DVA-C02 · Question #548
A developer is creating an AWS Lambda function that needs network access to private resources in a VPC. Which solution will provide this access with the LEAST operational overhead?
The correct answer is A. Attach the Lambda function to the VPC through private subnets. Create a security group that. Attaching a Lambda function directly to a VPC via private subnets with a security group is the native, lowest-overhead method to access private VPC resources.
Question
A developer is creating an AWS Lambda function that needs network access to private resources in a VPC. Which solution will provide this access with the LEAST operational overhead?
Options
- AAttach the Lambda function to the VPC through private subnets. Create a security group that
- BConfigure the Lambda function to route traffic through a VPN connection. Create a security group
- CConfigure a VPC endpoint connection for the Lambda function. Set up the VPC endpoint to route
- DConfigure an AWS PrivateLink endpoint for the private resources. Configure the Lambda function
How the community answered
(50 responses)- A80% (40)
- B8% (4)
- C10% (5)
- D2% (1)
Why each option
Attaching a Lambda function directly to a VPC via private subnets with a security group is the native, lowest-overhead method to access private VPC resources.
Lambda natively supports VPC configuration, allowing the function to be assigned to private subnets and associated security groups. This gives the function an elastic network interface (ENI) inside the VPC, enabling it to reach private resources such as RDS, ElastiCache, or internal services using standard VPC routing and security group rules.
Routing Lambda traffic through a VPN connection requires provisioning and managing VPN infrastructure, which adds significant operational overhead compared to native VPC attachment.
VPC endpoints connect Lambda to specific AWS managed services (like S3 or DynamoDB) using private IPs; they do not provide general access to arbitrary private resources within a VPC.
AWS PrivateLink is used to expose services across VPC boundaries to specific consumers; it is not a standard mechanism for giving Lambda access to private resources and adds unnecessary complexity.
Concept tested: Configuring Lambda VPC access for private resources
Source: https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html
Community Discussion
No community discussion yet for this question.