Free AWS DVA-C02 Actual Exam Questions - Question 9 Discussion
VPC.
Makes sense to exclude B since Lambda can’t just route through a VPN like an EC2 instance. I’d also rule out C because VPC endpoints are mainly for AWS service access, not general private resource connectivity, and routing through a NAT gateway is for outbound internet traffic, not private network access. D seems specific to PrivateLink, which is more for service-to-service communication rather than general Lambda access to VPC resources. So A fits best — placing the Lambda inside the VPC subnets with a security group for access sounds like the straightforward way.
Option A is solid because Lambda functions need to be in the VPC’s subnets to access private resources directly. B is off since Lambda doesn’t natively route through VPNs; that’s more for EC2 or on-prem setups.
This question misses a clear explanation about how Lambda integrates with VPCs, specifically around subnet and security group setup. Can someone clarify why B wouldn’t work? Option A makes more sense to me.