A company hosts an application on AWS. The application uses AWS Lambda functions and stores data in Amazon DynamoDB tables. The Lambda functions are connected to a VPC that does not have internet access.
The traffic to access DynamoDB must not travel across the internet. The application must have write access to only specific DynamoDB tables.
Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

A. Attach a VPC endpoint policy for DynamoDB to allow write access to only the specific DynamoDB tables.

B. Attach a security group to the interface VPC endpoint to allow write access to only the specific DynamoDB tables.

C. Create a resource-based IAM policy to grant write access to only the specific DynamoDB tables. Attach the policy to the DynamoDB tables.

D. Create a gateway VPC endpoint for DynamoDB that is associated with the Lambda VPC. Ensure that the Lambda execution role can access the gateway VPC endpoint.

E. Create an interface VPC endpoint for DynamoDB that is associated with the Lambda VPC. Ensure that the Lambda execution role can access the interface VPC endpoint.






 

Suggested Answer: BC

Community Answer: AD




This question is in SAA-C02 AWS Certified Solutions Architect – Associate Exam
For getting AWS Certified Solutions Architect – Associate Certificate




Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.