Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 72 discussion

To solve this problem, the developer should redeploy the Lambda function in the same subnet as the RDS instance and ensure that the RDS security group allows traffic from the Lambda function. This will allow the Lambda function to access the RDS database within the private subnet of VPC-A. The developer should also make sure that the Lambda function is configured with the appropriate network settings and permissions to access resources within the VPC.

Redeploy

Lambda function in the default VPC cannot communicate with the RDS in VPC-A, because they are in different VPCs with no connection (like a VPC peering or transit gateway).

B is InCorrect because Deploying the Lambda function in the same private subnet as the RDS instance is not feasible, Lambda function needs to access other resources or services outside the VPC.

B is incorrect because deploying lambda in private subnet. Cannot access other resources

C would need a vpc peering, So B is the best option as we are redeploying to same subnet.

B is the correct answer.

they are in different VPC, hence C is not possible unless there is VPC Peering.

By deploying the Lambda function in the same subnet as the RDS instance (VPC-A), the Lambda function will have access to the resources within the same VPC, including the RDS database. Additionally, the RDS security group should be configured to allow inbound traffic from the Lambda function's security group. Therefore, the correct solution is Option B.

Redeploy as no access has been set up between VPCs

A and B wont work since lambda is on default vpc which is not vpc-a D won't work since since it's network access in the first place.

Option B ("Redeploy the Lambda function in the same subnet as the RDS instance. Ensure that the RDS security group allows traffic from the Lambda function.") is the most accurate approach if the Lambda function and RDS are to communicate within the same VPC. It directly addresses the need for the Lambda function to access the VPC and the security group configuration.

No need for redeploy. ChatGPT also says C.

B. Redeploy the Lambda function in the same subnet as the RDS instance. Ensure that the RDS security group allows traffic from the Lambda function: This is a viable solution. Placing the Lambda function in the same VPC as the RDS instance (preferably in a private subnet for security reasons) and ensuring the security groups are correctly configured to allow traffic between the Lambda function and the RDS instance will enable connectivity. C. Create a security group for the Lambda function. Add a new rule in the RDS security group to allow traffic from the new Lambda security group: This option would be correct if the Lambda function and the RDS instance were in the same VPC. However, since they are in different VPCs, simply adjusting security groups won't address the cross-VPC connectivity issue.

Option C would be the correct choice, but it doesn't include the route configuration between subnets needed to access the RDS. I chose option B, but according to architectural best practices, it's not the ideal solution.

Seems more efficient solution.

https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html The default VPC is the public subnet, this is the main trick