試験SOA-C03 トピック1 問題46 スレッド
Amazon SOA-C03のリアル試験問題集
問題 #: 46
トピック #: 1
問題 #: 46
トピック #: 1
A company deploys AWS infrastructure in a VPC that has an internet gateway. The VPC has public subnets and private subnets. An Amazon RDS for MySQL DB instance is deployed in a private subnet. An AWS Lambda function uses the same private subnet and connects to the DB instance to query data.
A developer modifies the Lambda function to require the function to publish messages to an Amazon Simple Queue Service (Amazon SQS) queue. After these changes, the Lambda function times out when it tries to publish messages to the SQS queue.
Which solutions will resolve this issue? (Select TWO.)
A developer modifies the Lambda function to require the function to publish messages to an Amazon Simple Queue Service (Amazon SQS) queue. After these changes, the Lambda function times out when it tries to publish messages to the SQS queue.
Which solutions will resolve this issue? (Select TWO.)
おすすめの解答:C,D 解答を投票する
Comprehensive Explanation (250-350 words):
When an AWS Lambda function is configured to run inside a VPC, it loses default internet access. All outbound traffic must be explicitly routed. In this scenario, the Lambda function resides in a private subnet and successfully connects to Amazon RDS, but it times out when attempting to publish messages to Amazon SQS. This indicates a lack of network connectivity to the SQS service endpoint.
There are two valid AWS-supported ways to restore connectivity. The first is to deploy a NAT gateway in a public subnet and update the private subnet route table to send outbound internet-bound traffic (0.0.0.0/0) to the NAT gateway. This allows the Lambda function to reach public AWS service endpoints, including SQS.
The second option is to create an interface VPC endpoint (AWS PrivateLink) for Amazon SQS. This enables private, secure connectivity to SQS directly within the AWS network without traversing the internet.
This approach is often preferred for security-sensitive workloads and removes dependency on NAT gateways.
Option A would break database connectivity because the Lambda function must remain in the VPC to access the private RDS instance. Option B does not address outbound connectivity to SQS. Option E is incorrect because Amazon SQS does not support gateway endpoints; only interface endpoints are supported.
Therefore, deploying a NAT gateway or creating an SQS interface endpoint resolves the timeout issue.
When an AWS Lambda function is configured to run inside a VPC, it loses default internet access. All outbound traffic must be explicitly routed. In this scenario, the Lambda function resides in a private subnet and successfully connects to Amazon RDS, but it times out when attempting to publish messages to Amazon SQS. This indicates a lack of network connectivity to the SQS service endpoint.
There are two valid AWS-supported ways to restore connectivity. The first is to deploy a NAT gateway in a public subnet and update the private subnet route table to send outbound internet-bound traffic (0.0.0.0/0) to the NAT gateway. This allows the Lambda function to reach public AWS service endpoints, including SQS.
The second option is to create an interface VPC endpoint (AWS PrivateLink) for Amazon SQS. This enables private, secure connectivity to SQS directly within the AWS network without traversing the internet.
This approach is often preferred for security-sensitive workloads and removes dependency on NAT gateways.
Option A would break database connectivity because the Lambda function must remain in the VPC to access the private RDS instance. Option B does not address outbound connectivity to SQS. Option E is incorrect because Amazon SQS does not support gateway endpoints; only interface endpoints are supported.
Therefore, deploying a NAT gateway or creating an SQS interface endpoint resolves the timeout issue.
Chiba 2026-04-27 10:20:28
コメント
他人の解答コメントを賛成するのも、その解答に一票を入れることになります。したがって、すでに同じ意見の投票コメントが存在する場合、新規コメントをする代わりに賛成することもできます。
コメントを通報する
コメント中
今すぐ 新規登録 / ログイン (無料です)。