Initial Configuration for AWS Lambda for EC2 Instances and EFS Cleanup
Question
Your team has set up a testing environment using VPC and EC2 Instances.
An application is being hosted on these instances.
Some housekeeping scripts are being developed using AWS Lambda that would need to delete files created by these EC2 Instances on their respective EFS.
What is the initial configuration that needs to be put in place?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A.
The AWS Documentation mentions the following.
AWS Lambda runs your function code securely within a VPC by default.
However, to enable your Lambda function to access resources inside your private VPC, you must provide additional VPC-specific configuration information that includes VPC subnet IDs and security group IDs.
AWS Lambda uses this information to set up elastic network interfaces (ENIs) that enable your function to connect securely to other resources within your private VPC.Options B and C are incorrect since these are not valid configurations.
Option D is invalid since you would ideally want to keep the VPC private.
For more information on using AWS lambda in your own private VPC, please refer to the below URL:
https://docs.aws.amazon.com/lambda/latest/dg/vpc.htmlIn this scenario, the objective is to develop AWS Lambda functions to delete files on an EFS that are created by EC2 instances in a VPC. Therefore, the initial configuration that needs to be put in place is to ensure that the AWS Lambda function can access the EFS file system and that the EC2 instances can access the Lambda function.
Here are the explanations of the given options:
A. Ensure to use the --vpc-config when creating the AWS Lambda function: This option is correct because it allows the Lambda function to access resources in the VPC where the EFS file system is located. By using the --vpc-config option when creating the Lambda function, it is possible to specify a VPC, security groups, and subnets that allow the Lambda function to access the EFS file system.
B. Ensure to use the --vpc-config when creating the Ec2 instance: This option is not necessary because the EC2 instances are already set up, and the question does not mention any issue with their configuration. The EC2 instances should already be able to create files on the EFS file system.
C. Ensure the VPC has a route entry to the Lambda function: This option is not necessary because the Lambda function is not hosted in a subnet. Instead, the Lambda function is invoked by the EC2 instances, and the --vpc-config option is used to allow the Lambda function to access the EFS file system.
D. Ensure an Internet gateway is attached to the VPC: This option is not necessary because the question does not mention any requirement to access resources outside the VPC. In this scenario, the Lambda function and the EFS file system are located inside the VPC, and the EC2 instances are also located inside the VPC. Therefore, there is no need to attach an Internet gateway to the VPC.
In conclusion, option A is the correct answer because it allows the Lambda function to access the EFS file system through the VPC.
