Q84 — AWS DVA-C02 Ch.1

Question 84 of 100 | ← Chapter 1

A developer created an AWS Lambda function that retrieves and processes data from several public APIs. The Lambda function was updated to connect to a VPC’s private subnet. An Internet Gateway is attached to the VPC. The VPC uses default network ACLs and security group configurations. The developer finds that the Lambda function can no longer access the public APIs. The developer confirmed the public APIs are reachable, but the Lambda function cannot connect to them. How should the developer fix the connectivity issue?

Correct Answer: C. Ensure outbound traffic from the private subnet is routed to a public NAT gateway.

Explanation

Lambda functions in private subnets require a NAT gateway (or NAT instance) to access the public internet; an Internet Gateway alone is insufficient because private subnets lack direct internet routing. Option C correctly identifies routing outbound traffic through a NAT gateway as the standard, low-overhead solution. Options A and B are incorrect: network ACLs and security groups control *inbound* traffic by default and rarely block outbound traffic unless explicitly configured. Option D is invalid: Internet Gateways route traffic for *public* subnets only; private subnets must use NAT gateways for internet egress.