A company has an AWS account used for software engineering. The account has access to the company’s on-premises data center through a pair of AWS Direct Connect connections. All non-VPC traffic routes to the virtual private gateway. A development team created an AWS Lambda function through the console. The team needs to allow the function to access a database that runs in a private subnet in the company’s data center. Which solution will meet these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Configure the Lambda function to run in the VPC with the appropriate security group..
Why this is the answer
To access resources in a private subnet of an on-premises data center via Direct Connect, the Lambda function must be configured to run within a VPC. This allows the Lambda function to obtain a private IP address within the VPC, enabling it to communicate with other resources in the VPC and, crucially, with the on-premises network through the Direct Connect connection. An appropriate security group must be attached to the Lambda function to permit outbound traffic to the database. Setting up a separate VPN connection is redundant and unnecessary, as Direct Connect already provides the required connectivity. Updating VPC route tables alone is insufficient; the Lambda function itself needs to be within the VPC to leverage those routes. Creating an Elastic IP for a Lambda function without an Elastic Network Interface (ENI) is not how Lambda networking works for private access; Elastic IPs are for public access and require an ENI for association.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed