Answer: Configure the Lambda function to run in the VPC with the appropriate security group.

## Explanation **Correct Answer: A** **Why Option A is correct:** 1. Lambda functions by default run in AWS-managed VPCs and cannot access resources in a customer's VPC or on-premises network. 2. To access resources in a VPC or on-premises network via Direct Connect/VPN, the Lambda function must be configured to run in a VPC with an Elastic Network Interface (ENI). 3. When Lambda runs in a VPC, it gets a private IP address from the subnet and can route traffic through the VPC's route tables. 4. Since the company already has Direct Connect connections and all non-VPC traffic routes to the virtual private gateway, Lambda running in the VPC can access the on-premises database through the existing Direct Connect infrastructure. 5. The appropriate security group must be configured to allow outbound traffic from Lambda to the on-premises database. **Why other options are incorrect:** **Option B:** Setting up a VPN connection is unnecessary because the company already has Direct Connect connections established. This would be redundant and more complex. **Option C:** Simply updating route tables won't work because the Lambda function created through the console runs outside the VPC by default. The Lambda function needs to be configured to run in the VPC first. **Option D:** Elastic IP addresses are for EC2 instances and NAT gateways, not for Lambda functions. Lambda functions cannot be directly associated with Elastic IP addresses without running in a VPC and using a NAT gateway. **Key AWS Concepts:** - Lambda functions need VPC configuration to access VPC resources or on-premises networks - Direct Connect provides dedicated network connections between AWS and on-premises data centers - Security groups control inbound/outbound traffic for resources in VPCs - Route tables determine where network traffic is directed within VPCs

Author: LeetQuiz Editorial Team