Logo
AWS Certified Solutions Architect - Professional / Question #576 of 529

Question #576

A company is developing a serverless application hosted on AWS Lambda within a VPC. The application must communicate with an external API that mandates all requests originate from a single static public IPv4 address. The company needs to ensure the Lambda functions can securely access the API while adhering to this requirement.

Which solution will enable the application to meet the external provider's condition?

A

Deploy a NAT gateway in a public subnet. Assign an Elastic IP address to the NAT gateway. Update the VPC route tables to direct outbound traffic from the Lambda function's subnet to the NAT gateway.
B

Create an egress-only internet gateway. Attach an Elastic IP address to the gateway. Modify the Lambda function's security group to route traffic through the egress-only internet gateway.
C

Configure an internet gateway with an Elastic IP address. Update the Lambda function's elastic network interface to associate with the internet gateway's Elastic IP address.
D

Attach an internet gateway to the VPC. Assign an Elastic IP address to the internet gateway. Configure the main route table in the VPC to route all outbound traffic through the internet gateway.

Explanation

Answer A is correct because NAT gateways provide a static public IPv4 address via Elastic IP (EIP) assignment, ensuring all outbound traffic from Lambda functions in private subnets uses this IP. Updating VPC route tables to route traffic through the NAT gateway ensures compliance with the API's requirement.

Other options are incorrect because:
- B: Egress-only internet gateways are for IPv6, not IPv4, and do not support EIPs.
- C: Internet gateways cannot be assigned EIPs directly, and Lambda ENIs in private subnets cannot use internet gateways without NAT.
- D: Internet gateways do not have EIPs; they enable public subnets to access the internet but do not provide a single static IP for private subnet resources.

Key Points:
- Lambda in a VPC requires NAT gateway for outbound internet access from private subnets.
- NAT gateway's EIP ensures a static public IP for external API communication.
- Route tables must direct outbound traffic to the NAT gateway.

Answer

The correct answer is: A