Skip to Content

DVA-C02: How to Connect AWS Lambda Functions to Amazon Aurora DB Cluster in a VPC 

By: Author Alex Lim

Posted on Last updated:

Home > DVA-C02: How to Connect AWS Lambda Functions to Amazon Aurora DB Cluster in a VPC 

Learn how to migrate some features from a legacy monolithic application to use AWS Lambda functions that can securely access an Amazon Aurora DB cluster in a private subnet in a VPC. Discover the best solution to achieve this without crossing the public internet.

Question

A developer is migrating some features from a legacy monolithic application to use AWS Lambda functions instead. The application currently stores data in an Amazon Aurora DB cluster that runs in private subnets in a VPC. The AWS account has one VPC deployed. The Lambda functions and the DB cluster are deployed in the same AWS Region in the same AWS account.

The developer needs to ensure that the Lambda functions can securely access the DB cluster without crossing the public internet.

Which solution will meet these requirements?

A. Configure the DB cluster’s public access setting to Yes.
B. Configure an Amazon RDS database proxy for he Lambda functions.
C. Configure a NAT gateway and a security group for the Lambda functions.
D. Configure the VPC, subnets, and a security group for the Lambda functions.

Answer

D. Configure the VPC, subnets, and a security group for the Lambda functions.

Explanation

The correct answer is D. Configure the VPC, subnets, and a security group for the Lambda functions.

Here is a detailed explanation:

  • Option A is not a valid solution because it exposes the DB cluster to the public internet, which is not secure and violates the requirement. Configuring the DB cluster’s public access setting to Yes means that the DB cluster can be accessed by any IP address, which increases the risk of unauthorized access and data breaches. Moreover, this option does not ensure that the Lambda functions can access the DB cluster without crossing the public internet, as they still need to use a public endpoint to connect to the DB cluster.
  • Option B is not a valid solution because it requires an additional service, which is not necessary and may incur additional costs. An Amazon RDS database proxy is a fully managed service that provides connection pooling, load balancing, and enhanced security for database connections from Lambda functions or other applications. However, in this scenario, the Lambda functions and the DB cluster are deployed in the same AWS Region and account, so they can communicate directly without using a proxy. Moreover, using a proxy does not guarantee that the Lambda functions can access the DB cluster without crossing the public internet, as they still need to use a public endpoint to connect to the proxy.
  • Option C is not a valid solution because it does not enable the Lambda functions to access the DB cluster without crossing the public internet. A NAT gateway is a service that enables instances or functions in private subnets to access resources on the internet, but prevents the internet from initiating connections with them. However, in this scenario, the Lambda functions do not need to access resources on the internet, but only need to access the DB cluster in private subnets. Therefore, using a NAT gateway is unnecessary and may incur additional costs. Moreover, using a NAT gateway does not prevent the Lambda functions from crossing the public internet, as they still need to use a public endpoint to connect to the DB cluster.
  • Option D is the best solution because it enables the Lambda functions to securely access the DB cluster without crossing the public internet. By configuring the VPC, subnets, and a security group for the Lambda functions, the developer can ensure that the Lambda functions are deployed in private subnets within the same VPC as the DB cluster. This way, the Lambda functions can communicate with the DB cluster using private endpoints within the VPC network. The security group can also control which ports and protocols are allowed for inbound and outbound traffic between the Lambda functions and the DB cluster.

Therefore, option D is the best solution that meets these requirements.

The latest AWS Certified Developer – Associate DVA-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Developer – Associate DVA-C02 exam and earn AWS Certified Developer – Associate DVA-C02 certification.

AWS Certified Developer - Associate DVA-C02 Exam Questions and Answers

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.