A Lambda function needs to access the private address of an Amazon ElastiCache cluster in a
VPC. The Lambda function also needs to write messages to Amazon SQS. The Lambda
function has been configured to run in a subnet in the VPC.
Which of the following actions meet the requirements? (Choose two.)
A. The Lambda function needs an IAM role to access Amazon SQS
B. The Lambda function must route through a NAT gateway or NAT instance in another subnet
to access the public SQS API.
C. The Lambda function must be assigned a public IP address to access the public Amazon
D. The ElastiCache server outbound security group rules must be configured to permit the
Lambda function's security group.
E. The Lambda function must consume auto-assigned public IP addresses but not elastic IP
Answer(s): A, C
You are deploying an EC2 instance in a private subnet that requires access to the Internet. One
of the requirements for this solution is to restrict access to only particular URLs on a whitelist. In
addition to the whitelisted URLs, the instances should be able to access any Amazon S3 bucket
in the same region via any URL. Which of the following solutions should you deploy? (Choose
A. Include s3.amazonaws.com in the whitelist.
B. Create a VPC endpoint for S3.
C. Run Squid proxy on a NAT instance.
D. Deploy a NAT gateway into your VPC.
E. Utilize a security group to restrict access.
Answer(s): C, D
Your company runs an HTTPS application using an Elastic Load Balancing (ELB) load
balancer/PHP on nginx server/RDS in multiple Availability Zones. You need to apply
Geographic Restriction and identify the client's IP address in your application to generate
How should you utilize AWS services in a scalable fashion to perform this task?
A. Modify the nginx log configuration to record value in X-Forwarded-For and use CloudFront to
apply the Geographic Restriction.