AWS Certified Solutions Architect – Professional (SAP-C02) — Question 45

A company is building a serverless application that runs on an AWS Lambda function that is attached to a VPC. The company needs to integrate the application with a new service from an external provider. The external provider supports only requests that come from public IPv4 addresses that are in an allow list.

The company must provide a single public IP address to the external provider before the application can start using the new service.

Which solution will give the application the ability to access the new service?

Answer options

• A. Deploy a NAT gateway. Associate an Elastic IP address with the NAT gateway. Configure the VPC to use the NAT gateway.
• B. Deploy an egress-only internet gateway. Associate an Elastic IP address with the egress-only internet gateway. Configure the elastic network interface on the Lambda function to use the egress-only internet gateway.
• C. Deploy an internet gateway. Associate an Elastic IP address with the internet gateway. Configure the Lambda function to use the internet gateway.
• D. Deploy an internet gateway. Associate an Elastic IP address with the internet gateway. Configure the default route in the public VPC route table to use the internet gateway.

Correct answer: A

Explanation

The correct answer is A because deploying a NAT gateway with an Elastic IP allows the Lambda function in a VPC to access the internet while using a public IP address. The other options do not provide the necessary public IP for the Lambda function to access the external service, as egress-only internet gateways are for IPv6 traffic, and using an internet gateway would not work for a private subnet Lambda function without a NAT setup.