Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 47 discussion

A company is building a serverless application that runs on an AWS Lambda function that is attached to a VPC. The company needs to integrate the application with a new service from an external provider. The external provider supports only requests that come from public IPv4 addresses that are in an allow list.

The company must provide a single public IP address to the external provider before the application can start using the new service.

Which solution will give the application the ability to access the new service?

  • A. Deploy a NAT gateway. Associate an Elastic IP address with the NAT gateway. Configure the VPC to use the NAT gateway.
  • B. Deploy an egress-only internet gateway. Associate an Elastic IP address with the egress-only internet gateway. Configure the elastic network interface on the Lambda function to use the egress-only internet gateway.
  • C. Deploy an internet gateway. Associate an Elastic IP address with the internet gateway. Configure the Lambda function to use the internet gateway.
  • D. Deploy an internet gateway. Associate an Elastic IP address with the internet gateway. Configure the default route in the public VPC route table to use the internet gateway.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
masetromain
Highly Voted 1 year, 9 months ago
Selected Answer: A
A. Deploy a NAT gateway. Associate an Elastic IP address with the NAT gateway. Configure the VPC to use the NAT gateway. This solution will give the Lambda function access to the internet by routing its outbound traffic through the NAT gateway, which has a public Elastic IP address. This will allow the external provider to whitelist the single public IP address associated with the NAT gateway, and enable the application to access the new service.
upvoted 30 times
Jacky_exam
1 year, 7 months ago
Options A are not appropriate solutions because they involve deploying a NAT gateway or an egress-only internet gateway, which are used for different purposes, such as allowing resources in a private subnet to access the internet while using a static public IP address. These options will not provide the Lambda function with a single public IP address to be used for external requests.
upvoted 5 times
ninomfr64
10 months, 1 week ago
The question includes "The external provider supports only requests that come from public IPv4 addresses that are in an allow list" this imply the Lambda needs to call the external provider
upvoted 1 times
...
...
JMAN1
10 months, 2 weeks ago
Big Thank to you. masetromain.
upvoted 2 times
...
...
vvahe
Highly Voted 1 year, 7 months ago
A https://docs.aws.amazon.com/lambda/latest/operatorguide/networking-vpc.html "By default, Lambda functions have access to the public internet. This is not the case after they have been configured with access to one of your VPCs. If you continue to need access to resources on the internet, set up a NAT instance or Amazon NAT Gateway. Alternatively, you can also use VPC endpoints to enable private communications between your VPC and supported AWS services."
upvoted 8 times
...
toyaji
Most Recent 3 weeks, 5 days ago
Selected Answer: A
There are many misleading explanations here. You cannot attath ElasticIP to Internet Gateway which use instance public ip for NAT. - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-igw-internet-access.html#ip-addresses-and-nat But NAT can be used with Elastic IP for fixed outbound ip. That's difference. - https://docs.aws.amazon.com/ko_kr/vpc/latest/userguide/nat-gateway-scenarios.html#private-nat-allowed-range
upvoted 1 times
...
amministrazione
2 months, 1 week ago
A. Deploy a NAT gateway. Associate an Elastic IP address with the NAT gateway. Configure the VPC to use the NAT gateway.
upvoted 1 times
...
subbupro
2 months, 2 weeks ago
A is correct, NAT not only provides the internet outbound , but also provides single public IP address, So Selected Answer: A
upvoted 1 times
...
Jason666888
3 months ago
THE ANSWER HAS TO BE A!!!! For B: Wrong. Egress only internet gateway is for IPV6, not for IPV4 For C&D: Internet gateway is for both inbound and outbount traffic. In our case we only need outbound traffic, so it has to be NAT Gateway.
upvoted 3 times
...
Helpnosense
4 months, 3 weeks ago
Selected Answer: D
NAT gateway doesn't allow inbound traffic flow into service behind NAT gateway. ALB or internet gateway can. However internet gateway can't be attached to lambda service directly. I vote D as correct answer.
upvoted 2 times
...
kz407
7 months, 3 weeks ago
Selected Answer: A
Option A will be the only solution that matches the given requirements. The problem with any solution that involves IGw is that IGw DOES NOT perform NAT. In fact, it does not alter the source IP field at all, meaning that we don't really have a mechanism of having a static public IP address set to the outbound traffic, while ensuring security. So, the only practical solution is to go with the NAT option.
upvoted 3 times
...
gofavad926
7 months, 3 weeks ago
Selected Answer: A
A, deploy nat gateway and associate an elastic ip
upvoted 1 times
...
Dgix
8 months, 1 week ago
Can an admin please take a look at _all_ the "correct answers" in this exam? They really cannot be trusted and reduce the usefulness of ExamTopics altogether. As things are, you should always just disregard the correct answer as it so often is insane. The correct answer is of course A.
upvoted 3 times
...
Vsos_in29
8 months, 2 weeks ago
A is correct option, Other approach to enable internet access https://www.linkedin.com/pulse/aws-lambda-accessing-private-vpc-resources-internet-without-vokhmin-pyxbe/
upvoted 1 times
...
8608f25
9 months ago
Selected Answer: A
The solution that enables the Lambda function in a VPC to access an external service that requires requests to come from a specific public IPv4 address, and to provide a single public IP address for allow listing, is: * Option A is correct because a NAT (Network Address Translation) gateway allows instances or AWS Lambda functions in a private subnet of a VPC to initiate outbound traffic to the internet (or external services) while preventing unsolicited inbound traffic from the internet. By associating an Elastic IP address with the NAT gateway, all outbound traffic from the Lambda function routed through the NAT gateway will appear to come from this single public IP address, which can be provided to the external provider for allow listing.
upvoted 2 times
8608f25
9 months ago
It is not option C because, Option C describes deploying an internet gateway and associating an Elastic IP address with it. However, Lambda functions cannot be directly associated with Elastic IP addresses, and internet gateways are used to route traffic between a VPC and the internet, not to provide a static public IP address for outbound traffic.
upvoted 3 times
...
...
ninomfr64
10 months, 1 week ago
Selected Answer: A
Not B. egress-only internet gateway is IPv6 only, the question is about IPv6 Not C. you cannot associated Elastic IP to IGW also Lambda deployed in VPC cannot egress to internet via IGW, you need a NAT Gateway / NAT Instance Not D. same as C. A is the right solution (even if it is not well explained in my opinion)
upvoted 1 times
...
cgsoft
10 months, 4 weeks ago
Selected Answer: A
As per https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html, "To access private resources, connect your function to private subnets. If your function needs internet access, use network address translation (NAT). Connecting a function to a public subnet doesn't give it internet access or a public IP address."
upvoted 1 times
...
enk
11 months, 2 weeks ago
Selected Answer: A
Just to clarify...If the Lambda function is already attached to a VPC, it's implied that it's in a private subnet since Lambda functions can't be directly placed in public subnets. So C and D are out.
upvoted 2 times
...
Pupu86
1 year ago
Selected Answer: A
Option B is definitely out as egress-only internet gateway is applicable solely for IPv6 traffic.
upvoted 2 times
...
whenthan
1 year ago
Selected Answer: A
internet gateway - cant assign elastic IP to internet gateway
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...