Answer-first summary for fast verification
Answer: Deploy a NAT gateway. Update the private subnet's route table to route all traffic to the NAT gateway., Create an interface endpoint for Amazon SQS in the VPC.
When an AWS Lambda function is configured to connect to a private subnet in a VPC, it loses default outbound internet access. Because Amazon SQS is a public AWS service, the Lambda function is timing out trying to reach the SQS public endpoint. To resolve this without removing the Lambda function from the VPC (which is needed to access RDS), you can either: 1) Deploy a NAT Gateway in a public subnet and route outbound internet traffic from the private subnet to the NAT Gateway (Option C), or 2) Create a VPC Interface Endpoint (AWS PrivateLink) for Amazon SQS, allowing traffic to route privately within the AWS network without needing internet access (Option D).
Author: Ritesh Yadav
Ultimate access to all questions.
Question #57
A company deploys AWS infrastructure in a VPC that has an internet gateway. The VPC has public subnets and private subnets. An Amazon RDS for MySQL DB instance is deployed in a private subnet. An AWS Lambda function uses the same private subnet and connects to the DB instance to query data. A developer modifies the Lambda function to require the function to publish messages to an Amazon Simple Queue Service (Amazon SQS) queue. After these changes, the Lambda function times out when it tries to publish messages to the SQS queue. Which solutions will resolve this issue? (Choose two.)
A
Reconfigure the Lambda function so that the function is not connected to the VPC.
B
Deploy an RDS proxy. Configure the Lambda function to connect to the DB instance through the proxy.
C
Deploy a NAT gateway. Update the private subnet's route table to route all traffic to the NAT gateway.
D
Create an interface endpoint for Amazon SQS in the VPC.
No comments yet.