AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company has an AWS account used for software engineering. The AWS account has access to the company's on-premises data center through a pair of AWS Direct Connect connections. All non-VPC traffic routes to the virtual private gateway.

A development team recently created an AWS Lambda function through the console. The development team needs to allow the function to access a database that runs in a private subnet in the company's data center.

Which solution will meet these requirements?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Configure the Lambda function to run in the VPC with the appropriate security group.

Set up a VPN connection from AWS to the data center. Route the traffic from the Lambda function through the VPN.

Update the route tables in the VPC to allow the Lambda function to access the on-premises data center through Direct Connect.

Create an Elastic IP address. Configure the Lambda function to send traffic through the Elastic IP address without an elastic network interface.

Explanation:

Explanation

Correct Answer: A

Why Option A is correct:

Lambda functions by default run in AWS-managed VPCs and cannot access resources in a customer's VPC or on-premises network.
To access resources in a VPC or on-premises network via Direct Connect/VPN, the Lambda function must be configured to run in a VPC with an Elastic Network Interface (ENI).
When Lambda runs in a VPC, it gets a private IP address from the subnet and can route traffic through the VPC's route tables.
Since the company already has Direct Connect connections and all non-VPC traffic routes to the virtual private gateway, Lambda running in the VPC can access the on-premises database through the existing Direct Connect infrastructure.
The appropriate security group must be configured to allow outbound traffic from Lambda to the on-premises database.

Why other options are incorrect:

Option B: Setting up a VPN connection is unnecessary because the company already has Direct Connect connections established. This would be redundant and more complex.

Option C: Simply updating route tables won't work because the Lambda function created through the console runs outside the VPC by default. The Lambda function needs to be configured to run in the VPC first.

Option D: Elastic IP addresses are for EC2 instances and NAT gateways, not for Lambda functions. Lambda functions cannot be directly associated with Elastic IP addresses without running in a VPC and using a NAT gateway.

Key AWS Concepts:

Lambda functions need VPC configuration to access VPC resources or on-premises networks
Direct Connect provides dedicated network connections between AWS and on-premises data centers
Security groups control inbound/outbound traffic for resources in VPCs
Route tables determine where network traffic is directed within VPCs

Powered ByGPT-5.2

Comments

Loading comments...