Allow Lambda Function Access to VPC | AWS RDS Monitoring | Exam DVA-C01 Answer

Granting VPC Access to Lambda Function

Prev Question Next Question

Question

You have a VPC with a subnet that houses an AWS RDS instance.

Your manager has asked you to start monitoring all modifications made to its data by applications.

You decide to use a Lambda function to do this.

However, you need to allow the function access to the VPC.

How will you go about doing this?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer: D.

Option A is incorrect as creating a role between Lambda and RDS will not help the function get access to the VPC and then RDS.

Option B is incorrect as creating a policy and role.

Option C is incorrect as permissions can't be assigned to a specific subnet.

Option D is CORRECT as per the developer guide.

A role needs to be created with the permissions AWSLambdaVPCAccessExecutionRole, allowing Lambda to manage network connections in the VPC.Reference:

https://docs.aws.amazon.com/lambda/latest/dg/services-rds-tutorial.html

To allow a Lambda function access to a VPC, you need to create a role with the required permissions and attach it to the Lambda function. The role needs to have the necessary permissions to access the VPC, its subnets, and any resources within the VPC, such as an RDS instance.

In this scenario, the requirement is to monitor modifications made to an RDS instance by applications. To accomplish this, you need to create a role that allows the Lambda function to access the RDS instance and its associated subnet.

Option A is partially correct, as creating a role is necessary to allow access between Lambda and RDS. However, it does not address access to the subnet.

Option B is more complete, as it includes creating a policy to define the specific permissions required by the Lambda function. The policy should allow the Lambda function to access the RDS instance and its associated subnet.

Option C is not correct, as allowing access between Lambda and the subnet alone is not sufficient to access the RDS instance.

Option D is also not correct, as allowing access between Lambda and the VPC alone is not sufficient to access the RDS instance.

Therefore, the correct answer is B: Create a Policy and a Role to allow access between Lambda and RDS.