Exam AWS Certified Developer Associate topic 1 question 158 discussion

B "Set up an interface endpoint in your Amazon VPC that allows your function to access Systems Manager." https://aws.amazon.com/premiumsupport/knowledge-center/lambda-vpc-parameter-store/

A is not a solution because even if you create a security group, private subnets won't be able to access AWS Systems Manager. Security groups control inbound and outbound traffic, but they don't provide network routes. C Internet gateways are always connected to public subnets and are not suitable. D VPC gateway endpoints are typically used for services like S3 and DynamoDB. correct solution is B: Create an interface VPC endpoint for Systems Manager, which ensures that Lambda functions can securely access Systems Manager from within the VPC

We have to create a VPC interface endpoint to enable communication with other services that are not in the VPC. I will go for B

Generally, Interface endpoint and Gateway endpoint both are used for connection to VPC private subnet, but Gateway only supports few AWS resources like DynamoDB, S3 and it doesn't support cloudwatch and systems manager. Where as, interface endpoint also supports few AWS resources and systems manager is one among them. So, answer is interface endpoint

To allow Lambda functions to access Systems Manager parameters inside a VPC, a gateway VPC endpoint for Systems Manager should be created. VPC endpoints allow secure connections between resources in your VPCs and AWS services, without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection1. Based on this information, the correct answer would be D. Create a gateway VPC endpoint for Systems Manager.

Answer is D here. To allow Lambda functions to access Systems Manager parameters inside a VPC, a gateway VPC endpoint for Systems Manager should be created. VPC endpoints allow secure connections between resources in your VPCs and AWS services, without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Option B is incorrect because an interface VPC endpoint is not supported for Systems Manager.

Selected Answer: B B "Set up an interface endpoint in your Amazon VPC that allows your function to access Systems Manager."

B is the correct answer

gateway endpoints only support s3 and dynamodb

bbbbbbbbb

B. This allows you to keep the resource inside the VPC private, while still accessing system manager privately

https://aws.amazon.com/premiumsupport/knowledge-center/lambda-vpc-parameter-store/

D-Create a gateway VPC endpoint for Systems Manager. https://aws.amazon.com/premiumsupport/knowledge-center/lambda-vpc-parameter-store/