the secondary account.
• C. Create a second Lambda function in the secondary account that has a mount that is configured for the file system. Use the primary account's Lambda function to invoke the secondary account's Lambda function.
• D. Move the contents of the file system to a Lambda layer. Configure the Lambda layer's permissions to allow the company's secondary account to use the Lambda layer.

Correct answer: B

Explanation

Establishing a VPC peering connection between the primary and secondary accounts allows the Lambda function to securely mount and access the remote EFS file system over a private network connection, which is highly cost-effective and scalable. Replicating the data with AWS DataSync (Option A) or invoking a secondary Lambda function (Option C) introduces unnecessary overhead, replication costs, and execution latency. Using a Lambda layer (Option D) is unfeasible because layers have strict storage limit constraints (250 MB unzipped) and cannot dynamically scale like EFS.