AWS Lambda Function: EC2 Instance Probe and SQS Queue Integration | Exam Prep

Lambda Function for EC2 Instance Probe and SQS Queue Integration

Prev Question Next Question

Question

You have a Lambda function that is designed to probe for events on an EC2 Instance.

After the probe is complete, the lambda function requires internet access and needs to send requests to an SQS queue.

How can this be achieved? Select 2 Answers.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A and B.

The AWS Documentation mentions the following to support this.

AWS Lambda uses the VPC information you provide to set up ENIs that allow your Lambda function to access VPC resources.

Each ENI is assigned a private IP address from the IP address range within the Subnets you specify, but is not assigned any public IP addresses.

Therefore, if your Lambda function requires Internet access (for example, to access AWS services that don't have VPC endpoints ), you can configure a NAT instance inside your VPC or you can use the Amazon VPC NAT gateway.

Option C is incorrect because this is not the right configuration.

Option D is incorrect because this is not required for the Lambda function to work.

For more information on Lambda and the VPC, please refer to the below URL.

https://docs.aws.amazon.com/lambda/latest/dg/vpc.html

To enable a Lambda function to access the internet and send requests to an SQS queue, the following steps should be taken:

  1. Ensure that the VPC configuration is added to the Lambda function. This can be done by specifying the VPC ID and the security group(s) associated with the Lambda function.

  2. Ensure that the Lambda function details are added to the VPC configuration. This can be done by adding a new network interface to the Lambda function, which will be attached to the VPC subnet. The network interface must be assigned an IP address from the subnet's IP address range.

  3. Create a NAT Gateway or a NAT instance in the VPC. The NAT gateway or instance should be placed in a public subnet with an internet gateway attached. The NAT gateway or instance should also have a security group that allows outbound traffic to the internet.

  4. Update the route tables for the private subnets in the VPC to route internet-bound traffic to the NAT gateway or instance.

  5. Ensure that the Lambda function is configured to use the correct route table and subnet.

  6. Ensure that the IAM role associated with the Lambda function has permission to access the SQS queue.

Option A is correct because it describes the creation of a NAT instance in the VPC to enable the Lambda function to access the internet.

Option B is correct because it describes the need to add the VPC configuration to the Lambda function to enable internet access.

Option C is not entirely correct because it does not provide any specific details on how to add the Lambda function to the VPC configuration. The Lambda function should be added to the VPC configuration by adding a new network interface to the Lambda function, which will be attached to the VPC subnet.

Option D is not correct because enabling IPv6 for the subnet hosting the Lambda function does not necessarily enable internet access for the Lambda function. Internet access for the Lambda function is provided through a NAT gateway or instance in the VPC.