Answer: Deploy a NAT gateway. Associate an Elastic IP address with the NAT gateway. Configure the VPC to use the NAT gateway.

1. **Explanation for Answer A:** Deploying a NAT gateway is the correct solution because it allows instances within a private subnet (like the Lambda function in this case) to access the internet while keeping their IP addresses private. Here's how it works: - A NAT (Network Address Translation) gateway is a managed network service in AWS that performs the translation of private IP addresses to public IP addresses. - By associating an Elastic IP address with the NAT gateway, the Lambda function can access the internet through this single public IP address. - The VPC configuration is updated to route traffic destined for the internet through the NAT gateway. This ensures that all outbound traffic from the Lambda function to the external provider will appear to come from the public IP address of the NAT gateway, which can be added to the external provider's allow list. 2. **Why other options are incorrect:** - Option B: An egress-only internet gateway is used for IPv6 traffic and is not suitable for providing a single public IP address for IPv4 traffic. - Option C: Configuring the Lambda function to use an internet gateway directly is not possible as Lambda functions do not have direct access to an internet gateway. - Option D: While deploying an internet gateway and associating an Elastic IP address is possible, configuring the default route in the public VPC route table to use the internet gateway does not address the requirement of providing a single public IP address for the Lambda function, which resides in a private subnet. The Lambda function needs a NAT gateway to translate its private IP address to the public IP address associated with the NAT gateway.

Author: LeetQuiz Editorial Team