An architect is designing a serverless application using AWS Lambda. The function needs to access a database hosted in a private subnet of a VPC. When the Lambda function is attached to the VPC, it loses internet access and can no longer call the AWS Systems Manager Parameter Store API. How can this be fixed MOST securely?

Answer options:

Attach an Elastic IP to the Lambda function.

Move the Lambda function to a public subnet.

Create a VPC Interface Endpoint (AWS PrivateLink) for Systems Manager in the private subnet.

Deploy a NAT Gateway in the private subnet.

How to approach this question

Use VPC Endpoints for private AWS API access.

Full Answer

C.Create a VPC Interface Endpoint (AWS PrivateLink) for Systems Manager in the private subnet.✓ Correct

When a Lambda function is connected to a VPC, it routes all outbound traffic through the VPC. To access AWS services like SSM securely without a NAT Gateway and internet access, you should use VPC Interface Endpoints (PrivateLink).

Common mistakes

Trying to put a NAT Gateway in a private subnet.

Question 71 All questions Question 73

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2

75 questions · hints · full answers · grading

More questions from this exam

Q01A company is setting up a multi-account AWS environment using AWS Organizations. They need to ens...Easy Q02An enterprise needs to connect its on-premises data center to AWS. They require a dedicated, priv...Easy Q03A company wants to share a single AWS Transit Gateway across multiple AWS accounts within their A...Easy Q04An architect needs to design a highly available database architecture that spans multiple AWS Reg...Easy Q05A global financial institution is migrating its core banking application to AWS. The application ...Medium

View all 75 questions →