ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 213 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 213
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A developer needs to troubleshoot an AWS Lambda function in a development environment. The Lambda function is configured in VPC mode and needs to connect to an existing Amazon RDS for SQL Server DB instance. The DB instance is deployed in a private subnet and accepts connections by using port 1433.

When the developer tests the function, the function reports an error when it tries to connect to the database.

Which combination of steps should the developer take to diagnose this issue? (Choose two.)

  • A. Check that the function’s security group has outbound access on port 1433 to the DB instance’s security group. Check that the DB instance’s security group has inbound access on port 1433 from the function’s security group.
  • B. Check that the function’s security group has inbound access on port 1433 from the DB instance’s security group. Check that the DB instance’s security group has outbound access on port 1433 to the function’s security group.
  • C. Check that the VPC is set up for a NAT gateway. Check that the DB instance has the public access option turned on.
  • D. Check that the function’s execution role permissions include rds:DescribeDBInstances, rds:ModifyDBInstance. and rds:DescribeDBSecurityGroups for the DB instance.
  • E. Check that the function’s execution role permissions include ec2:CreateNetworkInterface, ec2:DescribeNetworkInterfaces, and ec2:DeleteNetworkInterface.
Show Suggested Answer Hide Answer
Suggested Answer: AE 🗳️
by Claire_KMT at Oct. 28, 2023, 8:48 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kaes
Highly Voted 11 months ago
Selected Answer: AE
- A: The function needs outbound access to DB and the DB needs to allow inbound access from the function - E: The function needs AWSLambdaVPCAccessExecutionRole role to work correctly in the VPC (https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-permissions) D is incorrect as the function’s execution role does not need to make any of those DB actions: Describe Modify and DescribeDB security groups!
upvoted 10 times
...
mitch151
Highly Voted 12 months ago
I believe It's A and D. Unsure on A, but D seems to be confirmed by this link: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/lambda-rds-connect.html
upvoted 8 times
...
65703c1
Most Recent 5 months ago
Selected Answer: AE
AE is the correct answer.
upvoted 1 times
...
SerialiDr
7 months, 3 weeks ago
Selected Answer: AE
A. Check that the function’s security group has outbound access on port 1433 to the DB instance’s security group. Ensure that the DB instance’s security group has inbound access on port 1433 from the function’s security group. This setup allows the Lambda function to initiate a connection to the DB instance through the specified port. E. Check that the function’s execution role permissions include ec2:CreateNetworkInterface, ec2:DescribeNetworkInterfaces, and ec2:DeleteNetworkInterface. These permissions are necessary for the Lambda function to create, manage, and clean up the network interfaces that allow it to connect to resources within a VPC, including the RDS instance​​.
upvoted 2 times
...
KarBiswa
7 months, 3 weeks ago
Selected Answer: AE
https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-permissions
upvoted 1 times
...
konieczny69
8 months, 3 weeks ago
Selected Answer: AE
AE This is a network issue, not a governance issue, hence D is invalid. Between A and B its an obvious choice. C is invalid - DB is in a private subnet
upvoted 1 times
...
_YaWeb
9 months, 1 week ago
ChatGPT goes with A and D
upvoted 1 times
...
Snape
9 months, 3 weeks ago
Selected Answer: AB
inbound and outbound connection between Lambda and the RDS should be set properly.
upvoted 1 times
...
rrshah83
9 months, 3 weeks ago
Selected Answer: AE
https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-permissions
upvoted 2 times
...
Certified101
10 months, 1 week ago
Selected Answer: AE
Agree with Kaes - A: The function needs outbound access to DB and the DB needs to allow inbound access from the function - E: The function needs AWSLambdaVPCAccessExecutionRole role to work correctly in the VPC (https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html#vpc-permissions) D is incorrect as the function’s execution role does not need to make any of those DB actions: Describe Modify and DescribeDB security groups!
upvoted 2 times
joshnort
8 months, 3 weeks ago
This is excellent. Thanks for the link. Makes it very clear.
upvoted 1 times
...
...
TanTran04
10 months, 2 weeks ago
Selected Answer: AD
We need connection between lambda and RDS, not to VPC. So, option E is unsuitable. We can choose the related remain option like D About option A, it's already correct.
upvoted 2 times
...
Jing2023
12 months ago
Selected Answer: AD
A and D
upvoted 5 times
...
Claire_KMT
12 months ago
A and B
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago