AWS Certified SysOps Administrator – Associate (legacy) — Question 603

A sysops administrator created an AWS Lambda function within a VPC with no access to the Internet. The Lambda function pulls messages from an Amazon SQS queue and stores them in an Amazon RDS instance in the same VPC. After executing the Lambda function, the data is not showing up on the RDS instance.
Which of the following are possible causes for this? (Choose two.)

Answer options

• A. A VPC endpoint has not been created for Amazon RDS
• B. A VPC endpoint has not been created for Amazon SQS
• C. The RDS security group is not allowing connections from the Lambda function
• D. The subnet associated with the Lambda function does not have an internet gateway attached
• E. The subnet associated with the Lambda function has a NAT gateway

Correct answer: B, E

Explanation

Because the Lambda function is in a VPC with no internet access, it cannot reach the public SQS service unless a VPC endpoint for Amazon SQS is established. Additionally, Lambda functions cannot access the internet if they are placed in a public subnet that has a NAT gateway, as they require a private subnet with a route to a NAT gateway located in a public subnet to gain internet access.