Topic 1 Question 32
2 つ選択A company uses Amazon RDS to store transactional data. The company runs an RDS DB instance in a private subnet. A developer wrote an AWS Lambda function with default settings to insert, update, or delete data in the DB instance. The developer needs to give the Lambda function the ability to connect to the DB instance privately without using the public internet. Which combination of steps will meet this requirement with the LEAST operational overhead?
Turn on the public access setting for the DB instance.
Update the security group of the DB instance to allow only Lambda function invocations on the database port.
Configure the Lambda function to run in the same subnet that the DB instance uses.
Attach the same security group to the Lambda function and the DB instance. Include a self-referencing rule that allows access through the database port.
Update the network ACL of the private subnet to include a self-referencing rule that allows access through the database port.
ユーザの投票
コメント(17)
- 正解だと思う選択肢: CD
This solution only modifies the inbound rules of the security group of the DB instance, but it does not modify the outbound rules of the security group of the Lambda function. Additionally, this solution does not facilitate a private connection from the Lambda function to the DB instance, hence, the Lambda function would still need to use the public internet to access the DB instance. Therefore, this option does not fulfill the requirements.
👍 5Alagong2024/03/28 So, there coudl be a justified argument for the following:
C. Configure the Lambda function to run in the same subnet that the DB instance uses: By running the Lambda function in the same subnet as the RDS DB instance, you enable them to communicate privately within the same network, eliminating the need for public internet access and reducing operational overhead.
D. Attach the same security group to the Lambda function and the DB instance. Include a self-referencing rule that allows access through the database port: By attaching the same security group to both the Lambda function and the RDS DB instance, and including a self-referencing rule that allows access through the database port, you ensure secure communication between them within the same VPC without exposing the database to the public internet. This approach minimizes operational overhead by centralizing security management and simplifying access control.
👍 4certplan2024/03/21- 正解だと思う選択肢: CD
B: need update security group. and there there may be other application need to access db except for lambda function D: it works and reuse security group which has less operational overhead
👍 4arvehisa2024/03/30
シャッフルモード