Exam ANS-C00 topic 1 question 12 discussion

I think its AB - If a Lambda function needs to access both VPC resources and the public internet, the VPC needs to have a Network Address Translation (NAT) instance inside the VPC. https://docs.aws.amazon.com/lambda/latest/dg/vpc.html

A and B. See the first paragraph: https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

Correct Answer AC

A and D A:https://docs.aws.amazon.com/lambda/latest/dg/with-sqs-example.html it never mentioned anything about internet travers setting. B: its not about the internet access. lambda access SQS within AWS network. Cause +2 DNS resolve SQS with a private IP for lamba, needless travers internet. CE: never heard about assign IP address to lambda, cause its serverless, created without control D: SG is stateless. outbound or inbound all will be the some. u have to permit lambda to access Elasticache

An IAM Role is required to provide permission for the Lamba Function interact with SQS. The SQS Queue has a public Endpoint, you need an Internet Gateway or VPC Endpoint to reach it.

What about the Elasticache access?

A - For permission to access SQS B - To reach public endpoint of SQS

AB, 1. Lambda Function need IAM permission to access SNS Service. 2. When we connect a function to a VPC in account, the function can't access the internet unless our VPC provides access. Internet access from a private subnet requires network address translation (NAT). To give function access to the internet, route outbound traffic to a NAT gateway in a public subnet.

Agree with A, B

A and b

Breakdown. Lambda access private IP of EC cluster. Lambda write messages to SQS. Lambda in a VPC subnet. C. Nope. D. Nope. E. Nope. A. Yes. IAM permissions required to access services. B. Yes. NAT function is the method use. Summary. Assigning Public IPs to Lambda can be done, once the ENI for Lambda is created you can assign a public IP. It's not recommended as a race condition can occur where multiple ENIs are then created for a single IP. NAT GW or NAT instance or VPC are recommended official solutions. Access private address of cluster is a misdirect. Answer is AB.

its A and B

Answer is AB

A and B

Answer is A & B, C is incorrect as we do not assign lambda a pubic ip, we would only have a route to the internet via the internet gateway. https://aws.amazon.com/premiumsupport/knowledge-center/internet-access-lambda-function/

I could attach EIP to private lambda ENI so, I think its A, B, C I think that maybe The Question has problem

Adding to previous comments. B is clear. For A, see https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html which explains the role Lambda needs to execute functions in SQS - "Lambda assumes the role when your function is invoked"