SOA-C02 · Question #639
SOA-C02 Question #639: Real Exam Question with Answer & Explanation
The correct answer is D: Create an S3 interface endpoint. Change the Lambda function to use the new S3 DNS name.. To ensure that the Lambda function accesses the S3 bucket without traversing public IP addresses, you must establish private connectivity between the VPC and S3. By creating a VPC endpoint for Amazon S3, the traffic between the Lambda function and S3 will remain within the Chosen
Question
A SysOps administrator needs to give an existing AWS Lambda function access to an existing Amazon S3 bucket. Traffic between the Lambda function and the S3 bucket must not use public IP addresses. The Lambda function has been configured to run in a VPC. Which solution will meet these requirements?
Options
- AConfigure VPC sharing between the Lambda VPC and the S3 bucket.
- BAttach a transit gateway to the Lambda VPC to allow the Lambda function to connect to the S3
- CCreate a NAT gateway. Associate the NAT gateway with the subnet where the Lambda function
- DCreate an S3 interface endpoint. Change the Lambda function to use the new S3 DNS name.
Explanation
To ensure that the Lambda function accesses the S3 bucket without traversing public IP addresses, you must establish private connectivity between the VPC and S3. By creating a VPC endpoint for Amazon S3, the traffic between the Lambda function and S3 will remain within the Chosen option directs you to create an S3 endpoint (via an interface endpoint) and then update the Lambda function to use the new S3 DNS name provided by the endpoint. This approach meets the requirement with the least operational overhead.
Community Discussion
No community discussion yet for this question.